January 1, 2019 / December 31, 2019

March 12, 2020

	Contents

	GLOSSARY 5
	INTRODUCTION 9
1. 1.1.	PROFILE OF THE ISSUER 10 CORPORATE GOVERNANCE MODEL 10
1.1.1	Shareholders' Meeting 12
1.1.2	Board of Directors 12
1.1.3	Board committees 13
1.1.4 1.1.5	Board of Statutory Auditors 13 External Auditors 14
2.	INFORMATION ON OWNERSHIP STRUCTURES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1 OF THE TUF) 15
A)	STRUCTURE OF SHARE CAPITAL (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER A) OF THE TUF) 15
B)	RESTRICTIONS ON THE TRANSFER OF SECURITIES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER B) OF THE TUF) 16
C)	SIGNIFICANT HOLDINGS IN CAPITAL (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER C OF THE TUF) 16
D)	SECURITIES CONFERRING SPECIAL RIGHTS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER D) OF THE TUF) 17
E)	EMPLOYEE SHAREHOLDINGS: MECHANISM TO EXERCISE VOTING RIGHTS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER E) OF THE TUF) 17
F)	RESTRICTIONS ON VOTING RIGHTS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER F) OF THE TUF) 17
G)	SHAREHOLDER AGREEMENTS ( PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER G) OF THE TUF) 17
H)	CHANGE OF CONTROL CLAUSES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER H) OF THE TUF AND STATUTORY PROVISIONS ON TAKEOVER BIDS (PURSUANT TO ARTICLES 104, PARAGRAPH 1-TER, AND 104-BIS, PARAGRAPH 1) 17
I)	DELEGATED POWERS TO INCREASE SHARE CAPITAL AND AUTHORISATION TO PURCHASE TREASURY SHARES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER M) OF THE TUF) 17
L)	MANAGEMENT AND COORDINATION (PURSUANT TO ARTICLE 2497 AND SUBSEQUENT OF THE CIVIL CODE) 18
3.	COMPLIANCE (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER A) OF THE TUF) 19
4.	BOARD OF DIRECTORS 20
4.1	APPOINTMENT AND REPLACEMENT (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1, LETTER L), OF THE TUF) 20
4.2	COMPOSITION ( PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER D) OF THE TUF) 23
4.2.1.	Maximum number of board mandates in other companies 29
4.2.2. 4.3	Induction and ongoing training 33 ROLE OF THE BOARD OF DIRECTORS ( PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER D) OF THE TUF) 33

	THE INTERNAL AUDIT FUNCTION, IN ACCORDANCE WITH THE SUPERVISORY REGULATIONS, IS INDEPENDENT FROM THE OTHER COMPANY FUNCTIONS AND REPORTS DIRECTLY TO THE BOARD OF




11.6	COORDINATION OF ENTITIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT

13.	APPOINTMENT OF STATUTORY AUDITORS 83

14. COMPOSITION AND FUNCTIONING OF THE BOARD OF STATUTORY AUDITORS 86 15. RELATIONS WITH SHAREHOLDERS 94 16. SHAREHOLDERS MEETINGS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER C) OF THE TUF) 95 16.1 LEGITIMATION, PROCEDURES FOR TAKING THE FLOOR AND VOTING 95 16.2 PROCEEDINGS OF SHAREHOLDINGS' MEETINGS 96 16.3 SIGNIFICANT CHANGES IN CAPITALISATION AND OWNERSHIP STRUCTURE 97 17. ADDITIONAL CORPORATE GOVERNANCE PRACTICES 98 18. CHANGES AFTER THE END OF THE YEAR 99 19. CONSIDERATIONS ON THE LETTER OF 19 DECEMBER 2019 OF THE CHAIR OF THE CORPORATE GOVERNANCE COMMITTEE 100

GLOSSARY

GLOSSARY
Articles of Association:	the Articles of Association of the Company in force at the date of approval of the Report (available on the Company's website).
Bank of Italy Circular:	Bank of Italy Circular no. 263 of 27 December 2006 (with New regulations for the prudential supervision of banks) as amended.
Board / Board of Directors:	the Board of Directors of the Issuer.
Board of Statutory Auditors:	the Board of Statutory Auditors of the Issuer.
Borsa Italiana:	Borsa Italiana S.p.A.
Civil Code:	the Italian Civil Code approved by Royal Decree no. 262 of 16 March 1942 as amended.
Code / Corporate Governance Code:	the Corporate Governance Code of listed companies approved in July 2018 by the Corporate Governance Committee and endorsed by Borsa Italiana, ABI, Ania, Assogestioni, Assonime and Confindustria.
Consob:	Commissione Nazionale per le Società e la Borsa (public authority regulating Italian financial markets) with headquarter in Rome, Via G.B. Martini n. 3.
Corporate Bodies Regulations or FinecoBank Corporate Bodies Regulations:	the Regulations approved by the Board of Directors governing the functioning and responsibilities of the Company's Board of Directors and Board of Statutory Auditors and related information flows, in compliance with laws, regulations and the Articles of Association. This document is available on the Issuer's website www.finecobank.com ("Governance/Company Positions" section).
Corporate Governance, Nomination and Sustainability Committee or CGNS Committee:	the board committee established in compliance with articles 4 and 5 of the Corporate Governance Code.
Directive CRD IV:	Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms.

Directive Mifid II:	Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014, on markets in financial instruments, entered into force on 3 January 2018 and replacing the previous European regulations on this matter.
Group Entities or Entities:	the Italian or foreign companies, directly or indirectly controlled by FinecoBank, belonging to FinecoBank Banking Group.
External auditors:	Deloitte & Touche S.p.A., with registered office in Via Tortona 25, Milan, VAT no. 03049560166, tax code and Milan Companies Register no. 03049560166, Economic and Administrative Index (R.E.A.) no. 1720239, a registered auditor, appointed to independently audit the accounts of the Issuer.
Fineco Asset Management Designated Activity Company or FAM:	the Irish company established on October 26, 2017 with the name Fineco Asset Management Limited. It is wholly owned by FinecoBank and operates in managing OICR (collective investment undertakings)
FinecoBank Banking Group or Banking Group:	the group consisting of the Parent Company FinecoBank as well as its Entities.
FinecoBank CFO:	the Chief Financial Officer of FinecoBank, as defined in Section 5 of the Report.
GDPR:	EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protections Regulation).
Global Policy:	the "Global Policy for the management of transactions with persons in potential conflict of interest of the FinecoBank Group", as described in Paragraphs 4.4.3 and 12 of the Report.
Group or FinecoBank Group:	the group consisting of FinecoBank and its Subsidiaries; currently corresponding to the FinecoBank Banking Group.
Instructions on Stock Exchange Regulations:	instructions on Regulations for Markets organised and managed by Borsa Italiana, in force at the date of approval of the Report.
Issuer or FinecoBank or Bank or Company or also Parent Company:	FinecoBank S.p.A., an issuer of securities to whom the Report refers, registered at the Banks Register and Parent Company of the FinecoBank Banking Group - Banking Group Register no. 3015, with registered office in Piazza Durante 11, Milan, Headquarter in Via Rivoluzione d'Ottobre 16, Reggio Emilia, VAT no. 12962340159, Tax code and Milan-Monza-Brianza-Lodi Companies Register no. 01392970404, Economic and

	Administrative Index (REA) no. 1598155, member of the National Guarantee Fund and the Interbank Fund for the Protection of Deposits.
Issuer Regulations:	the Regulations issued by Consob with resolution no. 11971 of 14 May 1999 (as amended), on issuers.
Market Regulations:	the Regulations issued by Consob with resolution no. 20249 of 28 December 2017, on markets.
MTA:	the main Stock Exchange organised and managed by Borsa Italiana, where FinecoBank shares are also traded.
Paragraph or Section:	the paragraphs of the Report.
Related-Party Regulations:	the Regulations issued by Consob with resolution no. 17221 of 12 May 2010 (as amended), on related-party transactions.
Remuneration Committee:	Board committee established in compliance with articles 4 and 6 of the Corporate Governance Code.
Report:	this Report on corporate governance and ownership structures which companies are required to prepare pursuant to article 123- bis of the TUF.
Risks and Related Parties Committee:	Board committee established in compliance with articles 4 and 7 of the Corporate Governance Code.
Shareholders:	the owners of FinecoBank shares.
Shareholders' Meeting:	Shareholders' Meeting of the Issuer.
Stock Exchange Regulations:	the Regulations for Markets organised and managed by Borsa Italiana, approved by the shareholders' meeting of Borsa Italiana, in force at the date of approval of this Report.
Subsidiaries:	the Italian and foreign companies, directly and/or indirectly, controlled by FinecoBank, pursuant to art. 2359 of the Italian Civil Code, art. 93 of TUF and art. 23 of TUB, belonging or not to the Banking Group.
Supervisory Regulations:	the Supervisory regulations for banks as of Bank of Italy Circular no. 285 of 17 December 2013 and subsequent amendments
Supervisory Regulations on Corporate Governance:	the Supervisory regulations for banks on organisation and corporate governance as of Bank of Italy Circular no. 285 of 17 December 2013, Part I, Title IV, Chapter 1 and subsequent amendments

TUB:	Legislative Decree no. 385 of 1 September 1993 as amended (Consolidated Law on Banking).
TUF:	Legislative Decree no. 58 of 24 September 1998 as amended (Consolidated Law on Finance).
UniCredit:	UniCredit S.p.A., with registered office in Milan, Piazza Gae Aulenti no. 3, Tower A, VAT no., tax code and Rome Companies Register of Milan-Monza-Brianza-Lodi no. 00348170101, a registered bank and Parent Company of the UniCredit Banking Group, a registered Banking Group no. 02008.1, a member of the Italian Banking Association code 02008, a member of the Interbank Fund for the Protection of Deposits.
UniCredit Group:	the group consisting of UniCredit and the companies diretly or indirectly controlled by UniCredt itself.
Year:	the financial year the Report refers to.

INTRODUCTION

The Report has been prepared pursuant to article 123-bis of the TUF, in compliance with the "Format for corporate governance and ownership structure reports", VIII edition, January 2019, as well as Supervisory Regulations on Corporate Governance. The information in this Report refers to the 2019 financial year, unless otherwise indicated.

The Report, approved by the Board of Directors of the Company on March 12, 2020, is published at the same time as the Management Report on the Issuer's website ("Governance" section) and is available on the website of the authorised storage system managed by Spafid Connect S.p.A. ().

The Report has been submitted to the External Auditors for the assessments aimed at issuing the opinion of fairness with the financial statement and compliance with law pursuant to article 123-bis, paragraph 4 of the TUF. The results of the work carried out by the External Auditors are contained in its reports, prepared pursuant to article 14 of Legislative Decree no. 39 of 27 January 2010 and article 10 of the Regulation (EU) 537/2014, and attached to the 2019 Financial Statements of the Company and consolidated.

PROFILE OF THE ISSUER FinecoBank is one of the largest FinTech banks in Europe. Listed on the MTA and the FTSE MIB (1 ), FinecoBank offers a business model that is unique in Europe, combining the best platforms with a large network of financial advisors. Through a single account, it offers banking, brokerage and investment services, on transactional and advisory platforms developed with proprietary technologies. FinecoBank is a leading bank in brokerage in Europe, and one of the most important players in Private Banking in Italy, offering advanced and tailor-made advisory services. Since 2017, FinecoBank has also been in the UK with an offer focused on brokerage, banking and investment services. Fineco Asset Management Designated Activity Company (a wholly owned subsidiary of FinecoBank) was founded in Dublin in 2018, with a mission to develop investment solutions in partnership with top international asset managers.

On 7 May 2019, UniCredit and FinecoBank announced that their respective Boards of Directors had approved a series of actions and procedures aimed at enabling FinecoBank to make a smooth transition outside the UniCredit Group and ensuring that FinecoBank could operate as a fully independent company from a regulatory, liquidity and operational point of view.

Subsequently, on 8 May 2019, UniCredit announced that it had successfully completed the accelerated bookbuilding process for the sale to institutional investors of approximately 103.5 million ordinary FinecoBank shares, corresponding to approximately 17% of the Bank's existing share capital (settlement date on 10 May 2019).

As a result of the aforementioned settlement, having held a minority interest in the Company (representing approximately 18.3% of the share capital) and having waived the exercise of the administrative rights provided for by Article 2364 of the Italian Civil Code, UniCredit announced the exit of FinecoBank from the UniCredit Group.

On 8 July 2019, UniCredit also announced the launch of a transaction to sell its own remaining FinecoBank ordinary shares (representing approximately 18.3% of the Company's share capital), through a further accelerated bookbuilding process aimed at certain categories of institutional investors, which was successfully completed the following day with the sale of approximately 111.6 million FinecoBank ordinary shares (settlement date on 11 July 2019).

As from 11 May 2019, FinecoBank is registered as the "Parent Company" of the "FinecoBank Banking Group" in the Register of Banking Groups (together with the subsidiary FAM), exercising management and coordination activity over the group in accordance with the current legislation.

1.1. Corporate governance model

The Company's corporate governance system is based on principles recognised by international best practices as fundamental for good governance: the central role of the Board of Directors, the correct management of conflicts of interest, an efficient internal control system and transparency in relations with the market, with particular reference to the disclosure of corporate management decisions.

FinecoBank's overall corporate governance structure has been defined in compliance with applicable laws and regulations, also considering recommendations in the Corporate Governance Code. The Company must also comply with Supervisory Regulations issued by the

⁽ ¹) FinecoBank was admitted to trading on the MTA on 2 July 2014. Since 1 April 2016, FinecoBank has been included in the FTSE-MIB index and since March 2017 it shares are included in the STOXX Europe 600 Index.

Bank of Italy and, in particular, as regards corporate governance, with Supervisory Regulations on Corporate Governance. Pursuant to these regulations, at the date of approval of the Report, FinecoBank is under the direct prudential supervision of the Bank of Italy.

FinecoBank, in its capacity as Parent Company of the FinecoBank Banking Group, in accordance with Article 61 of the Consolidated Banking Act and the Supervisory Regulations, issues rules for companies belonging to the Group in the interest of the Group's stability. In this context, FinecoBank has defined a Group Regulation on corporate governance (GMGR"Group Managerial Golden Rules") in order to fully exercise its management and coordination role, as well as to implement a management system and regulate key processes between the Parent Company and its Subsidiaries. FinecoBank, in its role as Parent Company, ensures the coordination of the activities of the Subsidiaries with a management system based on the concept of "competence line", represented by the corporate structures/functions (both central and local) which, operating transversally between the Parent Company and the Group companies, have the aim of directing, coordinating and controlling the activities and risks of the Group as a whole.

FinecoBank adopts a traditional administration and control system based on two bodies appointed by the Shareholders' Meeting: the Board of Directors, with strategic oversight and business management functions, and the Board of Statutory Auditors, with administration control functions. External auditors are appointed to audit the accounts, in compliance with applicable laws.

At the date of approval of the Report, the governance of FinecoBank also included the following Board Committees:

the Risks and Related Parties Committee;
the Remuneration Committee; and
the Corporate Governance, Nomination and Sustainability Committee.

The diagram below illustrates the FinecoBank's governance structure:

1.1.1 Shareholders' Meeting

The Shareholders' Meeting is the body that represents the interest of all shareholders and through its decisions, the intentions of the Company.

The Shareholders' Meeting passes resolutions in ordinary and extraordinary session with the meeting and voting quorums envisaged by law and the Articles of Association, in view of specific matters to discuss.

The Ordinary Shareholders' Meeting approves, among others, the financial statements and resolves on profit distribution. It appoints the Directors, the Statutory Auditors and the external auditors, establishing their fees. It also resolves on remuneration and incentive policies and practices established by current regulations.

The Extraordinary Shareholders' Meeting resolves on amendments to the Articles of Association, capital increases and mergers and demergers.

Holders of voting rights and for whom the Company has received notice from the intermediary holding the relative account, within the deadlines established by applicable laws (record date, the seventh open trading day prior to the date convened for the Meeting) may participate in the Shareholders' Meeting.

For further information on the Shareholders' Meeting, see Section 16

1.1.2 Board of Directors

Pursuant to the Articles of Association, the Board of Directors is the body given all powers, within the framework of the company object, which are not expressly assigned to the Shareholders' Meeting according to law or the Articles of Association, and that exclusively oversees business management. For this purpose, the Board of Directors is given full powers for the ordinary and extraordinary management of the Company.

Members of the Board of Directors have the professional standing, integrity and independence required by the Articles of Association and by applicable laws and regulations. They also meet the competence, correctness and dedication of time requirements, as well as the limits on the number of positions held as prescribed by the current legislation and/or the Articles of Association.

As established in the Articles of Association, members of the Board of Directors are appointed by the Shareholders' Meeting for a three-year term of office, save for a shorter term established by the Shareholders' Meeting when making appointments, based on a list voting system, to guarantee an adequate number of board directors elected by the minority.

The Board of Directors elects a Chairman from its members and, where considered appropriate, one or two Deputy Chairmen, one of whom will act as a stand-in. The Chairman and Deputy Chairmen remain in office for the entire duration of the Board. The Board of Directors also appoints a Secretary, who is not necessarily a board member. The Board may establish committees or commissions with advisory, decision-making or coordination functions, in compliance with applicable laws and regulations.

The Board of Directors may also appoint a Managing Director, establishing the term of office and relative duties and powers, as well as a General Manager and one or more Deputy

General Managers, who comprise Head Office. In compliance with the Articles of Association, the Board of Directors of the Company appointed Alessandro Foti as Managing Director and General Manager of the Bank.

For further information on the Board of Directors, see Section 4

1.1.3 Board committees

To promote an efficient information and consultation system in order for the Board of Directors to evaluate issues to the best of its ability, three board committees, with examining, advisory, proposing and coordination functions, are established at the date of approval of the Report, in compliance with Supervisory Regulations on Corporate Governance and the recommendations of the Corporate Governance Code; more specifically: (i) a Risks and Related Parties Committee; (ii) a Remuneration Committee; and (iii) a Corporate Governance, Appointments and Sustainability Committee.

For further information on the Risks and Related Parties Committee, the Remuneration Committee and Corporate Governance, Appointments and Sustainability Committee, see Sections 7, 8 and 9

1.1.4 Board of Statutory Auditors

Pursuant to FinecoBank's Articles of Association, the Board of Statutory Auditors comprises three statutory and two stand-in auditors. Statutory Auditors are appointed by the Shareholders' Meeting based on a list voting system, to guarantee an auditor elected by the minority, as well as compliance with provisions on gender balance.

Auditors remain in office for three years, they may be re-elected and their term ends on the date of the Shareholders' Meeting convened to approve the financial statements for the third year of their appointment. The Board of Statutory Auditors performs the functions assigned to it by law and other applicable regulations. For the entire period while the Company's shares are admitted to trading on a regulated Italian market, the Board of Statutory Auditors also exercises all powers and carries out all duties provided for by special laws; with particular reference to disclosure, Directors are required to report on a quarterly basis, pursuant to article 150 of the TUF, according to the procedures in article 15 of the Articles of Association. The Board of Statutory Auditors, acting as the "Internal control and audit committee", pursuant to Legislative Decree no. 39 of 27 January 2010 carries out all other activities provided for by this decree.

Members of the Board of Statutory Auditors are registered auditors and meet the requirements of professional standing, integrity and independence set forth by applicable laws and statutory regulations as well as by the Articles of Association

For further information on the Board of Statutory Auditors, see Section 14

1.1.5 External Auditors

The accounts are audited, pursuant to applicable legal provisions, by an entity that meets the requirements of applicable regulations.

The External Auditors represent the external control body auditing the accounts. In particular, the External Auditors are required, during the year, to verify the accounts of the company, and to give an opinion on the financial statements (including the consolidated financial statements), in a relative report.

For further information on the External Auditors, see Section 11.4

* * *

The duties and operating procedures of company bodies are governed by law, by the Articles of Association and by decisions taken by competent bodies.

For further information on each body and/or entity comprising the Company's governance system, see specific Sections of the Report.

2. INFORMATION ON OWNERSHIP STRUCTURES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1 OF THE TUF) a) Structure of Share Capital (pursuant to article 123-bis, paragraph 1, letter a) of the TUF)

As at 31 December 2019, the share capital, fully subscribed and paid up, was equal to 200,941,488.00 divided into 608,913,600 ordinary shares with a par value of 0.33 each.

The Board of Directors, partially exercising the authority granted to it pursuant to article 2443 of the Civil Code by the Extraordinary Shareholders' Meetings of 5 June 2014, 23 April 2015, 12 April 2016, 11 April 2017 and 11 April 2018 resolved on 11 February and 12 March 2020 to increase the share capital, as follows: (i) with effect from 11 February 2020, by a nominal amount of 139,517.07, corresponding (ii) with effect from 31 March 2020, by a nominal amount of 23,333.64, corresponding to plans ("2014 Group Incentive System" – 6th tranche of the plan and 4th tranche share); (iii) with effect from 31 March 2020, by a nominal amount of 13,878.81, corresponding to plans ("2015 Group Incentive System" 5th tranche of the plan and 3rd tranche share); (iv) with effect from 31 March 2020, by a nominal amount of 10,033.98, corresponding to plans ("2016 Group Incentive System" 4th tranche of the plan and 2nd tranche share); (v) with effect from 31 March 2020, by a nominal amount of 19,123.50, corresponding to plans ("2017 Group Incentive System" 3rd tranche of the plan and 1st tranche share);

to 422,779 ordinary shares with a par value of 0.33 each, to service Employee incentive plans ("2014-2017 Top Management Multi-year plan " – assignment of the 4th tranche);
70,708 ordinary shares with a par value of 0.33 each, to service Employee incentive (vi) with effect from 31 May 2020, by a nominal amount of 5,459.19, corresponding to
42,057 ordinary shares with a par value of 0.33 each, to service Employee incentive
30,406 ordinary shares with a par value of 0.33 each, to service Employee incentive
57,950 ordinary shares with a par value of 0.33 each, to service Employee incentive
16,543 ordinary shares with a par value of 0.33 each, to service Employee incentive plans.

Ordinary shares are registered and are admitted for trading on the MTA. No further categories of shares, equity-based instruments, convertible or exchangeable bonds were issued.

Shares are indivisible and joint ownership is governed by law.

Shares are not subject to any privileges or constraints; there are no shares reserved for issue under option and sales contracts.

Each ordinary share carries the right to one vote in ordinary and extraordinary Shareholders' Meetings. Ordinary shares have administrative and equity rights and obligations in accordance with law.

For equity-based incentive plans, which involve free share capital increases approved by the Shareholders' Meeting, see the relative information documents drawn up pursuant to article 84 bis of the Issuer Regulations (2 ), as well as the Compensation Report drawn up pursuant to

⁽ ²) Information documents are available at the FinecoBank's website www.finecobank.com – "Corporate/Shareholders' Meeting" section.

b) Restrictions on the transfer of securities (pursuant to article 123-bis, paragraph 1, letter b) of the TUF)

c) Significant holdings in capital (pursuant to article 123-bis, paragraph 1, letter c of the TUF)

b) letter b) of the TUF)	Restrictions on the transfer of securities (pursuant to article 123-bis, paragraph 1,

	At the date of approval of this Report, there were no restrictions on the transfer of securities.
TUF)	c) Significant holdings in capital (pursuant to article 123-bis, paragraph 1, letter c of the
	Based on entries in the Shareholders' Register and notices received pursuant to article 120 of the TUF, as well as other information available to the Company, direct or indirect significant holdings in share capital as at 31 December 2019 are presented below. The table does not include entities that are exempt from the disclosure requirements of article
119-bis of the Issuer Regulations. Declarer or entity at the top		No. of ordinary	% Share of	% Share of voting
of the ownership chain	Direct shareholder	shares (*)	ordinary capital	capital
	Blackrock Netherlands B.V.	66,745	0.011%	0.011%
	Blackrock Singapore Limited	4,437	0.001%	0.001%
	BlackRock Advisors (UK) Limited	3,401,565	0.559%	0.559%
	Blackrock Advisors, LLC	1,088,080	0.179%	0.179%
	BlackRock Asset Management Canada Limited	368,671	0.061%	0.061%
	BlackRock Asset Management Deutschland AG	2,236,030	0.367%	0.367%
	BlackRock Asset Management North Asia Limited	4,810	0.001%	0.001%
BlackRock Inc.	BlackRock Financial Management, Inc.	35,666	0.006%	0.006%
	BlackRock Fund Advisors	6,796,886	1.116%	1.116%
	BlackRock Institutional Trust Company	7,168,126	1.177%	1.177%
	BlackRock International Limited	462,749	0.076%	0.076%
	BlackRock Investment Management (Australia) Limited	151,463	0.025%	0.025%
	BlackRock Investment Management (UK) Limited	30,989,149	5.089%	5.089%
	BlackRock Investment Management, LLC	716,991	0.118%	0.118%
	BlackRock Japan Co., Ltd	284,956	0.047%	0.047%
	Totale	53,776,324	8.833%	8.833%
Capital Research and	Capital Research and Management Company	30,738,447	5.050%	5.050%
Management Company	Totale	30,738,447	5.050%	5.050%
	Invesco Ltd.	20,496,717	3.365%	3.365%
	Totale	20,496,717	3.365%	3.365%
Invesco Ltd.			2.669%	2.669%
	FMR Co., Inc	16,252,129
	FIAM LLC	372,225	0.061%	0.061%
FMR LLC	Fidelity Institutional Asset Management Trust Company	1,735,964	0.285%	0.285%

⁽ ³) The Compensation Report is available at the at the FinecoBank's website www.finecobank.com – "Corporate/Shareholders' Meeting" section . Moreover, the information pursuant to article 84-quarter are reported in the Annex 1 to 2019 Compensation Policy, available at the FinecoBank's website www.finecobank.com – "Corporate/Shareholders' Meeting" section .

d) Securities conferring special rights (pursuant to article 123-bis, paragraph 1, letter d) of the TUF)

At the date of approval of this Report, FinecoBank had not issued any shares conferring special control rights, nor adopted By-law provisions allowing multiple or increased voting rights.

e) Employee shareholdings: mechanism to exercise voting rights (pursuant to article 123-bis, paragraph 1, letter e) of the TUF)

There is no employee share ownership scheme in which the voting right is exercised by representatives of the employees.

f) Restrictions on voting rights (pursuant to article 123-bis, paragraph 1, letter f) of the TUF)

There are no restrictions on voting rights.

g) Shareholder agreements ( pursuant to article 123-bis, paragraph 1, letter g) of the TUF)

The Issuer is not aware of any shareholder agreements pursuant to article 122 of the TUF.

h) Change of control clauses (pursuant to article 123-bis, paragraph 1, letter h) of the TUF and statutory provisions on Takeover bids (pursuant to articles 104, paragraph 1-ter, and 104-bis, paragraph 1)

With the exception of the agreements signed as part of the smooth transition transaction referred to in Paragraph 1 above "Profile of the Issuer", aimed at regulating relations between FinecoBank and UniCredit following FinecoBank's exit from the UniCredit Group, the Company has not entered into any significant agreements that become effective, are amended or terminate in the event of a change of control of the contracting company (4 ).

With reference to any provision of the above-mentioned agreements, signed as part of the smooth transition, regarding change of control, please refer to the "Information document relating to a greater relevance related-party transaction between FinecoBank S.p.A. and UniCredit S.p.A." prepared by the Company pursuant to Article 5 and in accordance with the format in Annex 4 of the Related Parties Regulation, published on the Bank's website (www.finecobank.com , "Governance/Related Parties and Associated Persons" section).

The Bank's Articles of Association do not envisage any exceptions to the provisions on the passivity rule as of article 104, paragraphs 1 and 1-bis of the TUF, nor the application of the neutralisation provisions as of article 104-bis, paragraphs 2 and 3 of the TUF.

* * *

i) Delegated powers to increase share capital and authorisation to purchase treasury shares (pursuant to article 123-bis, paragraph 1, letter m) of the TUF)

The Board of Directors has been authorised by the Extraordinary Shareholders' Meeting to carry out free capital increases, to implement the incentive plans for Bank personnel classified

⁽ ⁴) FAM did not enter into any agreements considered significant pursuant to article 123-bis, paragraph 1, letter h) of the TUF.

as "identified staff". The Board of Directors was not assigned the power to issue equity-based financial instruments.

On 12 April 2016, the Shareholders' Meeting, at the proposal of the Board of Directors, authorised the purchase and disposal of 250,000 treasury shares in favour of FinecoBank network managers and financial advisors identified as key personnel.

On 11 April 2017, the Shareholders' Meeting, at the proposal of the Board of Directors, authorised the purchase and disposal of 346,000 treasury shares to service the 2017 incentive system for FinecoBank financial advisors identified as key personnel.

On 11 April 2018, the Shareholders' Meeting, at the proposal of the Board of Directors, authorised the purchase and disposal of 297,620 treasury shares to service the 2018 incentive system for FinecoBank financial advisors identified as key personnel.

On 10 April 2019, the Shareholders' Meeting, at the proposal of the Board of Directors, authorised the purchase and disposal of maximum 179,534 treasury shares to service the 2019 incentive system for FinecoBank financial advisors identified as key personnel.

On 15 January 2020, the Board of Directors resolved to put to the Shareholders' Meeting convened to approve the 2019 Financial Statements, the proposal to authorise the purchase and disposal of maximum 235,516 treasury shares to service the 2020 incentive system for FinecoBank financial advisors identified as key personnel.

As at 31 December 2019, the Company held 737,448 treasury shares equal to 0.12% of the share capital.

l) Management and coordination (pursuant to article 2497 and subsequent of the Civil Code)

At the date of approval of the Report, FinecoBank is not under any management and coordination activities pursuant to art. 2497 Civil Code.

Until the date of 10 May 2019, UniCredit managed and coordinated FinecoBank in accordance and within the limits of TUB and the Supervisory Regulations.

* * *

The information required by article 123-bis, paragraph 1, letter i) of the TUF is contained in the Report on remuneration policy and compensation paid published pursuant to article 123-ter (5 ) of the TUF.

* * *

The information required by article 123-bis, paragraph 1, letter l) of the TUF regarding the appointment and replacement of directors is given in the Section of the Report on the Board of Directors (Section 4.1.).

⁽ ⁵) The Report is available at the following address on FinecoBank's website: www.finecobank.com – "Corporate/Shareholders' Meeting" section.

TUF)

COMPLIANCE (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER A) OF THE Starting from its IPO, FinecoBank adheres to the Corporate Governance Code and comply with it, where applicable. The Code is aligned with the main international practice and includes the corporate governance standards (based on transparency, accountability and long-term perspective) and best practices recommended by the Corporate Governance Committee, which apply to the listed companies on a "comply or explain" basis. It means that the companies shall explain in the Corporate Governance Report the reason of not complying with any recommendations of the Code.

The Code is available to the public on the website of the Corporate Governance Committee, at: http://www.borsaitaliana.it/comitato-corporate-governance/codice/2018clean.pdf.(6 )

For additional information on the corporate governance structure of FinecoBank, in addition to specific Sections of the Report, see the Company's website, where the Report is published together with economic/financial information, data and documents of interest to shareholders.

* * *

The Issuer is not subject to provisions of law outside Italy that affect its corporate governance structure (7 ).

⁽ ⁶) On 31 January 2020, a new version of the Corporate Governance Code, approved by the Corporate Governance Committee, has been published. The companies that adopt the Code will aplly the aforementioned version from the first financial year starting after 31 December 2010, giving notice to the public in the corporate governance report that will be published during 2022. The new Corporate Governance Code is available on the following link: https://www.borsaitaliana.it/comitato-corporate-governance/codice/2020.pdf. (

⁷) The legal provisions FAM is subject to do not affect the Issuer's governance structure.

4. BOARD OF DIRECTORS 4.1 Appointment and replacement (pursuant to article 123-bis, paragraph 1, letter l), of the TUF)

During the Year, the Board of Directors, with the support of the Corporate Governance, Appointments and Sustainability Committee, approved a number of proposals to revise its corporate governance in order to adapt it to the new shareholding structure of the Bank following its exit from the UniCredit Group and acquisition of the role of "Parent Company" of the "Banking Group".

Apart from further strengthening the requirements of the company representatives, in line with Italian legislation and current practice, the Board of Directors has been empowered to submit its own list of candidates for the position of director, when the Board is re-elected.

This amendment complies with the provisions of the Corporate Governance Code and is in line with international best practice.

In this context, the participation and representation of the minority shareholders is extended. Specifically, two Directors will be assigned to the list that came second in terms of number of votes, while one Director will be assigned to the list that came third in terms of number of votes, provided that such list has obtained at least 2% of the votes cast at the meeting.

The proposals to amend the Articles of Association, for which the Bank of Italy issued the related assessment measure on 10 December 2019 pursuant to Articles 56 and 61 of the Consolidated Banking Act, were unanimously approved by the Extraordinary Shareholders' Meeting of 18 February 2020.

* * *

In compliance with laws and regulations applicable to listed companies, following the amendments of the Articles of Association approved by the Extraordinary Shareholders' Meeting of 18 February 2020, article 13 of the Articles of Association requires the Board of Directors to be appointed by the Shareholders' Meeting, based on lists of candidates submitted by the Board of Directors and the Shareholders, with each list containing the names of candidates numbered progressively, according to the procedure described below.

The Board of Directors and the Shareholders can submit a list for the appointment of Directors, provided that when they submit the list they hold, alone or together with others presenting shareholders, at least the minimum shareholding established by Consob pursuant to article 147 ter, paragraph 1, of the TUF and in compliance with relevant provisions in the Issuer Regulations. Consob, in its Executive Resolution by the Head of the Corporate Governance Division no. 28 of January 30, 2020, set the minimum shareholding required for FinecoBank to submit lists of candidates for election of the Board of Directors and Board of Statutory Auditors at 1% of share capital. For the submission of the list by the Shareholders, the ownership of the minimum shareholding required is calculated based on the shares registered for each shareholder on the day when the lists are filed at the Company; relative certification may be submitted after the lists have been filed, provided this is within the deadline for publication of the lists.

Each party entitled (as well as (i) entitled persons belonging to the same group, intended as a

party, which need not be a corporation, exercising control pursuant to article 2359 of the Civil Code and any subsidiary controlled by, or under the control of said party, or (ii) shareholders who are party to a shareholders' agreement as of article 122 of the TUF, or (iii) entitled persons who are otherwise associated with each other in a material relationship pursuant to current and applicable statutory or regulatory provisions) may submit individually or with others only one list, likewise each candidate may be included in only one list, or otherwise be considered ineligible.

Each list that has three or more candidates (i) must include candidates from both genders, so as to ensure compliance with at least the minimum requirements of applicable laws and regulations on gender balance and (ii) must ensure that at least the majority of the candidates meet the independence requirements set out in the Articles of Association, without prejudice to the fact that the first candidate on any list, including lists with less than 3 (three) candidates, must meet the aforementioned independence requirements.

Please note that, following the amendments to the art. 147-ter of TUF introduced by the 2020 Italian Budget Law, at least two-fifths of the members of the Board of Directors must belong to the less represented gender.

The lists shall be filed at the registered office or head office – also by remote communication and in accordance with procedures in the notice of call, so as to allow the identification of parties submitting the list – at least twenty-five days before the date of the Shareholders' Meeting to appoint members of the Board of Directors, in single call (or within the different deadline as indicated from time to time by the applicable legislation). The Company shall ensure that lists are made public on the Company's website and by other means established by applicable provisions, at least twenty-one days prior to the above Shareholders' Meeting, in one session or on first call (or within the different deadline as indicated from time to time by the applicable legislation). The list submitted by the Board of Directors must be filed at the registered office and published in the manner described above at least thirty days before the date set for the Shareholders' Meeting.

The lists also contain attachments with any additional documents and declarations required by applicable laws and regulations, as well as:

for Shareholders, information on the identity of parties submitting the lists, indicating the total percentage of shares held;
information on the personal and professional characteristics of the candidates in the list;
a statement whereby individual candidates irrevocably accept the position (subject to their appointment) and certify, under their responsibility, that there are no grounds for their ineligibility or incompatibility to stand as candidate, and that they meet the requirements required for the office by the Articles of Association and applicable laws and regulations and the possible possession of the independence requirements referred to in paragraph 3 of article 13, according to a format that will be made public by the Company in advance, also taking into account the guidelines of the Supervised Authorities. (a) number of Directors equal to the number of board members shall be drawn - in the order in

Lists that do not comply with the above requirements shall be considered as not submitted.

Each eligible voter may vote for one list only.

After the vote, candidates are elected from lists that have obtained the largest number of votes, with the following criteria:

which they appear on the list - from the list receiving the majority of votes cast except, depending on the case, 2 (two) or 3 (three) that will be taken from the minority list(s) that are not connected with those who submitted or voted for the list that obtained the highest number of votes in accordance with the current regulations, as specified below:

a.1) if only two lists are submitted, the remaining 2 (two) Directors will be drawn in consecutive order from the second list that received the highest number of votes at the meeting,

a.2) if 3 (three) or more lists are submitted, 2 (two) Directors will be drawn in consecutive order from the second list that obtained the highest number of votes at the meeting regardless of the percentage of votes received, while 1 (one) Director will be drawn in consecutive order from the third list that received the highest number of votes at the meeting provided that it received at least 2% of the votes cast at the meeting, it being understood that in the event of the failure to receive this percentage by the third list by number of votes the mechanism provided for in the previous letter a.1) will be applied; (b) if the number of candidates in the majority list is not sufficient to ensure the appointment

of all directors according to the mechanism specified in (a) above, all the candidates of the majority list shall be appointed and the remaining directors shall be taken from the list that obtained the most votes from among the minority lists, according to the consecutive order in which they appear on the list and, if necessary, from the next minority lists below the most voted minority list, in the consecutive order in which the candidates appear on the list, until the required number of directors has been appointed; (c) if the number of candidates included in both the majority and minority submitted lists is
below that of the Directors to be appointed, the remaining Directors shall be appointed by resolution of the shareholders' meeting passed by relative majority (and therefore without taking into account any abstention), making sure that the independence and gender balance principles prescribed, respectively, by art. 13, paragraph 3, and 13, paragraph 6, of the Articles of Association are complied with. In the event of a tie between candidates, the shareholders' meeting holds a second round of voting; (e) if the required number of independent Directors and/or of Directors of the less represented
(d) where only one, or no lists have been submitted, the Shareholders' Meeting shall resolve in accordance with the procedures specified in subparagraph (c) above; in the event of a tie between lists or candidates, the Shareholders' Meeting shall hold a second round of voting to establish their ranking;
gender is not appointed, the Directors of the most voted list and appearing first on the list and not satisfying the requirements in question are replaced by the next directors from the same list satisfying the requirement(s). In the event that, following the application of this criterion, it is still not possible to identify Directors with the mentioned characteristics, the said replacement criterion shall be applied to the progressively most voted minority lists from which any appointed candidates have been drawn; (f) in the event that, following the application of the replacement criterion set out in (e), it is
still not possible to identify any suitable directors, the Shareholders' meeting shall resolve by relative majority. In this case, replacements shall be made starting from the most voted lists and from the candidates appearing first on the list.

In the event of death, resignation, withdrawal or removal from office for any other reason of a

Director, or where a Director no longer meets the professional standing and integrity requirements, the Board of Directors can take steps to co-opt a Director, in compliance with the principles of minority representation and gender balance. If, in the above cases, the minimum number of independent Directors and/or the number of Directors belonging to the least represented gender as prescribed, respectively, by articles 13, paragraph 3 and 13 paragraph 6 of the Articles of Association fall below the level required, the Board of Directors shall replace them.

For the appointment of Directors needed to fill vacancies on the Board of Directors, the Shareholders' Meeting shall resolve by relative majority, ensuring that the principles of independence and gender balance established by current law and regulations and Articles of Association are met.

The Board of Directors shall elect a Chairman from among its members and – where appropriate – one or more Deputy Chairmen, one of which will act as a stand-in.

In compliance with applicable sector laws and regulations, the Board of Directors defines the optimal number and type of directors to effectively carry out its duties and oversee its responsibilities assigned by law, by Supervisory Regulations on Corporate Governance and the Articles of Association. The Board also establishes requirements applicable to FinecoBank directors, in addition to requirements of applicable laws and regulations, and provides guidance on the maximum number of positions that directors may hold in other companies.

Before appointing directors, the Board informs shareholders of the optimal board composition, so that candidates may be selected considering the professional competencies required. Shareholders may in any case make their own evaluations of the optimal board composition, and submit candidate proposals, giving reasons for any differences from evaluations made by the Board.

Succession Plans

On 12 December 2019, the Board of Directors approved the succession plan for the Managing Director and General Manager and for the other key managers, in which the professional competencies and expertise required for possible candidates are established.

For the Managing Director and General Manager, the succession plan provides information to support the appointment of the successor also in the event of early replacement. This succession plan is submitted annually for approval to the Board of Directors by the Human Resources department, after being approved by the Corporate Governance, Appointments and Sustainability Committee. The annual review consists of detailed analysis of the competencies and requirements necessary to hold individual positions. Tools used to identify the pool of possible candidates for succession plans include assessment and development processes for executive and key resources.

4.2 Composition ( pursuant to article 123-bis, paragraph 2, letter d) of the TUF)

Pursuant to article 13 of the Articles of Association, as amended by the Extraordinary Shareholders' Meeting of 18 February 2020, the Company is managed by a Board of Directors

comprising a minimum of 9 (nine) and a maximum of 13 (thirteen)8 Directors, elected by the Shareholders' Meeting. The Shareholders' Meeting shall also determine the term of office, on the understanding that said term may not be less than one year or more than three years from acceptance of the position and shall expire on the date of the Shareholders' Meeting convened to approve the financial statements relative to the last year of office. Members of the Board of Directors may be re-elected.

According to the Corporate Bodies Regulations, the number of Board Directors shall be commensurate with the size and complexity of the Bank's organisational structure, and allow for the oversight of all company operations, as regards management and controls. Moreover, the Board shall comprise (i) various representatives of the shareholder base, (ii) the professional competencies necessary to foster internal dialogue and (iii) a sufficient number of independent directors pursuant to the Corporate Governance Code. The composition of the Board shall also guarantee a gender balance.

To ensure its proper functioning, the Board of Directors has established requirements for FinecoBank's Directors, in addition to requirements of applicable laws and regulations, and the number of positions directors may hold in other companies, as shown in the document "Qualitative and quantitative composition of the Board of Directors of FinecoBank S.p.A." (approved by the Board of Directors on February 7, 2017), published on the Company's website, to which reference is made (the "2017 Qualitative/Quantitative Profile").

Save for limits on the number of positions directors may hold, directors may accept a position on the board when they consider they have sufficient time to diligently carry out their duties, also considering their own work and professional commitments, as well as the number of positions held in other companies (including non-Italian firms).

The members of the Board must be suitable for the performance of the office, in accordance with the legislation in force at the time and the Articles of Association and, in particular, they must meet the requirements of professionalism, integrity and independence and comply with the criteria of competence, correctness and dedication of time and the specific limits on the number of positions held as set out by legislation in force and by the Articles of Association and in any event those provided by the European Directive no. 36 of June 26, 2013 (CRD IV), for the performance of the office of director of a bank issuing shares listed on regulated markets.Pursuant to article 13 of the Articles of Association (as amended by the Extraordinary Shareholders' Meeting of 18 February 2020), the majority of the Board members shall meet the independence requirements prescribed from time to time by the Corporate Governance Code. (i) following the appointment of a new Director who qualifies as independent; and (ii) annually, for all Directors (qualifying as independent).

The Board shall assess whether the independence requirements have been met with regard to the prevalence of substance over form. This assessment shall be performed:

For this purpose, the Board of Directors, based on statements provided and any other information available, shall examine the Director's direct or indirect commercial, financial or professional relationships with the Company, assessing their significance both in absolute terms and with regard to the economic and financial position of the individual concerned. The Board

of Statutory Auditors shall ascertain the correct application of the criteria and procedures adopted by the Board of Directors for the above-mentioned assessment. The results of the above assessments shall be disclosed to the market.

The Board of Directors in office at the date of the Report was appointed by the Shareholders' Meeting of 11 April 2017 and shall remain in office until the next Shareholders' Meeting convened to approve the Financial Statements as at 31 December 2019.

Accordingly, and in compliance with Supervisory Regulations on Corporate Governance, the appointment of Board members was proposed to the above Shareholders' Meeting in April 2017, after determining the number of members and their term of office. During the meeting, the Board of Directors also requested shareholders to consider the 2017 Quantitative/Qualitative Profile when submitting lists. (i) a statement from shareholders other than shareholders that hold, even jointly, a

In compliance with applicable laws, the following lists of candidates for appointment to the Board of Directors were presented:

List no. 1, presented by UniCredit (owner of a total of 215,066,403 ordinary shares representing 35.39% of the share capital), with Enrico Cotta Ramusino, Alessandro Foti, Francesco Saita, Manuela D'Onofrio, Maria Chiara Malaguti, Gianmarco Montanari and Patrizia Albano;
List no. 2, presented by a number of asset management companies and institutional investors (owners of a total of 16,347,439 ordinary shares representing 2.6901% of the share capital), with Elena Biffi and Maurizio Santacroce.

The following documents were filed and published along with the two lists, according to established times and procedures:

controlling or relative majority interest, certifying the absence of any connection and/or significant relations with the latter as provided for by article 147-ter, paragraph 3 of the TUF and article 144-quinquies of the Issuers Regulation, also having examined Consob recommendations in its Communication no. DEM/9017893 of 26 February 2009; (ii) exhaustive information on the personal and professional characteristics of the candidates
included in the list (curriculum vitae) and the list of administration, management and control positions they hold in other companies, which are relevant pursuant to law);
(iii) statements whereby individual candidates irrevocably accepted the position (subject to their appointment) and certified, under their responsibility, that there were no grounds for their ineligibility or incompatibility to stand as candidate, and that they met the requirements of applicable laws, regulatory provisions, the Articles of Association and Corporate Governance Code; (iv) a statement from each candidate certifying that they met the independence requirements (v) a statement from each candidate on their knowledge and expertise in the areas indicated
established by law, the Articles of Association and Corporate Governance Code;
in the 2017 Qualitative/Quantitative Profile.

The lists, together with the above documents, were filed on the Company's website ("Governance/Shareholders' Meetings" section).

After establishing the number of Board Directors as 9, the Shareholders' Meeting of 11 April 2017 appointed Directors for the 2017-2019 period as follows:

Enrico Cotta Ramusino, Alessandro Foti, Francesco Saita, Manuela D'Onofrio, Maria Chiara Malaguti, Gianmarco Montanari and Patrizia Albano from the list presented by UniCredit, which was voted by the majority of shareholders;
Elena Biffi and Maurizio Santacroce from the list presented by several asset management companies and institutional investors, which was voted by the minority of shareholders.

For the percentage of votes for the above lists in relation to voting capital, see the summary report on voting, available on the Company's website ("Governance/Shareholders' Meeting" section).

The qualitative and quantitative composition of the appointed Board complied with the optimal composition defined by the Board (as described in the 2017 QualitativeQuantitative Profile), in terms of: (i) the number of board members, optimally set by the Board as 9, in order to foster dialogue and promote the decision-making process, and which is commensurate with the size and complexity of the Company's organisational structure, for an effective oversight of all company operations; (ii) meeting requirements of integrity, professional competencies (in particular all Board members have a good knowledge and expertise of two or more areas listed) and independence (the majority of Board members are independent directors pursuant to the Corporate Governance Code); (iii) gender balance (at least one third of members on the board must comprise the least represented gender,as established by the legislation and regulation applicable to the Board in office at the date of the Report); (iv) complying with the limit on positions (no Board Directors exceeds the limit) and time available (based on the nature and extent of additional positions held, as well as various professional and work commitments) (9 ). As regards the personal and professional profile of each Director, see the information published on FinecoBank's website (www.finecobank.com, "Governance" section).

In this regard, the Company received a positive decision from the European Central Bank (ECB) on the suitability of board members, on 15 December 2017 for non-executive directors, and on 3 January 2018 for the Chairman and the Managing Director and General Manager.

Following the exit of FinecoBank from the UniCredit Group on 10 May 2019, Ms. Manuela D'Onofrio resigned as a non-executive director.

On 15 January 2020, the Board of Directors replaced the Director Ms. D'Onofrio by co-optation pursuant to Article 2386 of the Italian Civil Code with Mr. Andrea Zappia, subject to the favourable opinion of the Corporate Governance, Appointments and Sustainability Committee and the approval of the Board of Statutory Auditors.

The selection of said Director has been carried out following the "Process for selecting candidates for membership of the Board of Directors" approved by the Board on 5 August 2019 (available on the Bank's website as Annex B of the FinecoBank Corporate Bodies Regulations), with the active involvement of the Corporate Governance, Appointments and Sustainability Committee and the support of the external consulting firm Spencer Stuart. Mr. Andrea Zappia was chosen, on the proposal of the aforementioned Committee, in compliance with the necessary requirements and in line with the criteria identified by the Board in the 2017 Qualitative/Quantitative Profile, also in the light of the specific assessments made during the recent board review.

The appointment of the co-opted Director was confirmed by the Shareholders' Meeting on 18

⁽ 9) See Paragraph 4.2.1. below.

		approval of the Report.			The table below presents significant information on each Board member in office at the date of						Directors currently in office, appointed for the 2017-2019 financial years by the aforementioned
Position	Members	Born in	Date of first appointment *	In office since	In office until	List **	Exec. 1) (	Non- exec.	Indep. Code 2) (	Inde p. TUF 3) (	*) (	Number of other positions ***
Chairman	Enrico Cotta Ramusino	1959	13.12. 2001	11.04.2017	Approval of the Financial Statements as at 31.12.2019	M		X		X	15/15 (100%)	0
Deputy Chairman	Francesco Saita	1967	15.04.2014	11.04.2017	Approval of the Financial Statements as at 31.12.2019	M		X	X	X	15/15 (100%)	0
Managing Director and General Manager	Alessandro Foti	1960	20.10.1999	11.04.2017	Approval of the Financial Statements as at 31.12.2019	M	X				15/15 (100%)	0
Director	Patrizia Albano	1953	11.04.2017	11.04.2017	Approval of the Financial Statements as at 31.12.2019	M		X	X	X	12/15 (80%)	1
Director	Manuela D'Onofrio	1962	08.11.2016	11.04.2017	Approval of the Financial Statements as at 31.12.2019	M		X			-	-
Director	Elena Biffi	1966	11.04.2017	11.04.2017	Approval of the Financial Statements as at 31.12.2019	m		X	X	X	15/15 (100%)	1
Director	Maria Chiara Malaguti	1964	11.04.2017	11.04.2017	Approval of the Financial Statements as at 31.12.2019	M		X	X	X	14/15 (93%)	0
Director	Gianmarco Montanari	1972	11.04.2017	11.04.2017	Approval of the Financial Statements as at 31.12.2019	M		X	X	X	15/15 (100%)	0
Director	Maurizio Santacroce	1971	11.04.2017	11.04.2017	Approval of the Financial Statements as at 31.12.2019	m		X	X	X	15/15 (100%)	0
Director	Andrea Zappia	1963	15.01.2020 (co-opted by BoD) 10.02.2020 (appointed by	15.01.2020	Approval of the Financial Statements as at 31.12.2019	-		X	X	X	-	2

Following the exit of FinecoBank from UniCredit Group, on 10 May 2019, Mrs. Manuela D'Onofrio resigned from the office. Mr. Andrea Zappia has been appointed in

order to replace Mrs. D'Onofrio, as described in this Section.

Quorum required to present lists during the last appointment: 1% * The date of the first appointment of each Director means the date when the Director was appointed for the first time (ever) to the Board of Directors of the Company. ¹) Executive Director pursuant to the Corporate Governance Code.

** This column indicates the list on which each director was presented ("M": member from the majority list; "m": member from the minority list).

*** Number of positions as Director or Statutory Auditor held in other companies listed on regulated markets, also abroad, in financial banking, insurance companies or companies of a considerable size (see Section 4.2.1 below, listing companies with reference to each Director).

(

( ²) Independent Director pursuant to article 3 of the Corporate Governance Code.

( ³) Independent Director pursuant to article 148, paragraph 3 of the TUF.

(*) Percentage attendance at Board meetings (no. of attendances/ no. of meetings held during the actual period of office of the person concerned during the Year).

It should be noted that at the next Shareholders' Meeting to be called on 28 April 2020, Shareholders will be called, among other things, to resolve on the appointment of new Directors on the basis of the list voting mechanism as governed by the Company's Articles of Association (as amended by the Extraordinary Shareholders' Meeting of 18 February 2020) and described in Section 4.1 of the Report.

Due to the renewal of the administrative body, the Board of Directors of FinecoBank was called upon to identify the theoretical profile (including the characteristics of professionalism and possible independence) of the candidates to be appointed. To this end, the Board of Directors approved, by resolution of 25 February 2020, the new document entitled "Qualitative and quantitative composition of the Board of Directors of FinecoBank S.p.A." – which replaces the previous 2017 Qualitative/Quantitative Profile – containing the results of the preliminary analysis carried out by the Board of Directors (assisted by the Corporate Governance, Appointments and Sustainability Committee) on its qualitative/quantitative composition considered optimal for the proper performance of the functions assigned to it, in accordance, in particular, with the provisions of the Corporate Governance Supervisory Regulations (the "2020 Qualitative/Quantitative Profile). This document is available on FinecoBank's website ("Governance/Shareholders' Meeting" section).

Diversity policies

Save for applicable laws and regulations, the Board has adopted a specific policy (the latest one is dated 5 April 2018) with general guidelines on the structure, composition and remuneration of company bodies and on procedures to appoint company officers.

In this regard, the process regulated by the policy establishes, among others, some guidelines on the structure of company bodies and requirements of relative members, in order to achieve a balance between internal and external (independent) members and gender, and a composition that can effectively oversee all company operations in terms of management and controls, also considering the dimensions and complexity of the organisational structure of the Company. In this context, besides aspects concerning professional standing, integrity, independence and gender, the policy establishes, among others, general guidelines which establish a maximum age for board members as follows: (i) 75 years for the position of Chairman and Deputy Chairman;

(ii) 65 years for the appointment of managing director and/or sole director.

The principles and rules of the aforementioned policy shall apply, considering national and EU laws and regulations on requirements for directors – and more in general the composition of the administrative body overall – and indications in the qualitative and quantitative profile as approved by the Board of Directors from time to time, previously referred to.

Members of the Board of Directors in office are broken down below, by age and gender. As regards the gender, it is to point out that 33% of the FinecoBank's Board is made by directors of the less represented gender, in line with the previsions regarding the gender balance applicable to the composition of the Board of Directors in office at the date of the Report.

With the aim of making the business increasingly sustainable and successful, FinecoBank invests in a highly diversified workforce and has adopted a global policy on gender equality, which establishes principles and guidelines to ensure a level playing field in which all employees, regardless of gender, can realize their potential.

FinecoBank has taken measures to promote equal treatment and gender opportunities by including a specific objective linked to the "gender balance and pay gap" in all the performance evaluation sheets of the Identified Staff.

4.2.1. Maximum number of board mandates in other companies

Based on information from Directors, the Board annually identifies and indicates, in the report on corporate governance and ownership structures, the positions of director or auditor held by the Directors in other companies and, in general, compliance with qualitative and quantitative requirements concerning time (based on the nature and extent of the positions held, as well as other work and professional commitments). The Directors shall promptly notify the Company of

positions held or from which they have resigned during their term of office, as well as of any changes that may affect their availability.

In this regard, when approving the 2017 Qualitative/Quantitative Profile, the Board of Directors established new guidelines on the maximum number of positions that may be held by Company directors, in line with provisions in the Directive CRD IV. The 2020 Qualitative/Quantitative Profile, as approved in the context of the renewal of the corporate bodies scheduled for this year, also in light of art. 13 of the Articles of Association, contains the same prevision.

In particular, save for additional and/or different provisions that could arise from Ministerial Decrees implementing article 26 of the TUB (as amended by Legislative Decree no. 72 of 12 May 2015 implementing Directive CRD IV in Italian law), each Director may hold the following number of positions (in any type of company, apart from organisations that are chiefly non-commercial):

1 executive position and 2 non-executive positions;
4 non-executive positions,

the following are considered as a single position as director: (a) the position of executive or non-executive director in the same group; e (b) positions are executive or non-executive director held in companies in which the entity has a qualified participation (see article 91 of the Directive CRD IV).

The table shows the overall number of positions held by Directors in office at the date of approval of the Report (including the position held in FinecoBank). The limit on the total number of positions held by Directors, as required by the Board in its 2017 Qualitative/Quantitative Profile (and confirmed, as above anticipated,, with the 2020 Qualitative/Quantitative Profile), in line with the Directive CRD IV, was considered complied in view of requirements applicable to positions held in the same group, positions held in organisations that are chiefly non-commercial (that are not relevant for the total number of positions), statements provided by directors and the principles outlined in set forth by the European Banking Authority and the European Securities Markets Authority on suitability of the management body and key personnel, issued on 21 March 2018 and effective from 30 June 2018.

Qualitative/Quantitative Profile), in line with the Directive CRD IV, was considered complied in view of requirements applicable to positions held in the same group, positions held in organisations that are chiefly non-commercial (that are not relevant for the total number of positions), statements provided by directors and the principles outlined in set forth by the European Banking Authority and the European Securities Markets Authority on suitability of the management body and key personnel, issued on 21 March 2018 and effective from 30 June 2018.
Name	Total number of positions held by Directors	Number of relevant positions held
Enrico Cotta Ramusino Chairman	2 non-executive positions	1 non-executive position (1 )
Francesco Saita Deputy Chairman	2 non-executive positions	2 non-executive positions
Alessandro Foti Managing Director and General Manager	1 executive position and 3 non-executive positions	1 executive position and 1 non executive position (1 )

Patrizia Albano Director	5 non-executive positions	3 non-executive positions (2 )
Elena Biffi Director	1 executive position and 3 non-executive positions	1 executive position and 2 non executive positions (1 )
Maria Chiara Malaguti Director	1 non-executive position	1 non-executive position
Gianmarco Montanari Director	3 non-executive positions and 1 position as general manager	1 non-executive position ( 3)
Maurizio Santacroce Director	1 executive position and 1 non-executive position	1 executive position and 1 non executive positions
Andrea Zappia Director	1 executive position and 2 non-executive positions	1 executive position and 2 non executive positions

(1 ) Considering the impact of positions held in organisations that are chiefly non-commercial, the total number of positions held complies with established limits.

(2 ) Considering the impact of positions in the same group, the total number of positions held complies with established limits.

(3 ) Considering the impact of positions held in organisations that are chiefly non-commercial and the position of general manager, which is not relevant for calculation purposes, the total number of positions held complies with established limits.

* * *

In addition to the above, in compliance with article 36 of Law Decree no. 201 of 6 December 2011, ratified with amendments by Law no. 214 of 22 December 2011 establishing provisions on "personal crossholdings in the credit and financial markets t" it is forbidden for "those who hold offices in the management, control and supervisory bodies and the top officers of firms or groups of firms engaged in credit, insurance and financial markets, to accept or exercise similar positions in competing firms or groups of firms" (interlocking ban). Persons who hold incompatible offices must notify the option exercised within 90 days of the appointment. Otherwise, on expiry of this deadline, they shall be removed from both offices.

Directors shall annually renew the certificate stating they do not hold positions in the management, supervisory or control bodies of competing companies or groups of companies, in

order to enable the Board to carry out its annual assessment. This assessment was carried out on the appointment of Directors, with a positive outcome for the year.

Directors are also required to inform the Bank regarding positions held in other companies and entities. In accordance with provisions of the Corporate Governance Code, the summary table in Paragraph 4.2.1 above shows the number of positions held as director/auditor by board members of FinecoBank in other companies listed on regulated markets (including foreign markets), in financial, banking, insurance or large sized companies, and notified by them.

The table below lists, instead, these positions, without listing positions held by officers in organisations/associations that are chiefly non-commercial.

Name	List of positions held by FinecoBank Directors in other companies listed on regulated markets (including foreign markets), in	Companies belonging to the FinecoBank Group
	financial, banking, insurance or large sized companies	YES	NO
Enrico Cotta Ramusino		-	-
Chairman
Francesco Saita		-	-
Deputy Chairman
Alessandro Foti		-	-
Managing Director and General Manager
Patrizia Albano	Non-executive director of Piaggio & C. S.p.A.	-	x
Director
Elena Biffi	Non-executive director of Arnoldo Mondadori	-	x
Director	Editore S.p.A.
Maria Chiara Malaguti		-	-
Director
Gianmarco Montanari		-	-
Director
Maurizio Santacroce		-	-
Director
Andrea Zappia	Chairman of the Board of Directors of Sky Italia	-	x
Director	S.r.l. Non-executive director of Luxottica Group S.p.A.10

4.2.2. Induction and ongoing training

During the Year, at the request of the Chairman of the Board of Directors (and according to the induction plan for the fiscal year which has been approved by the Board of Directors on the basis of the assessment carried out with the advisory of the external counsel, six induction and training meetings were held on the following: (i) the initiatives of strategic development on FinecoBank selling proposition; (ii) the analysis of the situation of the broker regarding capital requirements as well as the risk management (SREP); (iii) the product governance introduced by MiFID II; (iv) the cyber security with reference to ICT&Security issues; (v) the cyber security with reference to blockchain issues .

4.3 Role of the Board of Directors ( pursuant to article 123-bis, paragraph 2, letter d) of the TUF)

4.3.1 Duties

Pursuant to current regulations for companies with shares listed on regulated markets and in accordance with recommendations in the Corporate Governance Code, the Board of Directors plays a central role in the Company's governance system. As a body with strategic oversight, the Board of Directors approves the Bank's strategic guidelines and monitors their ongoing implementation.

Article 17 of the Articles of Association requires the Board of Directors to have the broadest powers for the management of the Company, except for powers reserved by applicable law, regulations and the Articles of Association to the Shareholders' Meeting.

In particular, in addition to duties and powers that cannot be delegated pursuant to law, the Articles of Association or Corporate Bodies Regulations, the Board of Directors shall have exclusive responsibility for the following:

general guidelines, as well as the adoption and changes to the Company's industrial, strategic and financial plans;
the appointment and dismissal of the Managing Director and/or the General Manager and Deputy General Manager(s), the Financial Reporting Officer and manager with strategic responsibilities;
assessments on the general performance of company management (11);
alignment of the Articles of Association with legal provisions;
corporate mergers and demergers in cases envisaged in articles 2505, 2505-bis and 2506 ter of the Civil Code;
capital reduction in the event of Shareholder withdrawal;
guidelines, as well as provisions in the Articles of Association, adopted by Directors to represent the Company;

⁽ ¹¹) Taking into account the information received from authorised bodies, and periodically comparing results achieved with those planned. In this regard, the assessment was conducted monthly during the Year.

the establishment of criteria concerning the coordination and management of the Companies Group and the implementation of Bank of Italy instructions;
the establishment of committees or commissions with advisory, decision-making or coordination functions;
the risk management policies, as well as the evaluation of the functioning, efficiency and effectiveness of the internal control system and adequacy of the organisational, administrative and accounting structure;
the purchase and sale of investments, companies and/or business units, as well as decisions concerning investments or disinvestments that modify the composition of the Banking Group, save for the provisions in article 2361, paragraph 2 of the Civil Code;
the purchase and sale of property;
the approval of and amendments to the main internal regulations;
the appointment and dismissal of the heads of the Internal Audit, Compliance, Risk Control and Anti-Money Laundering functions, after consulting with the Board of Statutory Auditors;
the establishment and organisation for establishing powers of signature, in Italy and abroad, of secondary offices, branches, agencies and representation offices, however named, as well as their closing.

In accordance with the Supervisory Regulations on Corporate Governance, the Corporate Governance Code, the provisions of the Articles of Association and the Corporate Bodies Regulations, the Board of Directors, among others:

(a) defines the nature and the level of risk consistent with the Bank's and Group's strategic objectives, including in its assessment all risks that could be relevant for the sustainability of Bank and Group operations in the medium to long term; approves the business model while being aware of the risks to which this model exposes the Bank and the Group; formalises policies for the management of risks to which the Bank and the Group may be exposed, as well as the risk objectives and tolerance thresholds, periodically reviewing them to ensure their effectiveness and supervising the actual functioning of risk management and control processes in compliance with current legal and regulatory provisions; (c) verify the proper implementation of the overall corporate governance structure, and of the
(b) defines and approves the Bank's organisational and corporate governance structure, checking the correct adoption and promptly taking corrective measures in the case of any shortcomings or inadequacies; defines also the Group's corporate structure and governance models/guidelines; in particular, the Board of Directors is required in this framework to guarantee a clear separation of duties and functions, the prevention of conflicts of interest, the company structure and governance models/guidelines (12);
organisational structure of the Bank as approved by the Board of Directors; promptly take corrective measures in respect of any shortcomings or inadequacies in these structures,

⁽ ¹²) For the assessment of the adequacy of the Company's organizational, administrative and accounting structure, which is prepared by the Managing Director (in particular for the internal control system and risk management) in relation to FAM as well, please refer to Par. 11.1.

and assess the adequacy of the Bank's overall administrative and accounting structure and the organisational, administrative and accounting structure of the Group companies, with particular reference to the system of internal controls and the management of conflicts of interest;

(d) approves the accounting and reporting systems; (e) approves policies and processes for the assessment of company operations, and, in particular, financial instruments, ensuring ongoing adequacy; establishes the Bank's and Group's maximum exposure limits for financial instruments or products that are uncertain or difficult to measure;
(f) approves the process for the development and validation of internal risk measurement systems not intended for regulatory purposes, periodically assessing their correct use; also approves the adoption of internal risk measurement systems for assessing capital requirements, periodically checking their validity and adopting – annually, and after consulting with the Board of Statutory Auditors – a formal resolution regarding compliance with the use of such systems; (g) with reference to banking, financial, investment and insurance products and services (i)
defines the process for the approval of new products and services, the start of new activities and entry on new markets; (ii) approves and update policies containing guidelines on Product Governance requirements ; (iii) monitors the process of governance of financial instruments, and to this purpose the compliance reports systematically include information about the financial instruments produced by the intermediary and the distribution strategy; (h) approves the company policy on outsourcing company functions; (j) approves internal systems for reporting violations; (k) as regards ICT, the Board of Directors approves: (i) the development strategies of the
(i) in order to mitigate the Bank's and Group's operational and reputational risks and encourage the dissemination of a culture based on internal controls, the Board of Directors approves a code of ethics, which must be complied with by all members of company bodies and employees of the Bank and the Group. The code defines the principles of conduct (e.g. rules of professional conduct and rules to follow in dealings with clients) on which company activities must be based;
information system and reference model for system architecture; (ii) the IT security policy; (iii) guidelines on the recruitment of personnel with technical functions and the procurement of systems, software and services, including the use of external suppliers and promotes the development, sharing and updating of ICT knowledge; (iv) the organisational and methodological framework for IT risk analysis; (v) the IT risk appetite, regarding internal services and services provided to customers, in compliance with risk objectives and the reference framework to determine risk appetite defined at a company level, and it is also informed at least annually on the IT risk situation with respect to the risk appetite; (vi) company documents required by law for management and supervision of the information system; the Board shall be informed at least once a year on the adequacy of services provided and the support given by these services to developments in company operations in relation to costs incurred and, promptly, in the event of serious problems for company operations due to information system incidents and malfunctions;
(l) as regards business continuity: (i) defines the objectives and business continuity strategies of the service, ensuring adequate human, technological and financial resources; (ii) approves the business continuity plan and subsequent amendments as a result of technological and organisational change, accepting residual risks not managed by the business continuity plan, and also promoting development, periodic monitoring and updating following significant innovations, or any deficiencies/gaps or risks that may occur; (iii) it is informed at least once a year of the outcome of the checks on the adequacy of the business continuity plan; (iv) appoints the business continuity plan manager; (v) approves the annual plan for testing business continuity measures and examines the test results documented in writing; (m) defines the criteria for identifying the most significant transactions(13) to be submitted for (o) determines the remuneration/incentive systems in favour of key personnel and the (q) after consultation with the Corporate Governance, Nominations and Sustainability
prior examination by the Risks and Related Parties Committee, and decides on transactions with related parties and associated persons pursuant to procedures adopted in this regard;
(n) takes decisions on the issuer's operations and those of its subsidiaries, if those operations have a significant strategic, economic, equity-related or financial impact on the issuer; to this purpose it establishes general criteria for identifying significant operations;
network of financial advisors, and check that these systems do not increase business risks and are consistent with long-term strategies;
(p) prepares and submits the compensation and incentives policy to the Shareholders' Meeting, on an annual basis, and is responsible for its proper implementation;
Committee, appoint the Directors of FinecoBank, with the approval of the Board of Statutory Auditors in the case of co-opting; where provided for in the Bylaws, identify candidates for the position of Director of FinecoBank, where lists are submitted by the Board to the Meeting of Shareholders;. (r) after obtaining the opinion of the Corporate Governance, Nominations and Sustainability
Committee, designate members of the corporate bodies (i.e. members of the boards of directors, boards of statutory auditors and supervisory boards) of the subsidiary companies.

The Board also ensures that:

(i) the Bank's structure is consistent with activities carried out and with the business model

⁽ 13)

adopted, avoiding the creation of complex structures which are not justified by operating aims;

(ii) the implementation of the relevant framework for determining the Risk Appetite Framework ("RAF") is consistent with approved risk objectives and tolerance thresholds (where identified); in this regard, the Board of Directors periodically assesses the suitability and effectiveness of the RAF and the compatibility between actual risk and risk objectives; (iii) the strategic plan, RAF, Internal Capital Adequacy Assessment (ICAAP) process, the (iv) the quantity and allocation of the Group capital and liquidity held is consistent with the (v) where the Bank operates in jurisdictions lacking transparency or through especially
budget and internal control system are consistent, also in view of changing internal and external conditions in which the Bank and the Group operate;
risk appetite, risk governance policies and Group risk management process;
complex structures, the Board assesses the related operational risks, especially of a legal, reputational and financial nature, identifying oversight measures to mitigate these risks and ensure they are effectively monitored.

Furthermore, the Board approves, at least once a year, the plan of activities (including the audit plan) and reviews the annual reports prepared by the company control functions (Compliance, Internal Audit and Risk Management). In this context, the Board also approves the long-term audit plan.

The Board of Directors shall also oversee the issuance of the instructions to be given to the subsidiaries during the year, in the exercise of its powers of direction and coordination as provided for in the relevant provisions of laws and regulations.

Lastly, the Board is exclusively responsible for reporting to shareholders at Shareholders' Meetings.

4.3.2 Meetings and functioning

The Board of Directors held fifteen meetings during the Year, with an average duration of two hours and thirty-eight minutes. For details of the percentage of attendance by each Director, see the table in Section 4.2 above.

Six meetings have been scheduled for 2020 until the date of the Shareholders' Meeting called to the election of the new corporate bodies (scheduled for 28 April 2020), of which three had already been held at the date of approval of the Report.

The Chairman is responsible for planning the Board's schedule with regard to the agenda, as proposed by the Managing Director and General Manager. The Chairman shall also ensure that enough time is dedicated to items on the agenda in order to have a constructive debate, encouraging Directors to actively contribute to meetings.

Article 16 of the Articles of Association requires the Company's Board of Directors to be convened, also using telecommunication facilities, at the registered office of the Company or elsewhere, provided the venue is in Italy by the Chairman (or his/her representative), usually at least once every three months, and however any time deemed necessary by the Chairman, or if requested in writing by the Managing Director and General Manager or by at least two Directors of the Board of Directors. A Board meeting may also be convened on the proposal of a

Statutory Auditor.

The Board of Directors shall be validly composed even without a call notice, if all Directors and Standing Auditors are present.

Article 16 of the Articles of Association envisages the possibility for participants of Board meetings to attend remotely, through audio-visual communication systems (video conference or conference call) where the conditions are in place to identify the attendees, allow their real-time participation in discussing the topics examined and to receive, transmit and examine any documents not previously seen.

Pursuant to the Corporate Bodies Regulations, notice of meetings must be given to all Directors and Statutory Auditors within a reasonable period of time, except in urgent cases. The notice should include, except in cases where this is not possible due to confidentiality issues, the items on the agenda so that the attendees can come prepared to the meeting. The Corporate Bodies Regulations also require documentation in support of proposals and any necessary information to be given to Directors at least three business days prior to the meeting (with the exception of the financial documents, that must be given at least one business day before the meeting), so that the Directors can give an informed opinion on the issues being decided. In this regard and with reference to the Year, the above term was complied with.

The Chairman is responsible for planning the Board's schedule with regard to the agenda, as proposed by the Managing Director and General Manager. The Chairman shall also ensure that adequate information – both in terms of quality and quantity – on items on the agenda is provided to all Board members, so as to allow the Board to make informed decisions on the business to be discussed and approved; the Chairman shall also ensure that enough time is dedicated to items on the agenda in order to have a constructive debate, encouraging Directors to actively contribute to meetings.

The Chairman of the Board of Directors, also at the request of one or more Directors, may request the Managing Director and General Manager that senior managers of the issuer and of Group companies, as well as Heads of relevant company departments, attend board meetings, in order to provide appropriate additional information on items on the agenda. In this regard and with reference to the year, senior managers attended Board meetings.

Pursuant to article 15 of the Articles of Association, the General Manager, if appointed, may take part, without voting rights, in Board meetings. If a Managing Director has not been appointed, the General Manager shall take part in Board meetings with the power to make proposals.

Pursuant to article 16 of the Articles of Association, the Chairman may request Deputy General Managers and other managerial staff to take part in Board meetings.

Apart from Board meetings, the Directors attend "off-site" meetings, in order to further examine and discuss strategic issues.

The Independent Directors meet at least once a year in a closed session.

In these meetings, an Independent Director appointed at the first meeting of Independent Directors acts as Chair.

4.3.3 Self-assessment

The annual self-assessment process on the Board and its Committees, as well as on their size

and composition, has been carried out in compliance with the Corporate Bodies Regulations adopted pursuant to the Supervisory Regulations on Corporate Governance and according to the provisions of the Corporate Governance Code, also for the purposes of the board renewal envisaged in 2020 and the drafting of the document on the qualitative and quantitative composition of the Board of Directors.

For the performance of the self-assessment process, FinecoBank, as in the previous year, made use of the Spencer Stuart as independent external consultant, chosen by the Chairman of the Board, upon proposal of the Corporate Governance, Nomination and Sustainability Committee, entrusted with providing consultancy during each stage of the process. Said company, chosen in view of its competence and expertise as far as concerns corporate governance, is acknowledged as possessing the neutrality, impartiality and independence of judgment required by the Corporate Bodies Regulations.

The process broke down into the following stages:

examination: carried out in accordance with the provisions of the Corporate Bodies Regulations, through anonymous questionnaires and individual interviews, also through the peer review method;
consultant assessment of the outcome of the self-assessment process and drawing up of the summary document which illustrates, inter alia, the methodologies made use of, the individuals involved and the results achieved, highlighting strengths and weaknesses, as well as any necessary corrective actions proposals;
assessment of the summary document by the Corporate Governance, Nominations and Sustainability Committee and proposals of actions deemed appropriate to be submitted to the Board of Directors;
assessment and approval by the Board of Directors of the summary document and the proposals.

The questionnaires and interviews, consistently with the layout followed in past years' Board reviews, have been focused on different topics concerning the size, the composition and functioning of the Board of Directors and its Committees.

At the end of the self-assessment process, a largely positive picture emerged: briefly, the Directors expressed their complete satisfaction and appreciation regarding the size, composition and functioning of the FinecoBank's Board of Directors and the relevant Committees and, according to the independent consultant's assessment, the Board is performing its activities substantially in compliance with the Corporate Governance Code and the Italian and international best practices.

4.3.4 Competing activities

The Company has not authorised any exceptions to the non-competition clause pursuant to article 2390 of the Civil Code.

4.4 Executive bodies and officers

In accordance with FinecoBank's Corporate Bodies Regulations, powers are delegated so that the Board is not stripped of its fundamental rights and prerogatives.

The Board establishes the content of the delegated powers in a detailed, clear and precise manner, also indicating the limits in terms of quantity and amount, as well as the means of exercising the delegated powers; this also allows the Board to specifically check that delegated powers have been correctly complied with, as well the possibility to exercise its overriding executive and evocation right.

Executive bodies and officers report to the Board of Directors and Board of Statutory Auditors at least every three months, on operations carried out as part of their powers.

4.4.1 Managing Director and General Manager

Pursuant to article 15 of the Articles of Association, the Board of Directors may appoint a Managing Director, determining the term of office and the respective duties and powers, a General Manager and one or more Deputy General Managers, who make up Head Office, together with other employees assigned to this function.

The Managing Director or – where not appointed – the General Manager shall oversee the Head Office.

The Managing Director shall take up the powers and duties of the General Manager if the latter has not been appointed.

If a Managing Director and General Manager are appointed, both positions must be held by the same person.

The Managing Director, or where not appointed, the General Manager shall be responsible for implementing the resolutions passed by the Board of Directors, with the assistance of the Head Office.

If a Managing Director has not been appointed, the General Manager shall take part in the meetings of the Board of Directors with the power to make proposals and without voting rights.

The Managing Director and other Directors with particular responsibilities, as well as the General Manager, where no Managing Director has been appointed, report to the Board of Directors on their activities, according to the procedures and time limits established by the Board, in accordance with law.

The Managing Director, or where not appointed, the General Manager as requested by the Managing Director, is responsible for implementing the resolutions passed by the Board of Directors, with the assistance of General Management.

On April 11, 2017, the Board of Directors confirmed the appointment of Alessandro Foti as Managing Director and General Manager, assigning him powers in all sectors of Bank operations. More information on powers granted is given in the document "Delegated powers" available for public consultation at the Milan-Monza-Brianza-Lodi Companies' Register.

The Managing Director and General Manager is responsible for managing the company and does not fall within the interlocking directorate scenario envisaged by the Corporate Governance Code (Application Criterion 2.C.6.).

4.4.2 Chairman of the Board of Directors

Pursuant to article 14 of the Articles of Association, the Board of Directors shall elect a

Chairman from its members and – where appropriate – one or two Deputy Chairmen, one of whom will act as a stand-in.

By resolution of 11 April 2017, the Board of Directors appointed Enrico Cotta Ramusino as Chairman of the Board of Directors.

In accordance with article 10 of the Articles of Association, the Chairman of the Board of Directors chairs the Shareholders' Meeting, as well as directing and moderating discussions, establishing the voting procedures and confirming the results, in compliance with provisions of applicable regulations and procedures for Shareholders' meetings.

The Chairman of the Board of Directors has not been granted any management powers and therefore does not have any executive role. He/she does not have a specific role in the development of business strategies, is not the entity mainly responsible for company management, nor has directly or indirectly, significant investments in the Company's capital share.

For additional information, see Part A, § 2.1. of the Corporate Bodies Regulations available on the Company's website www.finecobank.com ("Governance/Company positions" section).

4.4.3 Reporting to the Board of Directors

Corporate Bodies Regulations require information flows between and within company bodies as an essential condition for achieving objectives of efficient management and effective control of the company.

To ensure continual and comprehensive information flows between and within company bodies, the Board is called on to approve and oversee the maintenance and update of a structured information flow system over time, that regulates the circulation of information and ensures the correct flow in a timely and comprehensive manner, whilst respecting the responsibilities of various bodies with supervisory and control functions. The Board of Directors analytically identified these flows, their content and timing in, among others, the "Document on company bodies and functions with supervisory tasks", which it approved. As regards transactions with related parties and connected persons as well as other relevant persons in potential conflict of interest, see the "Global Policy for the management of transactions with persons in potential conflict of interest of FinecoBank Group" ("Global Policy") and information flows therein (14).

The Corporate Bodies Regulations identify persons required to submit information flows to company bodies and describe the minimum content and timing of main participation flows. To implement necessary organisational controls for the proper management of information flows and provide the necessary information on other aspects (forms, tasks and duties and other content), not covered in the Corporate Bodies Regulations, specific organisational procedures are adopted that specifically describe the activities and controls related to the "Management of the Board of Directors", the "Management of inside information", in addition to the abovementioned Global Policy.

In accordance with Article 21 of the Articles of Association, decisions made by those with delegated powers must be disclosed to the Board according to the procedures and frequency (at

⁽ ¹⁴) The Global Policy is available at the FinecoBank's website www.finecobank.com – "Governance/Related Parties and Associated Persons" section.

least quarterly) established by the Board. In particular, executive bodies and officers shall report to the Board of Directors and the Board of Statutory Auditors, at least on a quarterly basis, on the general performance of the company, the business outlook, and transactions that have a significant effect on the results of operations and financial position – with particular regard to transactions that could potentially give rise to conflict of interest – carried out by the Company and its subsidiaries.

In this regard, delegated bodies reported to the Board of Directors and the Board of Statutory Auditors, on at least a quarterly basis, on activities performed as part of their delegated powers.

4.5 Other executive directors

At the date of approval of the Report, no other Directors have been granted management powers besides the Managing Director and General Manager.

4.6 Independent directors

At the date of approval of the Report, the Board of Directors had seven independent Directors pursuant to article 3 of the Corporate Governance Code, as identified below.

Save for Paragraph 4.2 above regarding the procedures and timing for checking the independence of directors, the Board of Directors pursuant to article 144-novies, paragraph 1 bis, of the Issuer Regulations and Application Criterion 3.C.4. of the Corporate Governance Code, assessed, at the first available opportunity after the appointment (i.e. in the meeting of 9 May 2017 and, in relation to Mr. Andrea Zappia, of 15 January 2020(15)), that non-executive Directors met independence requirements and disclosed the results of its assessments in press release.

Subject to the opinion of the Corporate Governance, Nominations and Sustainability Committee of 25 January 2019, the Board of Directors, in its meeting of 5 February 2019, verified the existence of the independence requirements for Directors, pursuant to article 148 of the TUF and article 3 of the Corporate Governance Code. In performing the above assessments, the Board of Directors applied (among others), all the criteria established by the Corporate Governance Code. This assessment was carried out by the Board of Directors at the meeting held on 15 January 2020, after receiving the opinion of the Corporate Governance, Appointments and Sustainability Committee held on the same date, also with regard to Mr. Andrea Zappia, in the context of his co-optation by the Board of Directors pursuant to Article 2386 of the Italian Civil Code. The results of the aforementioned assessment were confirmed by the Board of Directors on 25 February 2020, following the Shareholders' Meeting that appointed Mr. Andrea Zappia as a Director of the Bank.

In this regard, and with particular reference to the independence requirements referred to in the Corporate Governance Code and the Articles of Association, information on the direct or indirect relationships (loans, significant positions held, work as a paid employee and

business/professional relations) of Board Directors with FinecoBank and the former parent company UniCredit (if applicable) were considered.

During the Year, in order to allow the Board of Directors to carry-out the abovementioned assessment, each Director was asked to make a personal updated assessment of their independence status, taking into account the criteria in articles 147-ter, paragraphs 3 and 4, and 148 paragraphs 3 and 4 of the TUF and article 3 of the Corporate Governance Code, providing specific certification. (a) for loans, the amount in absolute terms of the loan granted, its impact in relation to system (b) for professional/business relations, the characteristics of the transaction/relationship, the

To verify the significance of the above relations, the Board of Directors decided to not only identify the financial parameters which if exceeded, "automatically" affect independence, but also subjective and objective aspects, in overall terms. For this purpose, the following criteria were identified: (i) the nature and characteristics of the relationship; (ii) the amounts of transactions in absolute and relative terms; (iii) the subjective profile of the relationship.

In particular, in evaluating the significance of the relationship, the Board considered the following information, where available:

data and, where necessary, the financial status of the borrower;
amounts involved and, where necessary, the financial status of the counter party.

In both cases, subjects involved (director or family member; FinecoBank or the former parent company (if applicable)) were considered, and for relations with companies/entities, the type of "connection" with the director or family member (position held/controlling interest) was taken into account.

In view of the above, and as part of the verification process, the Board ascertained the independence requirements declared by Board Directors. In particular, with reference to Directors for whom information obtained indicated the existence of the above relations, the Board considered that the relations were not of an extent that could affect the independence requirements declared.

The results of the verification are as follows:

Independent directors pursuant to article 148 of the TUF and article 3 of the Corporate Governance Code: Francesco Saita, Patrizia Albano, Elena Biffi, Maria Chiara Malaguti, Gianmarco Montanari, Maurizio Santacroce and Andrea Zappia (co-opted pursuant to art. 2386 of Civil Code by tha Board of Directors on 15 January 2020 and appointed by the Shareholders' Meeting of 18 February, in order to replace Mrs. Manuela D'Onofrio who resigned from her office on 10 May 2019);
Independent directors pursuant to article 148 of the TUF: Enrico Cotta Ramusino;
Non-independent directors pursuant to article 148 of the TUF and article 3 of the Corporate Governance Code: Alessandro Foti, Manuela D'Onofrio (in charge until 10 May 2019).

The Board of Statutory Auditors ascertained the correct application of the assessment criteria and procedures adopted by the Board of Directors for evaluating the independence of its members. In this regard, the results of checks carried out have been made known in the annual report to the Shareholders' Meeting, which will be published together with the Financial Statements as at 31 December 2018 and the Financial Statements as at 31 December 2019 in accordance with procedures and times established by law.

The Independent Directors met, taking into account the Application Criterion 3.C.6 of the Corporate Governance Code, on 1o January and 1 February 2019. In particular, the Independent Directors met without the other Directors, to mainly discuss corporate governance issues.

4.7 Lead Independent Director

As the Code does not establish provisions for the appointment of this position, the Board of Directors has not appointed any independent Director as lead independent director (16).

⁽ ¹⁶) Pursuant to Application Criterion 2.C.4. of the Corporate Governance Code, the Board of Director appoints an independent director as the lead independent director in the following cases: (i) if the chairman of the board of directors is the chief executive officer of the company; (ii) if the office of chairman is held by the person that controls the issuer; (iii) if the issuer is part of the FTSE-Mib index when requested by the majority of independent directors.

PROCESSING OF COMPANY INFORMATION In compliance with Stock Exchange Regulations and relative Instructions, as well as relevant provisions of the TUF and Issuer Regulations, which require Directors and Statutory Auditors to keep documents and information acquired in performing their duties confidential, the Corporate Bodies Regulations require the Board of Directors to define procedures for the internal management and disclosure of documents and information on the Company, also with reference to inside information.

The Bank adopted a procedure for the processing of relevant inside information pursuant to the EU Regulation n. 596 of April 16, 2014 on market abuses (the "market Abuse Regulation" or "MAR") and the relevant implementing law and guidelines (e.g. Consob Guidelines on the Management of inside information of October 2017) (the "Procedure for processing Relevant Inside Information").

The aim of the Procedure for processing Relevant Inside Information is to prevent the processing of such information (as defined below) in a manner, which is not prompt, is incomplete or inadequate and in any case may result in inconsistent disclosure.

In particular, the management and disclosure of Relevant Inside Information, as regulated by this Procedure, makes it possible to protect the market and investors, giving them adequate knowledge of matters concerning the Issuer, on the basis of which they may make investment decisions.

The Procedure for processing Relevant Inside Information also aims to prevent some persons or categories of persons from acquiring information, which is not in the public domain in order to carry out speculative transactions on markets to the detriment of investors, that are not aware of this information.

The Procedure explains the process to assess and disclose relevant inside information, as well as requirements for managing the List of Persons who have access to this information (the "FinecoBank List").

The Procedure regulates the management of company information (meaning all information and data concerning FinecoBank and/or other Group companies, which is not in the public domain, acquired by persons required to comply with the Procedure, in performing their duties), with particular reference to (i) relevant information, which are specific information, not public and concerning data, events, projects or circumstances that in any manner refer to FinecoBank and that could, also in a further stage, become inside information and (ii) inside information. (a) responsibility for assessing whether information is classified as inside information, also

It establishes, firstly, the obligation for all persons that perform activities within the Group to keep company information acquired in performing their duties confidential and to use this information exclusively for carrying out their duties.

At present, the Procedure for processing Relevant Inside Information assigns:

for the purpose of disclosure to the public to the Chief Financial Officer of FinecoBank (hereinafter, the "FinecoBank CFO") assisted by the heads of the Legal and Corporate Affairs Detp. and Compliance, for areas in their remit.

In particular, the Procedure for processing Relevant Inside Information establishes that anyone who has ant relevant and/or inside information shall promptly report the circumstance to the FinecoBank CFO to allow for an assessment of the inside nature of

information, including its prompt disclosure to the market, as applicable;

the information disclosed and to take the necessary measures to correctly manage the disclosed to the public shall be adopted.

(b) appropriate, effective measures to ensure the confidentiality of information until it is To this end, FinecoBank has established a "List of persons who have access to inside information" which is price sensitive, as regards the Company's shares, in compliance with applicable regulations. It has also established a process to add data to, update and maintain the List, identifying the Compliance Officer of the Company as the entity responsible for managing the FinecoBank List;

(c) the FinecoBank CFO (assisted by the heads of the Legal and Corporate Affairs Detp. and Compliance) shall be responsible for assessing disclosure to the public of information about the Company and the opportunity to delay disclosure to the public of Inside Information, in cases specifically indicated by the Procedure for processing Inside Information; (d) the FinecoBank CFO and Head of Identity&Communications shall be responsible for (e) the press release shall be disclosed, subject to approval from the Managing Director of the
preparing press releases in which Inside Information is disclosed, assisted by Company units involved;
Issuer, via the "eMarket-SDIR" system, to Borsa Italiana and Consob.

Press releases are published on the Company's website before the opening of the market on the day after disclosure and are available on the site for at least five years from publication.

*******

In compliance with provisions set forth in article 114, paragraph 7 of the TUF and article 152 quinquies.1 and subsequent of the Issuer Regulations, and in order to reflect changes in laws resulting from the entry into force of Regulation (EU) No 596/2014 of the European Parliament and of the Council of April 16 2014, as amended by article 56 of Regulation (EU) No 2016/1011 – on market abuse and repealing Directive 2003/6/EC of the European Parliament and of the Council and Directives 2003/124/EC, 2003/125/EC and 2004/72/EC - and relative Commission Delegated Regulations (No 2016/522 and 2016/523), the Board of Directors approved the current version of the Code of conduct on internal dealing on 10 January 2018; the Code regulates the management, processing and disclosure of information relative to transactions on FinecoBank's listed shares and debt instruments (and on the derivatives and financial instruments connected to them) undertaken by insiders and by persons strictly related to them (the "Internal Dealing Code"). This procedure regulates disclosure obligations to be complied with and conduct to be observed by the above persons and by FinecoBank in order to ensure maximum transparency in disclosure to the market. confidential information and used said information unlawfully (a conduct which instead

The main aim of the Internal Dealing Code is to improve transparency and uniformity in disclosure relative to financial transactions undertaken by the above persons, to give investors an idea of how these persons perceive the prospects of the company and/or the group it belongs to. Thus the Code does not directly address whether significant persons have acquired constitutes the offence of insider trading), assuming that the undertaking of certain financial transactions by particular persons considered "significant" (i.e. by persons that, due to their position, are able to acquire information on matters of the company and the group it belongs to),

is, per se, price sensitive.

The Internal Dealing Code identifies "Significant Persons" and "Closely-Related Persons" to the Significant Persons in compliance with the Issuer Regulations and establishes that "Material Transactions" (and thus which are subject to the disclosure obligations of the Internal Dealing Code) are transactions concerning the purchase, sale, underwriting or exchange of shares and debt instruments issued by FinecoBank (admitted to trading – or for which an application has been made for admission to trading – on a regulated market or an MTF), or derivatives or other financial instruments linked to those instruments carried out by the above persons, directly or through intermediaries, trusts or subsidiaries. The Internal Dealing Code also identifies some types of transactions, which are exempt from disclosure obligations. The Internal Dealing Code also contains regulations on the management, processing and (a) disclosure obligations of Significant Persons to the Company; (b) disclosure obligations of Significant Persons and the Company to Consob; (c) cases in which Significant Persons are prohibited from or limited in undertaking

disclosure of information relative to these transactions. To this end it regulates:

transactions on financial instruments.

In compliance with the Internal Dealing Code, the Bank's Compliance Officer is the Officer Responsible for providing information to the public and to Consob with regard to notices received from Significant Persons.

6. BOARD COMMITTEES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER D) OF THE TUF)

At the date of approval of the Report (in compliance with the Supervisory Regulations and the Corporate Governance Code) three Board committees were established, with examining, advisory, decision-making and coordination functions, and specifically: (i) a Risks and Related Parties Committee; (ii) a Remuneration Committee; (iii) a Corporate Governance, Nominations and Sustainability Committee.

None of the functions assigned to board committees by the Corporate Governance Code was assigned to the Board of Directors. Apart from the Corporate Governance, Nominations and Sustainability Committee, as of Section 9, none of the other committees carry out multiple functions of two or more committees as provided for by the Corporate Governance Code (17) and functions are not assigned to various committees in a way that differs from provisions in the Code. Committee members are selected for their expertise and availability to carry out relative duties.

Save for a shorter term of office established on appointment, Committee members remain in office for the same time as the Board on which they are members. They may step down from their position on Committees, without stepping down from the Board of Directors.

If, for any reason whatsoever, a member no longer holds the position, the Board of Directors will replace the member. The expiry of the new member's term of office coincides with that of the outgoing member. If the Chairman of the Committee ceases to hold office, the Board of Directors will appoint a new Chairman with the decision to appoint the replacement member.

Committees meet regularly as scheduled and whenever deemed necessary due to particular requirements; they shall be considered duly established with the presence of the majority of its members in office and with the absolute majority vote of those present for resolutions. Committees resolve with the presence of the majority of its members in office.

Meetings are convened with a four working days notice. The notice of call can be sent also by fax or e-mail and must include the indication of the place, time and venue of the meeting, as well as the agenda. It is sent by the Chair of each Committee, also through the Secretary. In urgent circumstances, as determined by the Chair of the Committee, meetings may be convened with one day's notice. In case no notice of call is sent, Committees are duly established in case all members participate.

Committees' meetings may be held using telecommunication means, if each attendee can be identified by all the other attendees, and that each attendee is able to intervene in real time during discussions, and is able to receive, transmit and view the documents. The Secretary, who is not necessarily a Committee member, or if absent or incapacitated, a person appointed by the committee Chair to replace the secretary, shall take minutes of the meeting, which will include among others, the reasons for any disagreement expressed by Committee members. The Secretary shall retain the minutes of the meeting for consultation by Committee members who did not attend the meeting, as well as Directors and Statutory Auditors.

The Chair of each Committee shall report on the meeting during the first subsequent Board meeting.

⁽ ¹⁷) In compliance with Consob indications and guidelines as of Communication no. DEM/10078683 of 24 September 2010, to adopt the Regulations on Related-party Transactions, the Company assigned its audit committee pursuant to the Corporate Governance Code to carry out the functions of the related-parties committee.

Committees also have financial resources adequate for their duties, within the limits of the budget set by the Board, which are sufficient to guarantee operating independence; in cases of particular need, these limits may be extended. The Committees may be assisted by external experts.

The Shareholders' meeting determines the annual fees for Committee members and a fee for attending committee meetings. To carry out their duties, Committees have adequate tools and information flows, guaranteed by adequate functions, which enable them to make evaluations and have access to relevant company information.

On the invitation of the Chair of each Committee, the meetings – taking into account each item on the agenda – may be attended by the Managing Director and General Manager, the other Directors, the Vice General Manager, the Financial Reporting Officer and members of Company and Group personnel. Without affecting the right of the Statutory Auditors to attend the meetings, and the rules applicable to the Risks and Related Parties Committee, the Chair of each committee may invite the chair of the Board of Statutory Auditors or another auditor delegated by him/her. 7. RISKS AND RELATED PARTIES COMMITTEE

The committees established within the Board of Directors are described in paragraphs 7, 8 and 9.

The Risks and Related Parties Committee was established on 17 June 2008 as the "Audit Committee". Over the years, the original name of the Committee, its structure and relative duties, changed, in line with developments in the legal and regulatory framework, and with industry best practices. With a resolution of April 11, 2017, the Board of Directors established an internal controls and risks committee, to oversee related-party transactions, pursuant to the Related-Parties Regulations, called the "Risks and Related Parties Committee"; this committee has functions and powers referred to in applicable Supervisory Regulations on Corporate Governance and the Corporate Governance Code.

The functions that the Corporate Governance Code assigns to the Control and Risks Committee have been assigned to the Risks and Related Parties Committee.

In compliance with provisions in Application Criterion 4.C.1 of the Corporate Governance Code, the composition, functioning, organisation and activities of the Risks and Related Parties Committee are governed in the Corporate Bodies Regulations.

7.1. Composition

The Board of Directors appointed members of the Risks and Related Parties Committee on April 11, 2017; all the members are non-executive and independent.

Furthermore, in accordance with Principle 7.P.4 of the Corporate Governance Code, under which at least one member of the committee is required to have an adequate experience in accounting and finance or risk management, the Board of Directors established that all members of the Committee, on their appointment, met the above requirements, and more in general, have the knowledge, expertise and experience to fully understand and monitor the Bank's risk strategies and guidelines.

At the date of approval of the Report, the composition of the Risks and Related Parties

Committee was as follows:

Committee was as follows:
Name	Executive	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Francesco Saita		X	X	X	100% (18/18)	C
Gianmarco Montanari		X	X	X	100% (18/18)	M
Maurizio Santacroce		X	X	X	100% (18/18)	M
	------------- Members no longer in office during the Year -------------
		N.A.
No. of Committee meetings: 18
(*) This column shows the percentage attendance at Committee meetings (no. of attendances / no. of meetings held during actual period office of the person concerned during the Year).
(**) This column shows the position of the director on the Committee ("C": Chairman; "M": member).

All the members of the Risks and Related Parties Committee will end their term of office at the time of the next Shareholders' Meeting called to approve the Financial Statements as at 31 December 2019.

7.2. Functioning

The Committee shall meet, also by telecommunication means, as often as necessary to perform its functions, and at the request of any of its members or the Chairman of the Board of Statutory Auditors.

In the event the Chairman is absent or incapacitated, the most senior member of the Committee shall act as Chair.

The Financial Reporting Officer, Internal Audit Officer, Chairman of the Board of Statutory Auditors and a Statutory Auditor nominated by the former may attend Committee meetings; Directors and senior managers of the Company may also be requested to take part in meetings for specific issues, as well as external auditors.

The Chairman of the Board of Directors and the Managing Director and General Manager of the Company may take part in meetings.

The Corporate Bodies Regulations also establish the rules for temporary replacement of a Committee member with reference, in particular, to cases where the Committee is called on to give an opinion on transactions with related parties and/or associates.

In this regard, the Regulations, after making it clear that, for each transaction considered, members of the Risks and Related Parties Committee must be different from the counterparty and parties related thereto, establishes that, in the event a member of the Committee is a counterparty of the transaction (or a person associated to the counterparty), they must promptly inform the Chairman of the Board of Directors and the Chairman of the Committee, and refrain from taking part in any further work of the Committee concerning the relevant transaction.

In this event, the Chairman of the Board of Directors, after consulting with the Chairman of the Risks and Related Parties Committee, immediately replaces the member who is in conflict of interest by appointing, after having contacted him/her, another independent and unconnected member of the Board of Directors.

In case of transactions with related parties and/or associated persons whose completion is urgent and for which the Committee is involved in the negotiation and diligence phases and/or when issuing an opinion, the Chairman of the Risks and Related Parties Committee, after having acknowledged the urgency of the transaction and established the unavailability of the majority or of all members to meet or to carry out the required activities in time for the transaction to be concluded, shall promptly notify the Chairman of the Board of Directors.

In any case, this notice shall be given no later than the day following the day when the Chairman of the Committee received notice of the unavailability of the majority or of all members.

The Chairman of the Board of Directors, after consulting with the Managing Director and General Manager to assess the actual urgency of the transaction, shall immediately re-establish the Risks and Related Parties Committee by appointing the required number of Independent Directors, following the same procedure adopted for the temporary replacement of a member in case of a conflict of interest (appointment of the replacement(s) from independent members of the Board of Directors). assess its effectiveness and efficiency, so that main risks are properly identified, as well as

The above shall also apply if the unavailability of the majority is due to the resignation of a member of the Committee.

7.3 Duties and Responsibilities

The role of the Committee is to provide information, advice, make proposals and enquiries, with a risk-oriented approach, when defining guidelines for the entire internal control system, and to appropriately measured, managed and monitored, without prejudice to the Board of Director's power to make all relevant decisions.

The Committee helps to promote a corporate culture that values the control function, steering it towards a risk-oriented approach.

The Committee's mission also includes evaluating the correct use of accounting standards in preparing financial statements and their consistency for the purposes of drawing up the consolidated financial statement, as well as overseeing the effectiveness of audits and the activities of external auditors.

The Committee is also responsible for related-party transactions in accordance with the Related-Party Regulations, pursuant to applicable Supervisory Regulations on Corporate Governance.

The Risks and Related Parties Committee, among other things:

(a) identifies and proposes to the Board of Directors, the Compliance, Internal Audit and Risk Management Officers to be appointed and revoked, assisted by the Corporate Governance, Nominations and Sustainability Committee;
which is also carried out using the annual process definition of the RAF;
(b) provides opinions on specific aspects relating to the identification of key corporate risks, (c) helps identify internal control system guidelines, based on a risk-oriented approach, so that the main risks concerning the Company and the Group are correctly identified and adequately measured, managed and monitored, making assessments and recommendations to the Board of Directors on compliance with the principles the internal controls and business organisation system must be aligned with, and the requirements to be met by the Compliance, Internal Audit and Risk Management functions, bringing any weaknesses and consequent corrective actions to adopt to the attention of the Board; (d) reports to the Board of Directors, at least every six months, when the annual financial (e) previously reviews activity schedules (including the Internal Audit plan) and the annual (f) monitors the independence, adequacy, effectiveness and efficiency of Internal Audit; (g) examines the periodic reports and audit reports produced by the internal audit function, (h) carries out adequate preliminary activities to support the assessments and decisions of the
statements and the half-yearly financial statements are approved, on activities carried out and the adequacy of the Company's Internal Control and Risk Management System;
reports of the Compliance, Internal Audit and Risk Management functions submitted to the Board;
and evaluating any findings, following actions taken to remedy deficiencies/anomalies identified, as well as the adoption of corrective measures proposed and the adoption of suggested recommendations; (j) verifies that the Compliance, Internal Audit and Risk Management functions conform (k) evaluates the proper use of accounting standards, in conjunction with the company (l) examines the process of preparing interim reports required by law, as well as the annual (m) evaluates applications of external auditors, including the amount of their fees; (n) oversees the audit process of the Group, reviewing the audit work plans and findings
Board of Directors as regards the management of risks arising from detrimental events which come to the knowledge of the Board of Directors; (o) meets with the external auditors at least once a year;
(i) contributes, through assessments and opinions, to the definition of the company's policy on outsourcing control functions (if any);
exactly to the indications and guidelines of the Board and assists the latter in preparing the coordination documents required by Supervisory Regulations; (p) examines reports received from the Board of Statutory Auditors, from the Supervisory
financial reporting officer and external auditors;
financial statements, based on reports of relevant department heads;
contained in audit report and any letter of recommendations;
Board pursuant to Legislative Decree no. 231 of 8 June 2001, and the Regulatory Authorities, assessing the findings and ensuring that any abnormal situations and possible

deficiencies are remedied;

(q) may request the Internal Audit function to make assessments on specific operating areas, informing the Chairman of the Board of Statutory Auditors, the Chairman of the Board of Directors and the Supervisory Director, at the same time;
(r) expresses its opinion on the corporate governance report to the Board of Directors, for in order to describe the main features of the Internal Control and Risk Management system, and evaluate its adequacy;
(s) formulates preliminary opinions (binding, where appropriate) on procedures for the identification and management of transactions with related parties and/or associated persons carried out by the Company as well as on relevant changes;
(t) formulates preliminary, reasoned opinions, when explicitly required, also in the interest of carrying out transactions with related parties and/or associated persons to be completed by the Bank or by its Subsidiaries (18) and on the appropriateness and substantial fairness of the relative terms and conditions;
(u) in case of material transactions with related parties and/or associated persons carried out by the Bank or its Subsidiaries (19), the Committee is involved – if considered necessary, through one or more of its members – in the negotiation and preliminary phases, receiving complete and prompt information flows, and may request information from and make observations to appointed bodies and persons in charge of conducting the negotiation or preliminary phase.

With particular reference to risk management and control duties, the Committee assists the Board:

in defining and approving strategic guidelines and risk management policies; as regards the Risk Appetite Framework (RAF), the Committee makes evaluations and suggestions so that the Board, as required by Supervisory Regulations, may define and approve risk objectives (Risk Appetite) and the tolerance threshold (Risk Tolerance);
in checking the correct adoption of risk governance strategies and policies, and the Risk Appetite Framework (RAF);
in defining policies and processes for evaluating company activities, including verification that the price and conditions of transactions with customers are consistent with the business model and risk strategies;
with reference to banking, financial, investment and insurance products, in relation to: (i) defining the process for approval of new products and services, the commencement of new business and the entry into new markets; (ii) the approval and updating of policies containing guidelines on Product Governance requirements; (iii) monitoring the process of governance of financial instruments, using the reports from the Compliance department, which systematically include information about the financial instruments produced by the intermediary and the distribution strategy.

Without prejudice to the duties of the Remuneration Committee, the Risks and Related Parties Committee is involved in the process to identify the Bank's key personnel (see EBA guidelines

According to the Global Policy.

of 27 June 2016 on "sound remuneration policies pursuant to article 74, paragraph 3, and article 75, paragraph 2, of Directive 2013/36/EU and on disclosure pursuant to article 450 of (EU) Regulation No 575/2013", § 101) and ensures that remuneration and incentive system incentives are consistent with the RAF, considering in particular risks, capital and liquidity.

The Risks and Related Parties Committee and Board of Statutory Auditors exchange all information of mutual interest and, where appropriate, coordinate to develop their duties.

7.4 Activities performed

During the Year, the Committee carried out the duties assigned to it by the Board of Directors, with an advisory role as regards issues concerning the internal control and risk management system.

The Committee met eighteen times. The average duration has been three hours, analysing the results of activities carried out by the control functions (audit, compliance and risk management), with in-depth analysis of quarterly reports prepared by the functions. Minutes of each meeting were taken by the appointed Secretary.

In particular, the Committee examined the new version of Procedures for the management of transactions with persons in conflict of interest, providing an opinion to the Board of Directors. Besides these activities and analysis of the control function reports previously submitted, the Committee also reviewed administration and accounting procedures, as well as the accounting standards used to prepare the 2018 Financial Statements and the Interim Report (meeting with the external auditors, for this purpose), and the Corporate Governance Report submitted to the Board of Directors on 5 March 2019.

The Committee examined the transactions with related parties classified as greater relevance transactions, including those arising from the contractual commitments resulting from UniCredit's decision to sell its controlling interest in FinecoBank on the market, as part of a series of initiatives aimed at enhancing FinecoBank's business model in a scenario of its independence (the "Transaction").

As part of the Transaction, the Committee examined the related contractual documentation, analysed the points of attention and identified possible critical issues related to the negotiation phase and, in broader terms, the primary need to ensure the Company's business continuity. With particular reference to the impact on risks and on the Bank's internal control system resulting from the Transaction, the Committee fostered FinecoBank's various Departments/Control Functions to carry out the gap analysis activities necessary to establish any additional organic/procedural and functional coverage aimed at ensuring the Bank's business continuity during the transitional and subsequent phases of operational independence. The Committee monitored therefore the development of the plan for the internalisation of activities. Particular attention was paid to the process of identifying the human resources needed to adequately structure the control functions (Audit, Risk Management and Compliance) during 2020, with specific reference to qualitative and specialist aspects.

With reference to the revision of internal regulations following the implementation of the Transaction, the Committee has, among other things, examined the new version of the document "Procedures for the management of transactions with parties in conflict of interest" (renamed in this context in "Global Policy for the management of transactions with parties in potential conflict of interest of FinecoBank Group"), providing the required opinion to the Board of Directors.

In addition, as part of the abovementioned process of defining and revising internal policies, those relating to Banking and Insurance Product Governance, those relating to certain aspects of credit risk management (FIBS and collateral management) and liquidity risk management were also examined.

In addition to these activities and the analysis of the reports of the control functions previously submitted to its attention, the Committee devoted part of a number of its meetings to specific indepth analysis of issues deemed particularly important, such as: the status of activities carried out to adapt the Bank's procedures to the new rules on (i) investment services (in relation to the provisions of MiFID II and related implementing regulations) and (ii) personal data protection (with reference to GDPR requirements); the assessment of the possible impact of Brexit on the Bank's operations in the UK and the measures it has taken in relation to this event; how to identify the funds defined as "best in class"; the state of progress of the work with regard to the extension and refinement of the reports on interest rate risk requested by the Committee; the transition to the standardised method for the purposes of calculating the own funds requirement for operational risk following deconsolidation by the UniCredit Group; the evolutionary lines of the Risk Appetite 2020 proposal and, in particular, the elements qualifying the Risk Appetite Statement (Target Rating 2020), which qualitatively define FinecoBank's positioning in terms of strategic objectives and related risk profiles in relation to the aforementioned new corporate environment; monitoring the progress of the resolution measures in the audit findings; the examination of the risk profiles associated with the offer of Daily and Knock Out options; the proposed unilateral amendment of the conditions applied to the current account service.

The Committee also reviewed the quarterly reports on related party transactions and the first drafts of the Audit and Compliance plans for 2020, sharing the issues of greatest interest in this regard.

Non-committee members took part in Committee meetings upon request of the Committee's Chair and on single items in agenda. In particular, the Chairman of the Board of Directors, the Chair of the Board of Statutory Auditors, the Statutory Auditors, the Head of the Internal Audit and, on a case-by-case basis, also managers and other personnel took part to the meetings.

Pending the renewal of the company offices by the Shareholders' Meeting scheduled for April 2020, as at the date of the Report – and until the date of the aforementioned Shareholders' Meeting– four Committee meetings have been scheduled, of which three have already been held.

REMUNERATION COMMITTEE Without prejudice to Section 6 above, at the date of approval of the Report, the composition of the Remuneration Committee was as follows:

Name Executive Non Indep. Indep. % () executive Code TUF () Gianmarco Montanari X X X 100% C (11/11) Elena Biffi X X X 100% M (11/11) Enrico Cotta X X 100% M Ramusino (11/11) ------------- Members no longer in office during the Year N.A. No. of Committee meetings: 11 () This column shows the percentage attendance at Committee meetings (no. of attendances/ no. of meetings held during actual period office of the person concerned during the Year).	Without prejudice to Section 6 above, at the date of approval of the Report, the composition of the Remuneration Committee was as follows:







(**) This column shows the position of the director on the Committee ("C": Chairman; "M": member).

All the members of the Remuneration Committee will end their term of office at the time of the next Shareholders' Meeting called to approve the Financial Statements as at December 31, 2019.

For further information on the establishment, duties and functioning of the Remuneration Committee: (i) see the section "Remuneration Committee" of the report published in the "2020 FinecoBank Compensation Policy" – pursuant to article 123-ter of the TUF, article 84-quater of the Issuer Regulations and provisions in Title IV, Chapter 1, Table 15 of Bank of Italy Circular no. 263; (ii) see the Corporate Bodies Regulations of FinecoBank (Part B, § 1.2.).

Pending the renewal of the company offices by the Shareholders' Meeting scheduled for April 2020, as at the date of the Report – and until the date of the aforementioned Shareholders' Meeting – five Committee meetings have been scheduled, of which four have already been held.

CORPORATE GOVERNANCE, NOMINATIONS AND SUSTAINABILITY COMMITTEE The Corporate Governance, Nominations and Sustainability Committee was established on 13 May 2014 as the "Remuneration and Appointments Committee". For reasons of efficiency and simplification of the governance structure, the Company had considered it appropriate to make use of the option allowed by the Corporate Governance Code to combine the functions of its Nominations Committee and Remuneration Committee into one committee. However, in line with Supervisory Regulations on Corporate Governance, the Board of Directors, in the 2017 Qualitative/Quantitative Profile, had recommended, among others, establishing two separate special Board committees for "appointments" and "remuneration". With a resolution of 11 April 2017, the Board of Directors had established an independent committee for appointments, called the "Nominations Committee". With a subsequent resolution of 1 March 2018, the Board of Directors extended the duties of the Committee to include sustainability, subsequently changing the name to "Nominations and Sustainability Committee". Finally, by resolution dated 7 October 2019, the Board of Directors assigned to the aforementioned Committee also duties regarding corporate governance issues, changing its name to the current "Corporate Governance, Nominations and Sustainability Committee".

9.1. Composition

Directors extended the duties of the Committee to include sustainability, subsequently changing the name to "Nominations and Sustainability Committee". Finally, by resolution dated 7 October 2019, the Board of Directors assigned to the aforementioned Committee also duties regarding corporate governance issues, changing its name to the current "Corporate Governance, Nominations and Sustainability Committee".
9.1. Composition
On 11 April 2017, the Board of Directors appointed the members of the current Corporate Governance, Nominations and Sustainability Committee, who are all executive, independent directors pursuant to the TUF and Corporate Governance Code, and have adequate experience and expertise as evaluated and ascertained by the Board of Directors on their appointment.
At the date of approval of the Report, the composition of the Corporate Governance, Nominations and Sustainability Committee was as follows:
Name	Executive	Non executive	Indep. Code	Indep. TUF	% (*)	(**)
Elena Biffi		X	X	X	100% (11/11)	C
Patrizia Albano		X	X	X	100% (11/11)	M
Francesco Saita		X	X	X	100% (11/11)	M
	------------- Members no longer in office during the Year -------------
			N.A.
No. of Committee meetings: 11
(*) This column shows the percentage attendance at Committee meetings (no. of attendances/ no. of meetings held during actual period office of the person concerned during the Year).
(**) This column shows the position of the director on the Committee ("C": Chairman; "M": member).

All the members of the Corporate Governance, Nominations and Sustainability Committee will end their term of office at the time of the next Shareholders' Meeting called to approve the Financial Statements as at 31 December 2019.

9.2. Functioning

The Committee shall meet when convened by its Chairman, whenever he/she deems necessary, or upon the request of one of its members.

The Committee shall be duly established with the presence of the majority of its members in office and with the absolute majority vote of those present for resolutions. The Chairman of the Board of Directors and the Managing Director and General Manager of the Company may take part in meetings. The Chairman of the Board of Statutory Auditors shall also be invited to the meetings, and may delegate another Statutory Auditor to attend.

If the Corporate Governance, Nominations and Sustainability Committee is required to urgently give an opinion on areas in its remit, the Committee Chairman, acknowledging the urgency of the matter and unavailability of the majority or of all members to meet or carry out requested activities in time, shall promptly notify said unavailability to the Chairman of the Board of Directors. In any case, this notice shall be given no later than the day following the day when the Chairman of the Committee received notice of the unavailability of the majority or of all members. The Chairman of the Board of Directors, after consulting with the Managing Director and General Manager to evaluate the urgency of the decision, shall make up the number of Committee members, contacting and indicating another independent member of the Board of Directors. The above shall also apply if the unavailability of the majority is due to the resignation of a member of the Committee. a) provide opinions and support to the Board of Directors in defining the corporate

9.3. Duties and Responsibilities

The Corporate Governance, Nominations and Sustainability Committee is assigned duties and responsibilities in compliance with the Supervisory Regulations and Corporate Governance Code. Specifically, the Corporate Governance, Nominations and Sustainability Committee has an advisory role assisting the Board as follows: b) give the Board of Directors proposals on adapting the corporate governance system, c) supporting the Board of Directors in the appointment and co-option of directors

governance system of FinecoBank, the corporate structure and the Group models and guidelines on governance, and in that context:
it monitors changes in national and international laws and best practices on corporate governance, updating the Board of Directors where those changes are significant;
it checks that the corporate governance system of FinecoBank and of the Group is in line with the legal and regulatory requirements, the recommendations in the Corporate Governance Code, and with national and international best practices.
where necessary or appropriate
according to the times indicated in applicable Supervisory Regulations;
d) providing opinions for the Board concerning: drafting policies to appoint Company Directors (including the qualitative and quantitative profile established by the Supervisory Regulations);
appointing the Managing Director and/or the General Manager and other key management personnel;
defining any succession plans for the Managing Director, the General Manager and other key management personnel;
selecting candidates to the position of FinecoBank Director, in the event of cooptation, and if lists are presented by the Board, of candidates to the position of independent director to be submitted for the approval of the Shareholders' Meeting of the Company; e) assisting the Risks and Related Parties Committee in the process to identify and propose f) supporting the Board of Directors in verifying conditions as of article 26 of the TUB g) issuing opinions to the Board of Directors related to the appointment of corporate h) supervising the sustainability issues related to FinecoBank operations and the dynamics
appointing members of Board Committees;
overseeing various stages of the self-assessment process (see, Annex A to the Corporate Bodies Regulations);
officers of the Compliance, Internal Audit and Risk Management control functions, to appoint;
(requirements of company officers), and in checking the requirements of the applicable primary and secondary legislation;
officers (i.e. members of the boards of directors, boards of statutory auditors and supervisory boards) at the subsidiary companies;
of interaction with all stakeholders; in particular, the Committee performs the following tasks as a support to the Board:
monitoring the sustainable growth strategy of the Company and the Group over time, based on relevant international guidelines and principles;
contributing to evaluate the risks linked to sustainability issues, and in particular, those that could be significant in the medium/long term (Application Criterion 1.C.1. of the Corporate Governance Code);
examining and, in case, formulating proposals concerning plans, objectives, rules and company procedures on social and environmental issues of the Group, monitoring implementation over time;
monitoring the positioning of the Company and the Group in relation to financial markets as regards sustainability issues and relations of the latter with all stakeholders;
examining preliminary the non-financial report (Legislative decree 254/2016) as to the areas applicable to FinecoBank, to be submitted for approval by the Board of Directors.

9.4. Activities performed

During the Year, the Committee met eleven times. Committee meetings, with minutes taken by the appointed Secretary, lasted on average two hours.

During the meetings, the Committee – on the basis of the necessary information and clarifications received from FinecoBank's organisational units, having taken note of the relevant regulations and the documentation supporting the proposals - was called upon to express its opinion, inter alia, on the following matter: (i) the annual assessment of the requirements of Corporate Officers regarding the existence of the independence requirements of directors, the compliance with quantitative and qualitative limits in relation to their time commitment as well as the compliance with current legislation on interlocking; (ii) the increase in the number of members of the administrative body of FAM and the appointment of a new Director; (iii) the approval of succession plans and the evaluation and development process.

During the year, the Committee also supervised internal governance events/processes such as: the self-assessment process of the administrative body; the activities relating to the "Process for selecting Candidates for membership of the Board of Directors" in view of the co-option of a member of the Board of Directors and the renewal of the corporate bodies scheduled for 2020 which led, supported by an independent head hunter, to define the theoretical profile of the candidate to be co-opted and the candidates to be appointed for the renewal of the Board as well as to identify a list of candidates to be submitted to the Board of Directors for the resolutions of the Shareholders' Meeting; the project to amend the Articles of Association, with particular reference to the proposal to grant the outgoing Board of Directors the power to submit its own list of candidates for election of the board; the review of the FinecoBank Corporate Bodies Regulations following the exit of the Bank from the UniCredit Group, as well as the feedback to the competent supervisory authorities regarding the fulfilment of the requirements by the management and control bodies.

In addition, the Committee has overseen sustainability activities, verifying the updates provided by the competent internal structures on the initiatives undertaken by the Bank. In this regard, it expressed its opinion on the approval of the strategic sustainability objectives to be integrated into the multi-year plan and was interested, also for the year 2019, in the material issues identified during 2018 for the preparation of the 2019 Non-Financial Statement. The Committee has, in fact, monitored the drafting of the aforementioned statement and examined its contents with a view to issuing the relevant opinion.

The Committee, through the Chair, had the chance to access to the info and the corporate structures in order to carry out its tasks, also by using the internal teams and external advisors.

Non-committee members took part in Committee meetings also upon request of the Committee's Chair, as regards individual items on the agenda. In particular, the Chairman of the Board of Directors, the Chair of the Board of Statutory Auditors, the Statutory Auditors, the Financial Reporting Officer and, on a case-by-case basis, managers, other personnel and external counsels (in relation to the sustainability topics) took part to the meetings.

Pending the renewal of the company offices by the Shareholders' Meeting scheduled for April 2020, as at the date of the Report – and until the date of the aforementioned Shareholders' Meeting – nine Committee meetings have been scheduled, of which eight have already been held.

10. REMUNERATION OF DIRECTORS

For the information requested regarding the remuneration of executive directors, non-executive directors and key management personnel and concerning indemnities for Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (as of article 123-bis, paragraph 1, letter i) of the TUF, see the chapter "Remuneration paid to members of the Management and Control Bodies, General Managers and other Key Management Personnel" contained in the report published – as part of the "2020 FinecoBank Compensation Policy" – according to article 123-ter of the TUF, article 84-quater of the Issuer Regulations and provisions in Title IV, Chapter 1, Table 15 of Bank of Italy Circular no. 263.

INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM The internal control system is a fundamental part of the overall governance system of banks. It has a central role in the organisation and ensures the effective monitoring of risk, so as to guarantee that operations are in line with company strategies and policies and based on principles of sound and prudent management.

An efficient and effective internal control system forms the basis for creating value in the medium and long term, for safeguarding the quality of operations and for a correct perception of risk and appropriate allocation of capital.

The Company's internal control system is based on the principles of the Corporate Governance Code, applicable regulations and best practices, and:

concerns control functions and positions, involving within their area of responsibility, the Board of Directors, the Risks and Related Parties Committee, the Internal Control and Risk Management System Director, the Board of Statutory Auditors, as well as company functions with specific internal control duties;
establishes procedures for entities involved in the internal control and risk management system to work together.

Board of Directors and Risks and Related Parties Committee

The guidelines of the internal control and risk management system (hereinafter, the "Internal Control and Risk System") are established by the Board of Directors. Accordingly, the Board ensures that the main risks to which the Bank is exposed are adequately identified, measured, managed and monitored.

In this context, the Board of Directors revises and updates the Risk Appetite Framework (or "RAF") on an annual basis, and in line with schedules for the budget process and definition of the financial plan, in order to guarantee a business development that has a correct risk profile and complies with national and international regulations.

During the Year, the Board approved the new "2019 FinecoBank Risk Appetite" (replacing the same document for 2018), which sets out the risk profile in relation to three areas (capital adequacy, profitability and risk, monitoring of specific risks such as credit risk, operational risk, market risk and funding and liquidity), defining reference metrics for each one.

The definition process, revised from the previous version, is structured so as to guarantee consistency with the budget, while the performance indicator (the "KPIs" or "Key Performance Indicators") were revised to include simple, comprehensible metrics.

FinecoBank's Risk Appetite Framework not only includes the list of relevant metrics, but also the targets, triggers and reference limits: (i) targets represent the extent of risk the Bank is prepared to undertake to achieve its budget objectives and defines constraints for business development; (ii) triggers represent alarm thresholds which activate the analysis of possible mitigation actions and must be reported to the Chief Executive Officer; (iii) limits are the values that must not be exceeded; if exceeded, the Board of Directors must be informed.

As regards competencies, the Corporate Bodies Regulations establish that the Board is responsible for the Internal Control and Risk System, and provides guidelines for and assesses the adequacy of the system, appointing from its members:

the director for establishing and maintaining an effective internal control and risk

management system (hereinafter, the "Designated Director");

an internal Committee – called the Risks and Related Parties Committee – consisting entirely of independent directors, which assists the Board of Directors, based on adequate preliminary activities, in its assessments and decisions concerning the internal control and risk management system, as well as the approval of periodical financial reports.

The Board of Directors, with the prior approval of the Committee:

(a) establishes the guidelines of the Internal Control and Risk Management System, assesses its consistency and adequacy in relation to the company's business and risk profile at least annually, as well as its effectiveness, in terms of its ability to take into account the evolution of business risks and their interaction, assigning the Designated Director the task of establishing and maintaining an effective Internal Control and Risk System; (see the Corporate Bodies Regulations) (b) appoints, after consulting with the Board of Statutory Auditors, an Internal Audit (c) approves, at least annually, the work plan prepared by the Head of Internal Audit, after (d) assesses, after consulting with the Board of Statutory Auditors, the results of the external
Manager (hereinafter, the "Head of Internal Audit"), who ensures that the Internal Control and Risk system is functioning and adequate and that internal audit activities are carried out independently and in such a way as to guarantee their effectiveness and efficiency;
consulting with the Board of Statutory Auditors and obtaining approval from the Risks and Related Parties Committee and Director;
auditors in the audit opinion letter and report on audit findings.

The Board of Directors assesses, among others and at least annually, the adequacy, functioning and effectiveness of the Internal Control and Risk System, assisted by the Related Parties and Risks Committee, based on:

reports from the Heads of: the Compliance function, Risk Management function and Internal Audit function;
reporting from the Financial Reporting Officer on the proper use of accounting standards and their consistency for preparing consolidated financial statements;
all useful information on the monitoring of overall company risk which is provided by relevant units and/or the External Auditors.

The Board globally monitors main company risks, assisted by the Risks and Related Parties Committee (see Section 7 above).

In accordance with Supervisory Regulations on internal control systems – between September 2019 and January 2020 - the Bank carried out the annual assessment (on the financial year) on the adequacy of the internal control and risk management system as regards business characteristics and the risk profile undertaken, as well as effectiveness. As regards the results of this assessment process, the Internal Control and Risk Management System was found to be "Mostly Satisfactory" on a scale of four levels in increasing order: "Unsatisfactory", "Nearly Satisfactory", "Mostly satisfactory" and "Adequate" since, although there were some areas of improvement for which corrective actions have been identified, the components as a whole generated an overall satisfactory level as regards system functioning. The outcomes of the assessment have been presented to the Board of Directors on February 2020.

In this context, the Risks and Related Parties Committee, based on results of the above checks, and on additional projects being implemented, assessed the Internal Control and Risk Management System, considering it adequate for the size and complexity of the Bank as regards the business and operating environment and also adequate, within reasonable limits, for preventing or in any case avoiding, in a prompt manner, any material misstatements in the financial statements.

The Board of Directors also: (i) defines the objectives and business continuity strategies of the service, ensuring adequate human, technological and financial resources; (ii) approves the business continuity plan and subsequent amendments as a result of technological and organisational developments, accepting residual risks not managed by the business continuity plan, and also promotes development, periodic monitoring and updating following significant innovations, or any deficiencies/gaps or residual risks; (iii) appoints the business continuity plan manager; (iv) approves the annual plan for testing business continuity measures and examines the test results documented in writing.

Specifically, the Bank's Business Continuity and Crisis Management system provides for a plan to manage events, incidents and crises and the business continuity plan, for which the manager is appointed by the Board of Directors.

In emergency/crisis situations, the Board is informed (by the Managing Director and General Manager or by the Company Business Continuity Manager) of the trend of the crisis and in the event of serious problems for company operations due to serious incidents or malfunctions.

It is also informed, at least annually, of the planning and outcomes of controls on the adequacy of the Plans, as well as controls of business continuity measures (tests).

During the Year, the business continuity plan, which was appropriately revised, was approved by the Board of Directors and subsequently verified in test sessions, to guarantee its effectiveness and adequacy.

With specific reference to non-compliance risk (20), the Board of Directors, after consulting with the Board of Statutory Auditors, approves risk management policies, evaluates, at least once a year and with the technical support of the Risks and Related Parties Committee, the adequacy of the organisational structure, the quality and amount of resources of the Compliance function and analyses periodic reports on its controls on non-compliance risk management.

Moreover, the Board of Directors has general responsibility for management and control of the information system, with a view to an optimal use of technological resources supporting company strategies (ICT governance). In this respect, it:

approves the information system development strategies and architectural model, the sourcing strategies and IT risk propensity, in accordance with the risk objectives and reference framework for determining risk propensity at a company level;
approves the IT security policy;
approves guidelines on the recruitment of personnel with technical functions and the procurement of systems, software and services, including the use of external suppliers;

⁽ ²⁰) Non-compliance risk may be defined as the risk of incurring legal or administrative sanctions, financial losses or sustaining reputational damage, as a result of non-compliance with financial and banking laws, regulations, codes of conduct and good practices.

promotes the development, sharing and updating of ICT knowledge within the company.

With specific regard to supervisory responsibility for ICT risk analysis, the Board:

approves the organisational and methodological reference framework for ICT risk analysis, promoting the appropriate consolidation of information on technological risk within the ICT function and integration with risk measurement and management systems (concerning in particular, operational, reputational and strategic risks);
approves the ICT risk propensity, having considered internal services and services to clients, in accordance with the risk objectives and reference framework for defining risk propensity at a company level.

With reference to the above responsibilities, the Board is informed at least annually of the adequacy of services provided in relation to costs sustained and of the ICT risk situation with regard to risk propensity.

Board of Statutory Auditors

The Board of Statutory Auditors of FinecoBank monitors the effectiveness, completeness, adequacy, functioning and reliability of the internal control and risk management system, and of the Risk Appetite Framework, in line with requirements of the Corporate Governance Code and the Supervisory Regulations.

It also monitors compliance with the Internal Capital Adequacy Assessment Process (ICAAP) and the completeness, adequacy, functioning and reliability of the business continuity plan.

With specific reference to the Board of Statutory Auditors being able to take on supervisory board functions pursuant to Legislative Decree no. 231 of 8 June 2001, the Company considered it appropriate to assign these functions to a specifically established Body (see Section 11.3 of the Report).

The Board of Statutory Auditors establishes appropriate working relations with the Risks and Related Parties Committee to carry out joint activities, in compliance with specific areas of responsibility.

To carry out its duties, the Board of Statutory Auditors may be assisted by the company's internal control departments and functions to carry out and plan checks and necessary assessments. To achieve this, it receives regular adequate information flows or information on specific situations/company performance. Given this close connection, the Board of Statutory Auditors is specifically consulted about decisions regarding the appointment and dismissal of heads of company control functions (Compliance, Risk Management and Internal Audit), and also about defining the essential elements of the control system's overall architecture (powers, responsibilities, resources, data flows and handling conflicts of interest). Regarding own activities, Auditors may request the Internal Audit department to carry out specific audit activities in operational areas and on company operations. The Board of Statutory Auditors verifies and investigates the causes of and remedies for operational irregularities, performance anomalies, and shortcomings in the organisational and accounting structure. Particular attention must be paid to compliance with regulations on conflicts of interest.

Control functions

FinecoBank's internal control system is based on four types of controls:

(i) level one controls ("line controls"): these are controls relative to individual activities and are carried out according to specific operational procedures based on a specific internal regulation. These processes are monitored and continuously updated by "process supervisors" who put in place suitable controls to guarantee the correct performance of daily activities by staff concerned, as well as compliance with delegated powers. Formalised processes concern units that have contacts with customers and Company units that are exclusively internal;
(ii) level two controls: these are controls related to daily operations connected with the process to measure quantifiable risks and are carried out by units other than operating units, on an ongoing basis. The Risk Management function controls market, credit and operational risks, as regards compliance with limits assigned to operating functions and the consistency of operations of individual production areas with established risk/yield objectives; the Compliance function controls non-compliance risks;
(iii) level three controls: these controls are typical of internal auditing, based on analysis of information obtained from databases or company reports, as well as on-site controls. The purpose of these controls is to check the functioning of the overall internal control system and identify any anomalous trends, or infringements of procedures or regulations. These controls are assigned to the Internal Audit function; (i) develops the capital adequacy assessment (ICAAP) and liquidity risk management
(iv) institutional supervisory controls: these refer to controls by Company bodies, including in particular the Board of Statutory Auditors and Supervisory Body pursuant to Legislative Decree no. 231 of 8 June 2001.

The Risk Management function

The Risk Management function prevents and monitors different components of the Group risks. In particular the Risk Management Function controls credit, market, operational and liquidity risk to which the Group is exposed. With reference to the indications of Pillar 2 of Basel, all specific risks not covered by Pillar 1 of Basel (e.g. concentration, interest rate) are also monitored. (ii) is involved in defining the RAF, risk governance policies and various stages comprising (iii) checks the adequacy of the RAF and on an ongoing basis the adequacy of the risk (iv) is responsible for developing, validating and maintaining the independence of risk

The risk control function:

(ILAAP) processes in accordance with regulatory requirements; draws up the ICAAP and ILAAP report addressed to the Supervisory Authorities for the relevant parts;
the risk management process, as well as establishing operating limits for various types of risk. In this context, it proposes quantitative and qualitative parameters necessary to define the RAF, which refer to stress scenarios and, in the case of changes to the bank's internal and external operating context, modifications to these parameters; (v) defines the metrics to use to assess operational risk in line with the RAF, coordinating
management process and operating limits;
measurement and control systems in order to report periodically to control bodies and the Board of Directors;
with the compliance function, ICT function and business continuity function;
(vi) defines procedures for assessing and controlling reputational risk, coordinating with the compliance function and with company functions that are most exposed; (vii) assists company bodies in assessing strategic risk, monitoring significant variables;
methodologies to assess company activities, coordinating with company units concerned;
(viii) ensures the consistency of risk control and measurement systems with processes and (ix) contributes, together with the other functions/structures involved, to the process of IT risk analysis both with regard to the procedures in operation and for initiatives to develop new projects and major changes to the information system, whether upon the occurrence of serious incidents or to the detection of deficiencies in controls or new vulnerabilities or threats; (x) develops and adopts indicators that can identify anomalies and inefficiencies in risk (xi) analyses the risks of new products and services and risks from entering new operating and (xii) gives prior opinions on the consistency of material transactions with the RAF, and obtains (xiii) constantly monitors the actual risk assumed by the Group and its consistency with the risk (xiv) checks the adequacy and effectiveness of measures taken to remedy inefficiencies
control and measurement systems;
market segments;
the opinion of other functions involved in the risk management process, depending on the nature of the transaction;
objectives as well as compliance with the operating limits assigned to the operating structures in relation to the assumption of the various types of risk, with the formulation to the Managing Director and General Manager and the Chief Risk Officer of any proposals for changes to contain risks; (xv) monitors the external regulatory framework for which it is responsible, carrying out
identified in the risk management process;
impact analyses for the Group, and ensuring that internal regulations on risks are updated and comply with them.

The function also carries out monitoring and reports to company bodies (Managing Director and General Manager, Board of Directors, Risks and Related Parties Committee and Board of Statutory Auditors).

Reporting to company bodies consists of the quarterly report on the Group's risk exposure.

The Compliance Function

The Compliance function monitors non-compliance risk management (21) with a risk-based approach, referring to all company operations and ensuring that internal procedures are appropriate for preventing this type of risk.

The Compliance function assists/supports management and Company employees in managing

⁽ ²¹) Non-compliance risk may be defined as the risk of incurring legal or administrative sanctions, financial losses or sustaining reputational damage, as a result of non-compliance with financial and banking laws, regulations, codes of conduct and good practices.

non-compliance risk and monitoring the correct performance of business operations to ensure compliance with current regulations, internal procedures and applicable best practices.

For an effective management of non-compliance risk, the Company shall have a Compliance function. This function must be independent, with a sufficient number and quality of human and technical resources for duties to perform, and may deal freely with Senior Management and company bodies; it shall have access to all resources and company information and may report any matter directly to higher hierarchical levels, if necessary.

In February 2016 the Board of Directors approved the insourcing, with effect from 1 April 2016, of the Compliance function, previously centralised at the former parent company UniCredit based on a specific outsourcing agreement and with a unit (hereinafter, the "Compliance Officer Unit") at FinecoBank, responsible for applying the methods for assessing and monitoring non-compliance risk. (a) Proactive and on-request advice - the ongoing identification of laws applicable to the Bank and consequent non-

In this regard, the Compliance Officer unit was reorganised and renamed the Compliance unit, the Compliance Officer was appointed (also acting as Head of the AML Department), and two new teams were set up: Advisory & Regulators and Risk Assessment & Controls, that work alongside the department for AML and financial sanctions (AML Department).

The role and requirements of the Compliance function are regulated in specific global rules.

The mission of the Compliance reference unit is to support the Company, Company Bodies and personnel in managing the risks of non-compliance with regulations as regards all company operations, checking that internal procedures are adequate in preventing this risk.

The above complies with the provisions of Supervisory Regulations and according to Global Compliance Rules and Group methods.

In particular, the risk of non-compliance with regulations is managed through:

- compliance risks; the definition of the relative impact on company processes and
procedures, including the information system (ICT Compliance); an ex ante assessment of compliance with regulations applicable to products, processes, organisational structures, the incentive system, training modules and, in particular, innovative projects (including operations in new business lines and geographic areas) that the Bank intends undertaking – also through participation in specifically designated committees – as well as the prevention and management of conflicts of interest in various activities carried out by the Bank, with reference to employees and staff; (b) Communication
providing opinions and prior assessments on compliance issues, requested by various internal units in relation to external regulations and assisted by them in analysing and interpreting the regulations;
assessments, for the areas under its responsibility, of the Bank's remuneration policy and in particular of remuneration/incentive systems for personnel and the personal financial advisors network authorised for cold calling;
participation, where required, in Group projects and work groups according to competency profiles.
promotion of a culture based on compliance with internal and external regulations and international best practices, through the adoption of specific Global Rules (Policies and Operational Regulation), the preparation of Circulars and Service Orders, notes, memoranda, opinions and communications, and through personnel training activities; oversee risk management and control (starting with Internal Audit and Risk (c) Interaction with authorities - management of relations with Authorities together with other relevant functions (d) Monitoring, surveillance and reporting - assessment of the non-compliance risks identified (compliance risk assessment),
cooperation with other Bank functions and, in particular, with functions that Management), in order to improve overall consistency and ensure mutually adequate and ongoing information flows; hierarchical levels (escalation) to solve critical issues identified; - verification of the effectiveness of organisational alignments (structures, processes
definition of FinecoBank's annual training plan.
- (such as involvement in consultations concerning new legal and regulatory developments, assistance for preparing comments on bills, monitoring requests and inspections by the Authorities and relative corrective actions).
- also through level two controls, the definition of corrective actions to mitigate these, monitoring the actions and starting procedures involving relevant higher
and procedures, operational and commercial) recommended to prevent the risk of non-compliance with regulations.

The function is directly responsible for non-compliance risk management in the case of regulations that are more significant as regards non-compliance risk, i.e. on banking and the provision of investment services, the management of conflicts of interest, transparency in customer relations and, more in general, on consumer protection and regulations for which strategic oversight at the Bank is not already provided for.

With reference to other regulations for which specific types of strategic oversight (e.g. occupational safety, tax laws, etc.) are provided, the Bank, based on an assessment of the adequacy of specialist controls for managing non-compliance risk profiles, adopted the indirect coverage model, whereby:

the specialist unit adopts the risk assessment methodologies and second level controls defined by the Compliance function;
the Compliance function verifies that units operate in compliance with the methodologies and procedures provided over time, ensuring suitable control of non-compliance risk and establishes and validates reporting, with the aim of providing an overall view of noncompliance risk.

In performing its duties, the Compliance function has access to all Bank operations, at both a central and peripheral level, and to all information considered significant, also through direct interviews with personnel.

Furthermore, the Bank, as an issuer on the FTSE-Mib index, has an internal system for employees to report any irregularities or violations of applicable regulations and internal

procedures (whistle-blowing), in line with applicable national and international best practices, guaranteeing a specific, confidential information channel, and the anonymity of the whistleblower.

During 2018 the Board of Directors appointed the Compliance Officer as Data Protection Officer - DPO), in light of the implementation – starting from 25 May 2018 – of the GDPR.

DPO has, with autonomy and independence, have the following tasks:

to inform and advise the Bank or the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
to monitor compliance with the EU Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35 of the GDPR;
to cooperate with the supervisory authority;
to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36 of the GDPR, and to consult, where appropriate, with regard to any other matter.

With reference to Article 38 of the GDPR, the DPO shall regularly report to the the Board of Directors by providing an analysis on how personal data are protected within the Company.

Finally, following the exit from the Unicredit Group, given the regulatory prohibition from assigning the position of Head of Suspicious Operations Reporting ("SOS Manager") to a person not belonging to the group, the delegated power previously assigned to the Territorial Delegate of Unicredit Group ceased to exist. Therefore, at the meeting held on 4 June 2019, the Board of Directors – pursuant to the "Provisions on organisation, procedures and internal controls aimed at preventing the use of intermediaries for money laundering and terrorist financing" issued by the Bank of Italy on 26 March 2019 – appointed the SOS Manager. The SOS Manager is part of the Anti-Money Laundering Service Team within the Compliance function; he/she has no direct responsibilities in operational areas of the Bank, and is hierarchically dependent on persons belonging to these areas as he/she reports directly to the Head of the Anti-Money Laundering Team and therefore to the Compliance Officer. (i) identifying the main business risks, and ensuring effective risk management and the

11.1 Director in charge of the Internal Control and Risk Management System

To comply with the recommendation in Principle 7.P.3 of the Corporate Governance Code, and with Regulations on the Prudential Supervision of Banks issued by the Bank of Italy, the Managing Director and General Manager Alessandro Foti has been appointed Internal Control and Risk Management System Director.

As part of the internal control system, the Managing Director and General Manager, acting as Internal Control and Risk Management System Director, is tasked with and is responsible for the following:

execution of instructions from the Board of Directors in the presence of a defined, managed and monitored Internal Control System;

(ii) defining the means and methods for implementing the control and risk system, using guidelines from the Board of Directors, undertaking the design, management and monitoring of the internal control and risk management system, establishing operating limits for different types of risk and facilitating the development and dissemination of a culture of risk, assisted by relevant functions; the Managing Director and General Manager is responsible for the annual assessment of the Internal Control and Risk System; (iii) ensuring the overall adequacy of the Control and Risk System, its actual functioning, (iv) establishing and overseeing the adoption of the process to approve investments in new (v) defining and overseeing the implementation of company policy on the outsourcing of (vi) defining internal information flows to ensure that company control bodies are fully aware
amendments to take into account changes in operating conditions and the legal and regulatory framework; the Managing Director and General Manager and his/her first-line managers are called upon to provide a professional judgement on matters relating to the Internal Control System referring to their activities, taking into account the level of compliance with regulations, procedures and controls; (vii) authorising, within the Risk Appetite Framework and where a tolerance threshold has (viii) implementing follow-up measures for the control and risk system after controls have been
products, the distribution of new products or services or start of new activities or entry on new markets, or the adoption of processes and methods to evaluate company operations, in particular financial instruments, overseeing ongoing updates; (ix) submitting proposals to the Chairman of the Board of Directors to appoint or remove
company functions;
of and can govern risk factors and compliance with the Risk Appetite Framework;
been defined, the risk appetite being exceeded, within the tolerance threshold limit, reporting to the Board of Directors and identifying the management actions necessary to return the risk to within the established limit;
carried out, adopting necessary corrective measures or actions if inefficiencies or anomalies are identified, or after the introduction of new products, activities, services or processes that are significant;
from office the Head of Internal Audit, ensuring that the Manager has adequate resources to carry out his/her responsibilities;
(x) promoting the development and periodic monitoring of the Emergency and Crisis Management Plan and the Business Continuity Plan at the Parent Company and Group Entities and their relevant updating; approving the annual audit plan for business continuity measures and reviews test results documented in writing; (xi) ensuring proper, timely and secure management of information for accounting, (xii) ensuring the completeness, adequacy, functionality (in terms of effectiveness and
management and reporting purposes;
efficiency) and reliability of the Bank's information system.

The Managing Director and General Manager implements the ICAAP (Internal Capital Adequacy Assessment Process), ensuring it conforms to the strategic guidelines and RAF and meets the following requirements: (a) it considers all relevant risks; (b) it includes forwardlooking valuations; (c) it uses appropriate methodologies; (d) it is distributed to internal units;

(e) it is adequately formalised and documented; (f) it identifies the roles and responsibilities assigned to company functions and units; (g) it is managed by an adequate number of competent resources, in a hierarchical position appropriate for complying with planning; (h) it is an integral part of management activities.

With reference to liquidity management, the Managing Director and General Manager in implementation of the strategic guidelines and governance policies defined by the Board of Directors:

defines the guidelines of the liquidity risk management process and ensures its implementation, in compliance with the risk tolerance threshold approved by the Board of Directors;
is responsible for implementing and maintaining effective the internal process of assessing the adequacy of the governance system and liquidity risk management – Internal Liquidity Adequacy Assessment Process – ILAAP, ensuring consistency with established strategies and the Risk Appetite Framework.

The Managing Director and General Manager presents the ICAAP/ILAAP Annual Report to the corporate bodies, with the support of the Chief Risk Officer and the Chief Financial Officer.

As regards credit and counterparty risk in particular, the Managing Director and General Manager, in line with strategic guidelines, approves specific guidance to guarantee the effectiveness of the system to manage risk mitigation techniques and compliance with the general and specific requirements of these techniques.

With specific reference to internal risk measurement systems to define capital requirements, the Managing Director and General Manager has the following duties:

responsibility for the structure and functioning of the selected system; to perform this duty, members shall have an adequate knowledge of relevant aspects;
issuing instructions so that the selected system is developed based on identified guidelines, assigning duties and responsibilities to company functions and ensuring the formalization and documentation of risk management process stages;
ensuring that risk measurement systems are part of decision-making processes (use tests);
considering observations made following the validation process and internal audits.

With specific reference to non-compliance risk, the Managing Director and General Manager ensures the effective management of this risk, also establishing suitable policies and procedures for compliance with applicable regulations to be observed within the Bank, verifying, in cases of violations, whether appropriate remedies have been implemented, and establishing reporting flows to ensure that the Bank's company bodies are fully informed about procedures to manage non-compliance risk.

Assisted by the Compliance function, the Managing Director and General Manager identifies and evaluates at least annually, the main non-compliance risks to which the Bank is exposed, and plans relative management measures, also reporting at least once a year to the Board of Directors on the adequacy of non-compliance risk management.

Pursuant to the Regulations of the Board of Directors, the Managing Director and General Manager promptly reports to the Risks and Related Parties Committee (or Board of Directors) on issues and critical aspects identified while carrying out his/her activities or notified, also reporting them to the Chairman of the Board of Directors, so that the Risks and Related Parties

Committee (or the Board of Directors) may take appropriate measures.

11.2 The Internal Audit Function

The Internal Audit function, in accordance with the Supervisory Regulations, is independent from the other company functions and reports directly to the Board of Directors.

At the meeting of the Board of Directors held on 6 May 2019, the internalisation of the Function was resolved, formalising the creation of a dedicated organisational structure. The service was previously outsourced to UniCredit: the contract with UniCredit was automatically terminated on 10 May 2019, as provided for in the contractual provisions, at the same moment when FinecoBank left the UniCredit Group.

The Internal Audit function operates in compliance with the audit mandate, of which the latest version was approved by the Board of Directors on 8 July 2019; this document defines its mission, responsibilities, organisational positioning, independence, duties and authority. The Internal Audit function is an independent unit established by the Board of Directors of the Bank and is an integral part of the Internal Controls System, in which level three controls are carried out. The Internal Audit function carries out independent activities and guarantees assurance and advice in order to evaluate, give added value to and improve the Company's Internal Controls System. The Internal Audit function assists the Company in achieving its objectives, providing a systematic, structured approach to evaluating and improving the adequacy of Company activities, by evaluating and improving the effectiveness of governance, risk management processes and control systems.

The audit methodology used is based on the following main stages: (i) definition of the "Audit Universe", i.e. organisational and process analysis to identify elements involved in audit activities; (ii) risk assessment, i.e. identifying, assessing and measuring risks to which elements of the "Audit Universe" are exposed; (iii) definition of the long-term audit plan and the annual audit plan, which establish the objectives, types and frequency of audits and resources to use based on risk assessment results. For the personal financial advisors network, planning is based on a combined assessment using a risk-based approach while also considering the frequency of audits.

The audit measures may include: (i) audit processes aimed at verifying the effective and efficient performance of activities and proper monitoring of risks implicit in the process being audited; (ii) audit of the personal financial advisors network, carried out within the operating points of the sales network, with the objective of verifying the compliance with the applicable legislation of the external office financial activities carried out by personal financial advisors. Remote audit activities are carried out predominantly with the support of anomaly indicators, together with subsequent on-site analysis to complete the activity; (iii) specific assessments referring to individual behaviours or types of behaviours in order to identify the causes and responsibilities for specific events, accidents or conduct (e.g., measures for cases of fraud and disloyalty belong to this type).

After completing audits and based on findings, the Internal Audit function makes suggestions and/or recommendations to relevant company structures. It also informs other company control functions of any inefficiencies, weaknesses and irregularities identified during audits of specific areas or matters within their remit. Actions to remedy identified anomalies and inefficiencies are monitored by a systematic audit tracking process, and if particular risk situations and/or weaknesses in the internal control system are noted, by specific follow up.

The Internal Audit function may also provide advisory services, which, while not compromising its independence, aim to provide added value and support the Bank in achieving its objectives, by offering advisory support on the design, functioning and improvement of the internal control system.

The Internal Audit function achieves its mission and carries out activities in accordance with the Group Internal Audit Framework, which include the Code of Ethics, approved by the Company's management bodies and which are based on international standards for professional auditing.

The Internal Audit Function is tasked with:

developing the methodologies, processes and standards to be applied to audit activities at Group level;
monitoring and analysing national and international regulatory requirements relating to the banking and financial sector in order to identify the impacts on Internal Audit activities;
preparing and updating the Group's regulations and audit methods, disseminating them to any Group Internal Audit structures and issuing, where necessary, specific Non-Binding Opinions;
developing the methodologies for each phase of the Internal Audit process, promoting, in collaboration with the relevant structures, in particular with the ICT & Security Office Department, the development and updating of the audit tools used;
monitoring the adoption and application of defined methodologies, standards and processes, and improve the quality of the Group's Internal Audit activities;
submitting an annual audit plan to the Corporate Bodies, indicating the control activities planned for the Parent Company and the Group Entities, taking into account the risks of the various corporate activities and structures, the requests received from the Bank's governance and control bodies, as well as the regulatory requirements in force; the plan shall contain a specific section on ICT auditing activities;
preparing the guidelines to be transmitted to the Internal Audit structures of the Group Entities, for the preparation of the annual audit plans, carry out the analysis of the same and issue the relative Non-Binding Opinions to the Entities, coordinating the planning process of the audit activities at Group level;
carrying out on-site or remote audits, in the Parent Company and in the Group Entities, overseeing the implementation of corrective actions for the deficiencies found;
coordinating and monitoring the activities and results of the checks carried out in the Parent Company and in the Group Entities;
at the end of the management cycle, presenting, directly or through the Risk and Related Parties Committee, to the Board of Directors, the Board of Statutory Auditors and the director in charge of the internal control and risk management system at least once a year and, in cases of particular importance, at the first useful meeting, a report on the activities carried out, which illustrates the checks carried out in the Parent Company and in the individual Entities, the results that emerged, the weaknesses detected and the proposals for action to be taken to remove them, contributing to the overall assessment of the completeness, adequacy, functionality and reliability of the internal control system of the Parent Bank and the Group;
ensuring adequate information flows with the Bank's 2nd level control functions;
responding to specific requests for information from Corporate Bodies, the Board of Statutory Auditors, the Supervisory Authorities and the appointed Independent Auditors;
maintaining the mapping of the Internal Audit function's skills and define, with the support of the teams reporting to it, the training plan and certification paths, in coordination with the Bank's human resources structure;
participating in projects considered relevant and, where envisaged, in the Bank's committees for the areas within its remit in order to ensure the appropriate, updated and complete vision of developments in governance processes, risk management and internal controls necessary to carry out its mission.

In order to provide company bodies and Senior Management with an overall evaluation of the internal control system, the Head of the Internal Audit function prepares the quarterly "Report on Interna Audit activities" that, in addition to an assessment of the internal control system, contains summary information on audit activities performed, on the main risks identified, on the implementation status of Management's action plans and an update on the progress of the annual plan. The Head of Internal Audit function also submits Audit Reports with a "critical" or "unsatisfactory" assessment directly to the Board of Statutory Auditors and to the Risks and Related Parties Committee; in any case, it may send additional audit reports to the Risks and Related Parties Committee and the Board of Statutory Auditors, which, regardless of the overall assessment, contain significant shortcomings. - FinecoBank's 5-year audit plan based on mandatory audits and on the risk assessment of FinecoBank's Audit Universe (AU). This plan, revised annually based on the risk - the annual audit plan, which is part of the long-term audit plan, based on results of the Supervisory Authorities and from company bodies, follow up activities and mandatory

With specific reference to planning activities, the Head of the Internal Audit Function draws up:

assessment, ensures efficient and effective coverage of the AU, in line with the Bank's risks;
Risk Assessment of the Audit Universe, Group Audit Guidelines, requests from the audits carried out at regular intervals.

ICT auditing activities are included in these plans.

The Head of Internal Audit, in compliance with Application Criterion 7.C.5 of the Corporate Governance Code for Listed Companies is not responsible for any operating area and does not report hierarchically to any operating area manager. The Head of Internal Audit also has direct access to all information useful for carrying out duties.

11.3 Compliance programme pursuant to Legislative Decree no. 231 of 8 June 2001

On 15 March 2010, the Board of Directors approved FinecoBank's Organisation Management and Control Model (hereinafter, the "Model"), pursuant to Legislative Decree no. 231 of 8 June 2001, on "Provisions for the administrative liability of company bodies, Companies and associations also without legal status" (the "Legislative Decree 231/2001"). This document was subsequently amended to take into account subsequent regulations and the current version was approved by the Board of Directors by resolution of 5 November 2019.

The Model comprises:

(i) a general part, of seven chapters, describing: the scope and purposes of the Model; the applicable regulatory framework; the description of the management and control system adopted by FinecoBank to mitigate the risk of commission of offences pursuant to Legislative Decree 231/2001; the functioning of the body appointed to supervise the functioning of and compliance with the Model; the disciplinary system and related penalties; the information and training plan to be adopted in order to guarantee knowledge of the measures and provisions of the Model; the criteria for updating and adapting the Model; (ii) a special part, with decision protocols.

The Model includes the following attachments, which are an integral part:

Attachment 1 containing the "List of predicate offences and individual criminal offences";
Attachment 2 containing the "Code of ethics pursuant to Legislative Decree 231/01" which sets out the rules to guarantee that the conduct of Model recipients is always based on criteria of fairness, collaboration, loyalty, transparency and mutual respect, and also to avoid a conduct that may constitute the criminal offences and predicate administrative offences;
Attachment 3 "Information flows to the Supervisory Board".

Furthermore, on 11 May 2012, the Board of Directors resolved to adopt the Integrity Charter and Code of Conduct of the UniCredit Group (last updated by resolution of 4 July 2017), along with the supplementary FinecoBank regulations; The document combining these (hereinafter, the "Code"), integrates current regulations on banking, investment services and employment, identifying the fundamental principles of conduct for those working for the company. The Code therefore concerns all persons performing activities on behalf of the Company: members of supervisory, management and control bodies of the Company, employees, personal financial advisors authorised for cold-calling, outsourcers.

In accordance with provisions in article 6, paragraph 1 of Legislative Decree 231/2001, the Company has also established a specific body (hereinafter, the "Supervisory Board") to monitor the functioning of and compliance with the Model, and its continual updating.

For this purpose, the Supervisory Board, among other things: (i) has independent powers to act and carry out controls, and independent spending powers, (ii) periodically reports to the Risks and Related Parties Committee on the Model's functioning, and (iii) gives the Board of Directors, on an annual basis, a written report on the implementation status of the Model, and in particular, on controls carried out and on critical aspects and anomalies identified.

The Supervisory Board was appointed by the Board of Directors on 11 April 2017, for a term of three years; subsequently the composition was modified on 16 October 2017, by resolution of the Board of Directors, decreasing the number of "internal members" from three to two, with the outgoing Head of Internal Audit, who still participates in meetings as a permanent attendee, and the appointment of a new external member, replacing the Chairman of the Board of Statutory Auditors. Accordingly, at the date of approval of this Report, the composition of the Supervisory Board was as follows.

NAME AND SURNAME	CATEGORY
Marianna Li Calzi	External Member (Chairman)

Salvatore Messina	External Member
Andrea Pepe	Head of Legal & Corporate Affairs
Silvio Puchar	Head of Compliance

The Model adopted by the Company, as described above, is available on the Issuer's website: www.finecobank.com,

https://images.finecobank.com/common/pub/pdf/corporate/governance/modelloorganizzazione-gestione.pdf.

11.4 External Auditors

The Shareholders' Meeting of 16 April 2013 appointed Deloitte & Touche S.p.A., pursuant to article 16, paragraph 1 of Legislative Decree no. 39 of 27 January 2010, (i) to audit the financial statements of the Issuer for the years from 31 December 2013 to 31 December 2021 (included), including the auditing of the company's accounts, and (ii) the limited auditing of interim reports from 30 June 2013 to 30 June 2021 (included). From the financial statements as at December 31, 2017, first year of presentation of the consolidated financial statements, the External Auditor is empowered also to audit the consolidated financial statements of the Company.

11.5 Financial Reporting Officer

As established by article 28 of the Articles of Association and subject to the mandatory opinion of the Board of Statutory Auditors, the Board of Directors appoints the Officer responsible for preparing the financial reports (hereinafter, the "Financial Reporting Officer"), pursuant to article 154-bis of the TUF.

The Financial Reporting Officer is selected by the Board of Directors from executives of the Company that have specific expertise, in administrative and accounting terms, of lending, finance, securities or insurance. This expertise, verified by the Board of Directors, shall be gained from professional experience in a position of adequate responsibility for a suitable period and in like-for-like companies. The Financial Reporting Officer shall also meet the good standing requirements of laws in force for positions indicated in the Articles of Association. If the Officer no longer meets the good standing requirements, he/she shall be removed from office.

As provided for by article 154-bis of the TUF, the Financial Reporting Officer is responsible for: (i) preparing adequate administrative and accounting procedures for preparing financial statements and as well as any other kind of financial disclosure; (ii) including a written statement with the documents and notices required by law or disclosed to the market, containing information and data on the financial position and performance of the Company, that said information and data is truthful; (iii) arranging for the preparation of the financial statements, interim reporting and (iv) within relative areas of responsibility, representing the Bank in relations with the international financial community.

By resolution of 11 April 2017, subject to approval from the Board of Statutory Auditors and in compliance with article 154-bis, paragraph 1 of the TUF and article 28 of the Articles of Association, the Board of Directors of the Company confirmed for a three year period Lorena Pelliciari (the Chief Financial Officer of the Bank) as the Financial Reporting Officer of the Company, who is in charge of the duties established in article 154-bis of the TUF described above.

Lorena Pelliciari has gained considerable experience as Chief Financial Officer of FinecoBank and therefore has an excellent knowledge of processes for preparing the Company's accounting and financial documents. She therefore meets the professional standing requirements established in article 28 of the Articles of Association.

The Board of Directors also gave Lorena Pelliciari the following powers, in order for her carry out her duties as Financial Reporting Officer:

(i) having free access to all information considered relevant for her duties, within the Company;
(ii) taking part in Board Meetings dealing with issues in her area of responsibility;
(iii) engaging with the Company's administrative and control bodies;
(iv) approving company procedures, when they have an impact on the financial statements or other documents which are certified;
(v) being involved in the design of information systems that have an impact on the financial position and performance of the Company;
(vi) using the internal auditing, organisation and compliance function to map and analyse processes within her area of responsibility and carry out specific controls;
(vii) using information systems;
(viii) updating, amending and supplementing, also with the assistance of external advisors, procedures on: (a) the standardisation of information flows to the Financial Reporting Officer; and (b) the preparation of financial statements and all other types of financial disclosure.

Lastly, the Board of Directors, in exercising its supervisory powers, established that the Financial Reporting Officer shall report at least quarterly to the Board of Directors on activities carried out, as well as on any critical aspects identified.

Financial reporting process

As regards the main characteristics of the Internal Control and Risk System in relation to financial reporting, including the reporting of consolidated information, under article 154-bis of the TUF, the Financial Reporting Officer of FinecoBank is responsible for preparing and adopting adequate administrative and accounting procedures for the preparation of the financial statements and the consolidated financial statements, as well as all other forms of financial reporting to the market.

The Financial Reporting Officer, along with the Managing Director and General Manager, in a report on the financial statements (including the consolidated financial statements) and condensed half-year financial statements shall also certify:

the adequacy and actual adoption of administrative and accounting procedures;
compliance with applicable international accounting standards endorsed by the European Community pursuant to Regulation (EC) No 1606/2002;
the consistency of accounting records;
the accurate representation of the financial position and performance of the Company;
the inclusion in the Directors' report on operations of reliable analysis of the company's performance, operations and situation, along with a description of main risks and uncertainties to which it is exposed.

As established by article 28 of the Articles of Association, the Board of Directors ensures that the Financial Reporting Officer has adequate powers and resources to carry out the duties established by current regulations, and to comply with administrative and accounting procedures. In carrying out his/her duties, the Financial Reporting Officer may be assisted by all Bank units.

11.6 Coordination of entities involved in the internal control and risk management system

Procedures for interaction among company functions and entities involved in the risk management and control system have been planned to prevent overlapping or gaps as far as possible, or to alter, even in substance, the main responsibilities of company bodies as concerns the risk management and control system.

Specifically, the Company has significantly consolidated cooperation among control functions, through specific formalised information flows on internal regulations and through managerial committees dedicated to control issues.

Interaction among level two and level three control functions is part of a more general framework of ongoing, proactive cooperation, which is mainly formalized in specific regulations/internal regulations and includes:

involvement in the process to define and/or update internal regulations on risks and controls;
the exchange of information flows, documents or data, as well as access to all resources or company information in line with the control requirements of functions;
involvement in board and managerial Committees, systematically or on request;
involvement in working parties, which are set up from time to time for risk and control issues.

The purpose of improved interaction between control functions and continual reporting to company bodies is to ultimately establish a corporate governance system that guarantees sound and prudent management, also through a more effective monitoring of risk, at all company levels.

To ensure coordination and interaction among various functions and bodies with control duties (required by company, accounting or supervisory regulations), the Board of Directors, after examination by the Risks and Related Parties Committee, issued a specific document "Document on Bodies and functions with supervisory tasks" – sent to all areas involved – outlining duties and responsibilities of the various bodies and control functions and methods of coordination/collaboration, as well as information flows between them pursuant to Supervisory

Regulations on Corporate Governance.

12. DIRECTORS' INTERESTS AND RELATED-PARTY TRANSACTIONS

The Board of Directors approved a specific policy – the Global Policy – aimed at governing the transactions with:

related parties pursuant to Related Parties Regulations;
associated persons pursuant to Bank of Italy Circular;
banking representatives pursuant to art. 136 TUB;
other entities identified by the Bank on a discretionary basis,

approved by the Board of Directors on 5 November 2019, after obtaining the favourable opinion of the Risk and Related Parties Committee and Board of Statutory Auditors. The Global Policy has updated and replaced the previous "Procedures for the management of transactions with persons in conflict of interest".

The Global Policy addresses governance issues, the scope of the procedures and the procedural and organisational profiles relative to managing transactions with persons in potential conflict of interest pursuant to applicable regulations abovementioned, as regards the operations of the Parent Company and the other Group companies (i.e. as of today the solely FAM).

The Global policy describes the activities concerning:

the identification, updating and ongoing monitoring of persons in potential conflict of interest;
the management of transactions with persons in potential conflict of interest, with reference to, among others:
the identification of transactions;
management of the decision-making process;
reporting and transparency obligations.

It also defines:

procedures for the management of transactions with persons in potential conflict of interest;
the organisational structures of FinecoBank involved and their relative role;
internal and external information flows, also to the market;
monitoring and control activities and methods to update the Global Policy.

With reference to FinecoBank, related parties within the meaning of the Related Parties Regulation, connected persons within the meaning of the Bank of Italy Circular, as well as other parties in potential conflict of interest identified on a discretionary basis by the Bank, constitute the so-called "FinecoBank Perimeter" which together with the "Perimeter of Bank Corporate Officers pursuant to Article 136 of the Consolidated Banking Act" identifies parties in potential conflict of interest for the Company.

The "FinecoBank Perimeter", in turn, is part of the so-called "Single Perimeter" which also includes the "Perimeter of the other Banks and Supervised Intermediaries of the FinecoBank Group". Moreover, it should be noted that at the date of approval of the Report, the "Single Perimeter" consists only of the "FinecoBank Perimeter" as there are no other banks or Supervised Intermediaries within the FinecoBank Group. The only Subsidiary (i.e. FAM) is not

classifiable as a bank or Supervised Intermediary.

In compliance with Related-Parties Regulations and the Bank of Italy Circular, the Global Policy identifies and distinguishes, as regards the materiality threshold, material transactions, non-material transactions and minor transactions.

As regards transactions with members of the "Single Perimeter", the Global Policy requires specific information flows to:

the FinecoBank oversight unit;
the Board of Directors and Board of Statutory Auditors;
the Risks and Related Parties Committee;
the Compliance Function;
the Chief Financial Officer.

As can be seen from the above and from the identification of the "Perimeter of Bank Corporate Officers pursuant to Article 136 of the Consolidated Banking Act", the Global Policy also regulates transactions concluded with relevant persons pursuant to Article 136 of the Consolidated Banking Act (i.e. directors - including the Managing Director and General Manager - and statutory auditors – standing and alternate – as well as certain persons potentially related to them). Pursuant to Article 136 of the Consolidated Banking Act, bank corporate officers (or persons potentially related to them) may not enter into obligations of any kind or perform acts of sale or purchase, directly or indirectly, with the bank that they administer, direct or control unless a unanimous resolution of the Board of Directors and the favourable vote of all the members of the Board of Statutory Auditors has been passed, without prejudice to the obligations laid down in the Italian Civil Code with regard to directors' interests and transactions with related parties and connected persons.

The full text of the Global Policy, to which reference should be made for further details, is available for consultation on the Company's website at www.finecobank.com in the "Corporate" section.

* * *

Without prejudice to the foregoing, directors are also subject to the provisions of Article 2391 of the Italian Civil Code concerning directors' interests and pursuant to which the director must inform the other members of the Board of Directors and the Board of Statutory Auditors of any interest which, on his/her own behalf or on behalf of third parties, he/she may have in a particular transaction of the company, specifying the nature, terms, origin and extent. The relative resolution of the Board must adequately justify the reasons and advantages for the Company of the transaction, without prejudice to any other provisions of law or regulations applicable on the subject.

APPOINTMENT OF STATUTORY AUDITORS In compliance with laws and regulations applicable to listed companies, article 23 of the Articles of Association requires the Board of Statutory Auditors to be appointed by the Shareholders' Meeting, based on lists of candidates submitted by Shareholders (each list shall contain the names of the candidates numbered progressively), according to the procedure described below.

Pursuant to article 23, paragraph 2, of the Articles of Association (as amended by the Extraordinary Shareholders' Meeting of 18 February 2020), the Statutory Auditors must be suitable to hold the office, in accordance with the provisions of the legislation in force at the time and the Articles of Association and, in particular, they must meet the requirements of professionalism, integrity and independence and comply with the criteria of competence, correctness and dedication of time and the specific limits on the number of positions held as set out by legislation in force at the time and by the Articles of Association and in any event those set out by the European Directive no. 36 of June 26, 2013 (CRD IV).

The Statutory Auditors, in addition to the independence requirements provided for by the legislation in force at the time, must be in possession of the independence requirements provided for by Art. 13, paragraph 3, of the Articles of Association and, therefore, must be in possession of the independence requirements set forth in the Corporate Governance Code.

Shareholders can submit a list for the appointment of Auditors, provided that when they submit the list they hold, alone or in conjunction with other presenting shareholders, at least the minimum percentage of share capital established by laws and regulations in force at the time. Consob, in its Executive Resolution by the Head of the Corporate Governance Division no. 28 of January 30, 2020, set the minimum shareholding required for FinecoBank to present lists of candidates for election to the Board of Directors and Board of Statutory Auditors at 1% of share capital.

Ownership of the minimum shareholding required is calculated based on the shares registered for each shareholder on the day when the lists are filed at the Company; relative certification may be submitted after the lists have been filed, provided this is within the deadline for publication of the lists.

Each party entitled to vote (as well as (i) entitled persons belonging to the same group, intended as a party, which need not be a corporation, exercising control pursuant to article 2359 of the Civil Code and any subsidiary controlled by, or under the control of the said party, or (ii) shareholders who are party to a shareholders' agreement as per article 122 of the TUF, or (iii) entitled persons who are otherwise associated with each other in a material relationship pursuant to current and applicable statutory or regulatory provisions) may submit individually or with others only one list, just like each candidate can be included in only one list, or otherwise be considered ineligible.

Lists shall be divided in two sections, containing respectively up to three candidates for the position of Statutory Auditor and up to two candidates for the position of Stand-in Statutory Auditor.

At least the first two candidates for the position of Statutory Auditor and the first candidate for the position of Stand-in Statutory Auditor in the respective lists must be entered in the Register of Auditors and have experience as statutory auditors.

Each list for the position of regular statutory auditor and alternate statutory auditor must include

a number of candidates of the less represented gender such to ensure such list satisfies at least the minimum gender balance required by the applicable laws and regulations(22).

In order to be valid, the lists must be filed at the Registered Office or Head Office, also by means of remote communication and in accordance with procedures stated in the notice of call which allows for the identification of parties filing the lists, no later than twenty-five days before the date of the Shareholders' Meeting (or within a different deadline according to applicable laws) and must be made available to the public at the registered office, on the Company's website and through other channels provided for under current laws at least twentyone days prior to the date of the Shareholders' Meeting (or within a different deadline according to applicable laws). (a) 2 (two) Statutory Auditors and 1 (one) Stand-in Auditor are taken from the list that has (b) the remaining Statutory Auditor and Stand-in Auditor shall be taken from the list that has

Minority shareholders who are not affiliated with the Shareholders concerned shall be entitled to extend the deadline for presenting lists in the circumstances and according to the procedures in applicable laws and regulations.

Each eligible voter may vote for one list only.

The members of the Board of Statutory Auditors shall be elected as follows:

obtained the highest number of votes cast by entitled persons, in the order in which they appear on the list;
obtained the most votes after the one referred to in (a) and the first candidates of the relevant section shall be appointed as the Statutory Auditor and Stand-in Auditor, respectively.

The Chairmanship of the Board of Statutory Auditors will go to the first candidate of the minority list of Statutory Auditors receiving the most votes.

If, in accordance with the deadlines and procedures set forth above, only one list or no list has been presented, or the lists do not contain the required number of candidates to be elected, the Shareholders' Meeting shall pass a resolution for the appointment or completion of the Board of Statutory Auditors by relative majority. If there is a tie vote between several candidates, a runoff election shall be held between them with a further vote of the Shareholders' Meeting. The Shareholders' Meeting shall be required to ensure compliance with the provisions of applicable laws and regulations concerning gender balance.

In the event the death, resignation, withdrawal or removal from office for any other reason of a Statutory Auditor, he/she shall be replaced by the Stand-in Statutory Auditor, from the same list as the outgoing Auditor, in the order in which they appear on the list, complying with the minimum number of members entered in the Register of Auditors who have been engaged in

⁽ ²²) See Communication no. 1/20 published by Consob on January 30, 2020, through which the Supervisory Authority has specified that "[...] pending an adjustment of the regulatory framework and taking into account the urgency connected with the application of the new provisions already from the next renewals of corporate bodies - as part of the supervisory activity on the discipline in question, the criterion of rounding up to the next higher unit provided for by paragraph 3 of Article 144-undecies will be considered. 1 ("Gender balance"), the Consob Regulation adopted by resolution no. 11971 of May 14, 1999, as amended ("Issuers' Regulation"), which is not applicable to corporate bodies made up of three members due to arithmetical impossibility. Therefore, with reference to the latter, Consob will consider that rounding down to the lower unit is in line with the new rules. The criterion of rounding up to the next higher unit provided for in paragraph 3 of the aforementioned article 144-undecies.1 of the Issuers' Regulations for corporate bodies made up of more than three members remains unchanged".

auditing activities, and in compliance with gender balance principles. If this is not possible, the outgoing Auditor shall be replaced by the Stand-in Statutory Auditor meeting the specified requirements, drawn from the minority list which obtained the most votes, following the order in which they appear on the list. Where the appointment of Auditors is not carried out using the list voting system, the Stand-in Statutory Auditor shall take over pursuant to statutory provisions. Should it be necessary to replace the Chairman, the Stand-in Statutory Auditor taking over shall also serve as Chairman. The Shareholders shall appoint or replace Auditors in meetings called in accordance with article 2401, paragraph 1 of the Civil Code in compliance with the principle of adequate representation of minority shareholders and gender balance. Where the appointment of the Stand-in Statutory Auditor in lieu of the Statutory Auditor is not confirmed by the Shareholders' Meeting, he/she shall return to his/her position as Stand-in Auditor.

14. COMPOSITION AND FUNCTIONING OF THE BOARD OF STATUTORY AUDITORS

Pursuant to article 23 of the Articles of Association and in compliance with current rules and regulations, at least 2 Statutory Auditors and 1 Stand-in Auditor must have been entered in the Register of Auditors for at least three years and have at least three years' experience as a statutory auditor. Auditors who are not entered in the Register of Auditors must have gained at least three years' experience in: (a) professional activities as a certified public accountant or lawyer, rendered primarily to the (c) performing managerial duties in public entities or public administrations, in the credit,

banking, insurance and financial sectors;
(b) performing university teaching on subjects relating to in the legal field banking, commercial, tax and financial markets law and – in the business / finance field – banking operations, business economics, accountancy, economics of the securities market, economics of financial and international markets, corporate finance;
financial and insurance sector or in the provision of investment services or in collective asset management, as both defined by the TUF.

Furthermore, in application of the recommendations in Application Criterion 8.C.1 of the Corporate Governance Code, the Auditors of FinecoBank must meet the independence requirements in article 3 of the Corporate Governance, as well as the requirements in article 148, paragraph 3 of the TUF.

In application of article 144-novies of the Issuer Regulations and the above Criterion, the competent body is responsible for evaluating whether members of the Board of Statutory Auditors meet the requirements specified above: (i) following appointment, the outcome of which shall be disclosed to the market by means of a press release; (ii) on an annual basis, reporting the results thereof in the annual corporate governance report.

The Company's Board of Statutory Auditors currently in office was appointed by the Shareholders' Meeting held on 11 April 2017 and shall remain in office until approval of the 2019 Financial Statements.

The Auditors were appointed based on a list voting system, pursuant to article 23 of the Articles of Association and in compliance with applicable laws and regulations. In particular, the following lists of candidates for appointment to the Board of Statutory Auditors were presented:

List no. 1, presented by UniCredit (owner of a total of 215,066,403 ordinary shares representing 35.39% of the share capital): (a) Barbara Aloisi, Marziano Viozzi and Giuseppe Grazia for the position of Statutory Auditor; (b) Federica Bonato and Marzio Duilio Rubagotti for the position of Stand-in Auditor;
List no. 2, presented by UniCredit (owner of a total of 16,347,439 ordinary shares representing 2.6901% of the share capital): (a) Stefano Fiorini and Paola Carrara for the position of Statutory Auditor; (b) Elena Spagnol and Giorgio Mosci for the position of Stand-in Auditor.

The following documents were filed and published along with the two lists, according to established times and procedures:

(vi) a statement from shareholders other than shareholders that hold, even jointly, a controlling or relative majority interest, certifying the absence of any connection and/or significant relations with the latter as provided for by article 147-ter, paragraph 3 of the TUF and article 144-quinquies of the Issuers Regulation, also having examined Consob recommendations in its Communication no. DEM/9017893 of 26 February 2009; (vii) exhaustive information on the personal and professional characteristics of the candidates
included in the list (curriculum vitae) and the list of administration, management and control positions they hold in other companies, which are relevant pursuant to law);
(viii) statements whereby individual candidates irrevocably accepted the position (subject to their appointment) and certified, under their responsibility, that there were no grounds for their ineligibility or incompatibility to stand as candidate, and that they met the requirements of applicable laws, regulatory provisions, the Articles of Association and Corporate Governance Code.

The lists, together with the above documents, were filed on the Company's website ("Governance/Shareholders' Meetings" section).

The Shareholders' meeting of 11 April 2017 therefore appointed the Board of Statutory Auditors (comprising three Statutory Auditors and two Stand-in Auditors) for the 2017-2019 period as follows:

from the list submitted by UniCredit, which was voted by the majority of shareholders, Barbara Aloisi and Marziano Viozzi were appointed as Statutory Auditors, and Federica Bonato was appointed as Stand-in Auditor;
from the list presented by a number of asset management companies and institutional investors, which was voted by the minority of Shareholders, Stefano Fiorini was appointed as Statutory Auditor and Elena Spagnol as Stand-in Auditor.

For the percentage of votes for the above lists in relation to voting capital, see the summary report on voting, available on the Company's website ("Governance/Shareholders' Meeting" section).

The Board also confirmed the annual fees it had already established for the previous term of office of the Board of Statutory Auditors, also based in information from the outgoing Board of Statutory Auditors, to enable shareholders and candidates to evaluate their adequacy. In this context, the fees are commensurate with activities required, the significance of the role hold as

well as the size and sector of the company.

On 4 September 2017, Stefano Fiorini resigned from his position as Chairman of the Board of Statutory Auditors of the Bank, with immediate effect, and in compliance with laws and the Articles of Association, the Stand-in Auditor Elena Spagnol, also from the minority list, took over the position of Statutory Auditor and Chairman of the Board of Statutory Auditors, on the same date, until the next Shareholders' Meeting. Consequently, the Shareholders' Meeting held on 11 April 2018, in ordinary session, has completed the Board of Statutory Auditors by confirming Elena Spagnol as Statutory Auditor (replacing Stefano Fiorini) and appointing Gianfranco Consorti as stand-in Statutory Auditor. Such roles will expire at the expiration date of the Board of Statutory Auditors, i.e. at the Shareholders' Meeting called to approve 2019 financial statements. The appointments have been approved by the majority required by law and without the "voting by slate" mechanism. Minorities and gender diversity criteria set by the law have been complied with. Elena Spagnol - as a representative of the minorities – has been appointed as Chair.

The table below provides relevant information about each member of the Board of Statutory Auditors in office as of the date of the Report.

Chair Elena 1968 11.04.2017 11.04.2018 Shareholders' m X 26/26 2 Spagnol Meeting called (Initially (100%) to approve appointed as 2019 financial statement stand-in auditor; then appointed on 4/09/2017 until the 11.04.2018 Shareholders' Meeting) Statutory Barbara 1967 17.04.2012 11.04.2017 Shareholders' M X 24/26 6 Auditor Aloisi Meeting called (93%) to approve 2019 financial statement Statutory Marziano 1946 16.04.2013 11.04.2017 Shareholders' M X 23/26 3 Auditor Viozzi Meeting called (89%) to approve 2019 financial statement Stand-in Federica 1955 15.04.2014 11.04.2017 Shareholders' M X 5 Statutory Bonato Meeting called Auditor to approve -- 2019 financial statement Stand-in Gianfranco 1950 11.04.2018 15.04.2014 Shareholders' -- X -- 7 Statutory Consorti Meeting called Auditor to approve 2019 financial statement Quorum required to present lists during the last appointment: 1%	Position	Members	Born in	Date of first appointment *	In office since	In office until	List **	Indep. Corporate Governan ce Code	Participation in Board of Statutory Auditors' meetings ***	Number of other positions ****






* The date of first appointment of each Statutory Auditor means the date when the statutory auditor was appointed for the first time (ever) to the Board of Statutory Auditors of the Company.

** This column indicates the list on which each Auditor was presented ("M": member from the majority list; "m": member from the minority list). *** Percentage attendance at meetings (no. of attendances/ no. of meetings held during the actual period office of the person concerned during the Year). **** Number of offices pursuant to article 148-bis of the TUF and relevant provisions implementing the Issuer Regulations.

It should be noted that at the next Shareholders' Meeting to be called on 28 April 2020, Shareholders will be called, among other things, to resolve on the appointment of new Statutory Auditors on the basis of the list voting mechanism as governed by the Company's Articles of Association (as amended by the Extraordinary Shareholders' Meeting of 18 February 2020) and described in Section 13 of the Report.

In view of the renewal of the Board of Statutory Auditors, FinecoBank's Board of Statutory Auditors has deemed it appropriate to proceed, also in light of the increasingly complex regulations on the requirements of bank corporate officers, to identify the theoretical profile of candidates for the appointment of Statutory Auditors in order to identify the qualitative and quantitative composition deemed optimal for the effective performance of the tasks and responsibilities entrusted to the Statutory Auditors of FinecoBank by law, supervisory provisions and the Articles of Association.

To this end, following the self-assessment activities carried out, by resolution of 11 March 2020, the Board of Statutory Auditors approved the document entitled "Qualitative and quantitative composition of the Board of Statutory Auditors of FinecoBank S.p.A.", which was also submitted to the Board of Directors for information at the meeting held on 12 March 2020. This document is available on FinecoBank's website ("Governance/Shareholders' Meeting" section).

Diversity policies

Save for applicable laws and regulations, the Board has adopted a specific policy with general guidelines on the structure, composition and remuneration of company bodies and of procedures to appoint company officers.

In this regard, the process regulated by the policy establishes, among others, some guidelines on company bodies and requirements of relative board members, in order to achieve a balance between internal and internal members and gender, and a composition that can effectively oversee all company operations in terms of management and controls, also considering the dimensions and complexity of the organisational structure of the Company. In this context, the policy, among other things, establishes criteria for professional standing, integrity, independence and gender for members of control bodies.

The principles and rules of this policy shall apply considering the provisions of national and EU laws and regulations on requirements for auditors, and, more in general, on the composition of the Board of Statutory Auditors, overall.

A breakdown of the members in office of the Board of Statutory Auditors by age and gender is provided below.

* * *

Members of the Board of Statutory Auditors meet the requirements of applicable laws and regulations. Save for indications below, on 15 December 2017, the Company was informed of the positive decision of the European Central Bank (ECB) on the suitability of its Board of Statutory Auditors.

As regards the personal and professional profile of each Auditor, see the information published on FinecoBank's website (www.finecobank.com, "Governance" section).

Members of the Board of Statutory Auditors have not provided advisory services to the Issuer.

After appointment, the Board of Statutory Auditors checks that each member meets the independence requirements of the TUF and the Corporate Governance Code and forwards the outcomes to the Board of Directors.

During the meeting held on 25 January 2019, the Board of Statutory Auditors verified the independence of its members in accordance with the Corporate Governance Code and article 148 of the TUF and article 144-novies of the Issuer Regulation, and forwarded outcomes to the Board of Directors.

In the assessment of independence requirements, no additional criteria were used apart from criteria in article 148, paragraph 3 of the TUF, in applicable industry regulations (if any), and in the Corporate Governance Code. Outcomes were published in a notice to the market.

The Statutory Auditors are subject to the limit on the number of positions held pursuant to article 144-terdecies of the Issuer Regulations. To the best of the Company's knowledge, none of the members of the Board of Statutory Auditors exceeds the limits on the number of board mandates referred to in article 144-terdecies of the Issuer Regulations, at the time of writing (including the mandate in FinecoBank). In addition to the above, the table shows the overall number of positions held by Auditors in office at the date of approval of this Report. The limit on the total number of positions held as Auditors, in line with the Directive CRD IV and the European Banking Authority guidelines on the suitability of the member of administrative body and key function personnel, issued on 21 March 2018 and applicable from 30 June 2018, was

considered in view of requirements applicable to positions held in the same group, to positions held in non-commercial organisations (that are not relevant for the total number of positions), and statements provided by auditors (also in accordance with note no. 1 of the table below).

Name	Total number of positions held by the Auditors	Number of relevant positions held
Elena Spagnol Chairman	3 non-executive positions	3 non-executive positions
Barbara Aloisi Statutory Auditor	7 non-executive positions	5 non-executive positions (1 )
Marziano Viozzi Statutory Auditor	4 non-executive positions	4 non-executive positions

(1 ) Considering (i) the impact of positions in the same group; (ii) that positions in companies having as objects to segregate and manage the own family assets are not relevant, the total number of positions complies with established limits, as well as (iii) the residual duration of the office in FinecoBank with reference to the position held in companies belonging to the UniCredit Group (group to which FinecoBank also belonged until 10 May 2019 and, therefore, until that date was not relevant for the purposes of limits on number of positions held), also taking into account the time commitment required from the Statutory Auditor to carry out that position, the total number of positions is not considered significant for the purposes of exceeding the limits on the number of positions held as referred to in current legislation.

Auditors shall also take into account provisions of article 36, Decree law no. 201 of 6 December 2011, converted with amendments into Law no. 214 of 22 December 2011 with provisions on "personal crossholdings in the credit and financial markets" it is forbidden for "those who hold offices in the management, control and supervisory bodies and the top officers of firms or groups of firms engaged in credit, insurance and financial markets, to accept or exercise similar positions in competing firms or groups of firms" (interlocking ban). Those who hold incompatible offices must notify the option exercised within 90 days of the appointment. Otherwise, on expiry of this deadline, they shall be removed from both offices. As regards the above, incompatibility due to interlocking does not apply to any of the Auditors in office.

The special authorisation procedure as of article 136 of the TUB applies, in the case of obligations of any kind or sale transactions undertaken by members of the Board of Statutory Auditors, directly or indirectly, with the bank in which they hold a position.

Statutory Auditors that have an interest in a specific transaction of the Issuer, on their own or on others' behalf, shall promptly inform other Statutory Auditors and the Chairman of the Board of Auditors in detail as to the nature, terms, origin and extent of their interest.

* * *

In accordance with Article 24 of the Articles of Association, and in order to properly perform its tasks, and in particular meet its obligation to promptly inform the Bank of Italy, and other Supervisory Authorities if required, on management irregularities or violations of the law, the Board of Statutory Auditors has broadest powers provided for by applicable laws and regulations.

The Board of Statutory Auditors, without prejudice to any other or more specific duty and power assigned to it by primary and secondary laws and regulations in force, monitors compliance with laws, regulations and the Articles of Association, as well as correct administration, adequacy of organisational and accounting arrangements of the Bank, the risk management and control system, as well as the functioning of the overall internal control system, external auditing of the accounts, the independence of external auditors and financial reporting process.

In performing its duties, the Board of Statutory Auditors liaises with the Internal Audit function and the Risks and Related Parties Committee, through ongoing communication and the exchange of information, as well as by taking part in meetings of the above mentioned Committee.

Without prejudice to the right of all Statutory Auditors to attend the meetings and the duty to attend the meetings of the Risks and Related Parties Committee for the Chairman of the Board or another auditor designated by the same Chairman, the Chairman of the Board or another auditor designated by the same may been invited by the Chair of each board committee.

* * *

The Chairman of the Board of Directors ensures that Auditors may take part, after their appointment and during their term of office, in the most appropriate way, in initiatives to give them adequate knowledge of the sector in which the Issuer operates, of company dynamics and their evolution, principles of correct risk management as well as applicable legal and selfregulatory framework. During the Year, all Statutory Auditors took part in "induction and training courses" referred to in Section 4.2.2. of this Report, and in specific cases in external courses.

The Board of Auditors met twenty-six times during the Year. Each meeting lasted on average two hours. With reference to 2020, until the Shareholders' Meeting called to appoint the new members of the corporate bodies (scheduled for April 20202), nine meetings of the Board of Statutory Auditors have been scheduled, of which five had already taken place at the date of approval of the Report.

For further information on the establishment, duties and functioning of the Board of Statutory Auditors, see the chapter "Board of Statutory Auditors" of FinecoBank's company bodies Regulations, available on the Issuer's website.

Self-assessment

The Board o Statutory Auditors carried out its annual self-assessment pursuant to the Corporate Bodies Regulations adopted in compliance with the Supervisory Regulations on Corporate Governance and the recommendations of the Corporate Governance Code, favourably evaluating the suitability of all members of the Board of Statutory Auditors and the composition

of the Board adequate in relation to the requirements set forth by the applicable legislation. The Board has also pointed out a balanced distribution of the competences within the Board.

The Board of Directors has given information on its self-assessment during the meeting of the Board of Directors held on 25 February 2020.

RELATIONS WITH SHAREHOLDERS The Company considers it fitting in its own interests and a duty for the market engage with its shareholders and institutional investors, in compliance with the procedure for disclosing company documents and information to the market, and in general in compliance with laws and regulations that govern the disclosure of inside information applicable to listed companies.

In this context, the Company, in compliance with article 9 of the Corporate Governance Code, considers the Shareholders' Meeting an important opportunity for Shareholders and Directors to engage, and consequently adopts measures that encourage shareholders to take part in the Shareholders' Meeting and exercise their right to vote. In this respect, save for Paragraph 16, below, Shareholders' Meeting are held on single call, in accordance with article 7 of the Articles of Association, unless the Board of Directors establishes that meetings are to be held in more than one session.

Pursuant to article 135-undecies of the TUF, the Company may appoint, for each Shareholders' Meeting, with information given in the notice of meeting, a person (company-appointed representative), that shareholders may appoint to act as proxy with instructions to vote on all or some items on the agenda, according to terms and procedures established by law.

Pursuant to Application Criterion 9.C.1 of the Corporate Governance Code, relations with institutional investors are instead overseen by the Investor Relator. In this regard, on 6 October 2016, this function has been internalised.

The Investor Relator reports continually to Company's Senior Management on requirements concerning disclosure to the financial market and in particular to investors.

The Investor Relator is therefore the point of contact between the Issuer and the market and works with the entire company to maintain and promote compliance with regulations on corporate reporting.

* * *

The Company has created a specific section on its website www.finecobank.com – which is easily identifiable and accessible – with information on the Company that is significant for shareholders, to enable them to exercise their rights in an informed manner. In particular, the section includes updated information on the Company and services offered, key documents on corporate governance, as well as all press releases on main company events, in addition to financial and accounting data. Information on the website is updated as promptly as possible, to guarantee the transparency and effectiveness of disclosure to the public.

C) OF THE TUF)

SHAREHOLDERS MEETINGS (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER In compliance with regulatory and legal provisions in force, the Ordinary Shareholders' Meeting, pursuant to the Articles of Association, is convened at least once a year, within 120 (one hundred and twenty) days from the end of the financial year, to resolve on items in its remit as established by laws in force and the Articles of Association. The Extraordinary Shareholders' Meeting is convened whenever there is a need to resolve on items in its remit as established by the applicable regulations.

The Shareholders' Meeting is convened as one session in compliance with laws in force, however in order to maintain adequate organisational flexibility, the Articles of Association establish that the Board may convene several sessions for individual Shareholders' Meetings.

Meetings are convened according to law, by notice published on the Company's Internet Site, as well as by other procedures required by law. The Agenda is established according to law and the Articles of Association, by the person with powers to convene Shareholders' Meetings.

Before the deadline for publishing the notice convening the meeting, based on each item on the agenda – or another term established by law – the Board of Directors shall make available to the public a report on each item on the Agenda.

The Agenda may be supplemented – according to the circumstances, procedures and terms established by laws in force – by shareholders that, even jointly, represent at least 2.5% of the share capital. Shareholders that request an item on the agenda to be added shall prepare a report stating the reasons for proposals to resolve on new items. Shareholders may also submit further proposals for resolutions on items already on the Agenda, giving relative reasons.

The Shareholders' Meeting meets at the Registered Office of the company or at another venue in Italy, indicated in the notice of meeting, and resolves with the majorities established by laws in force.

Quorums are not established in the Articles of Association, therefore in order for the Shareholders' Meeting to be duly established and for resolutions to be passed, laws in force shall be observed.

Pursuant to the Articles of Association, and in line with laws in force on remuneration and incentive policies and practices issued by Consob, and, for banks and banking groups, issued by the Bank of Italy, the Ordinary Shareholders' Meeting establishes the fees of the bodies it appoints, and also approves: (i) remuneration policies for Board Directors, employees and persons working for the company on a self-employed basis; (ii) remuneration plans based on financial instruments; (iii) payments agreed on in the event of the early termination of employment or early termination of an appointment, including the limits established for said fees in terms of annual fixed remuneration.

When approving remuneration policies, the Shareholders' Meeting may increase the limit of the ratio between variable and fixed remuneration up to a maximum of 2:1 or, if lower, to the maximum allowed by applicable laws in force. The Shareholders' Meeting votes on the Company's policy on the remuneration of Board Directors, the General Manager and Key Management Personnel, and the procedures used to adopt and implement this policy.

16.1 Legitimation, procedures for taking the floor and voting

Pursuant to applicable regulations, referred to in article 8 of the Articles of Association, persons

may take part in the shareholders' meeting and exercise their voting rights following notification sent to the Company, within the legal established time limits, by the intermediary authorised by law to keep the accounts, based on entries in accounting records relative to the end of the accounting day of the seventh open market day prior to the date established for the Shareholders' Meeting convened as a single session, or as a first session if the Board of Directors has planned for further sessions to take place.

The Articles of Association enable shareholders to take part in the Shareholders' Meeting using telecommunication means and to exercise voting rights digitally. The decision to activate these means is to be taken by the Board of Directors for each Shareholders' Meeting.

Pursuant to article 8 of the Articles of Association, each shareholder who may take part in Shareholders' Meetings can be represented by written proxy by another person, who is not necessarily a shareholder, provided this complies with legal provisions. Voting by proxy may also be authorised by a document signed digitally pursuant to laws in force and notified to the Company at the email address and according to procedures indicated in the notice of meeting, or by another procedure established by current laws in force.

In compliance with the Application Criterion 9.C.2 of the Corporate Governance Code, which recommends the involvement of directors in Shareholders' Meetings as an important opportunity for director/shareholder engagement, all directors usually take part in the Shareholders' Meetings of the Company. On these occasions, the Board of Directors, in particular, reports on past and planned activities and ensures shareholders are given sufficient information on items necessary for them to make informed decisions during shareholders' meetings.

The Board reports to the Shareholders' Meeting on past and planned activities within the context of the Directors' Report on Operations. It acts to ensure shareholders are given sufficient information on items necessary for them to make informed decisions during shareholders' meetings, in particular making sure that reports of Directors and additional information are made available in the times required by provisions of applicable laws and regulations.

7 Directors, the Chair of the Board of Statutory Auditors and the Statutory Auditors took part to the 2019 Annual General Meeting.

16.2 Proceedings of shareholdings' meetings

In accordance with the recommendations of the Corporate Governance Code (Application Criterion 9.C.3), as proposed by the Board of Directors, the Shareholders' Meeting adopted regulations for the orderly and functional proceedings of shareholders' meetings (hereinafter, the "Regulations for Shareholders' Meetings"). The Regulations for Shareholders' Meetings are available on the Company's website ("Governance/Documents" section).

Under article 8 of the Regulations for Shareholders' Meetings, persons who are entitled to take part in shareholders' meetings may take the floor as regards each item to discuss. Persons intending to take the floor shall request permission from the Chairman, submitting a written request with details of the issue the request refers to, after the Chairman has read the items on the Agenda and before he declares discussions, the request to take the floor refers to as closed. The Chairman may authorise requests to take the floor to be made with a show of hands, and in this case persons take the floor in the alphabetical order of their surnames.

Article 10 of the Articles of Association also establishes that the Chairman is assisted by a Secretary, selected by the attendees, who may also be a non-shareholder, by majority of those

attending. In addition to cases provided for by law, when the Chairman considers it appropriate, a notary may perform the function of Secretary, selected by the Chairman.

16.3 Significant changes in capitalisation and ownership structure

The capitalisation of FinecoBank went up by 1,168,713 during the Year, reaching 6,509,286 as at 31 December 2018.

As already mentioned in paragraph 1 above, during the year a series of actions were approved by FinecoBank and the former parent company UniCredit in order to implement the transition of FinecoBank outside the UniCredit Group, which was achieved through the sale by UniCredit of the ordinary shares held in FinecoBank. Without prejudice to what has just been described, there are no further significant changes in the composition of the company structure.

No proposals were made to the Shareholders' Meeting for amendments to the Articles of Association regarding the percentages established for the exercise of the shares and the prerogatives imposed for the protection of non-controlling interests.

ADDITIONAL CORPORATE GOVERNANCE PRACTICES Corporate governance practices – in addition to those already indicated above – and besides obligations provided for by laws or regulations, include the Company adopting a system for the internal reporting of violations (whistle-blowing), in compliance with Supervisory Regulations on Corporate Governance (Part I, Title IV, Chapter 3, Section VIII).

In this context, the Company has appointed the head of the compliance function as the person responsible for the whistle-blowing process, with necessary autonomy and independence from control functions; this position ensures proper management of the procedure and reports directly and without delay to company bodies on information reported, where relevant.

It should also be noted that, given that, since July 2017, the Company has been admitted to the so-called "cooperative compliance" regime, as per articles 3 to 7 of Legislative Decree 5 August 2015, no. 128, and that the identification of an adequate tax risk management and control system is one of the essential requirements not only for admission but also for remaining in the aforementioned regime, during 2019, as in previous years, in the context of contacts with the Inland Revenue, both the effectiveness and the adequacy of the system with respect to changes in the scope of business processes, have been analysed with positive results.

Moreover, in compliance with the obligations provided for, within the framework of the above mentioned collaborative compliance regime, the Head of the Taxation and Consultancy Unit shared, with the Management and Control Bodies, the prescribed annual report on the management of tax risk containing, in particular, the relevant tax information concerning the Group (i.e., the tax fulfilments carried out, the checks carried out in relation to these, the results that emerged, the mitigation actions taken to remedy any anomalies detected, as well as the planned activities) for the examination and consequent assessments.

In confirmation of its high level of sensitivity in terms of tax risks, since 2017 the Bank has adopted, by resolution of the Board of Directors, FinecoBank's tax strategy, updated in January 2020, which focuses on the guidelines and principles adopted by the Bank in managing tax issues and in particular the associated risk (whether of a sanctioning or reputational nature) in line with its strategic objectives and in compliance with OECD recommendations.

CHANGES AFTER THE END OF THE YEAR No changes in the corporate governance structure had occurred after the end of the reporting period, other than those specifically described in the Report.

CORPORATE GOVERNANCE COMMITTEE

CONSIDERATIONS ON THE LETTER OF 19 DECEMBER 2019 OF THE CHAIR OF THE The Chairman of the Board of Directors received and informed the Board, during the meeting of 15 January 2020, of recommendations in the letter of 19 December 2019 of the Chair of the Corporate Governance Committee. The contents of this letter were reported to the Corporate Governance, Nominations and Sustainability Committee, the Risks and Related Parties Committee and Remuneration Committee, in meetings of 6 and 7 February 2020. Recommendations have also been submitted to the Board of Statutory Auditors.

The Directors, having examined the issues and the principles of the letter, took into consideration the general system and the rules of corporate governance adopted by the Company, believe that the Company's governance is consistent and substantially in line with the recommendations referred to in the letter and they had no further considerations to make or initiatives to take.

AI Terminal

FinecoBank

4321_cgr_2020-04-06_01126366-0711-475f-935d-5aa8601bc887.pdf

Contents

GLOSSARY

INTRODUCTION

1.1. Corporate governance model

1.1.1 Shareholders' Meeting

1.1.2 Board of Directors

1.1.3 Board committees

1.1.4 Board of Statutory Auditors

1.1.5 External Auditors

2. INFORMATION ON OWNERSHIP STRUCTURES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 1 OF THE TUF) a) Structure of Share Capital (pursuant to article 123-bis, paragraph 1, letter a) of the TUF)

b) Restrictions on the transfer of securities (pursuant to article 123-bis, paragraph 1, letter b) of the TUF)

c) Significant holdings in capital (pursuant to article 123-bis, paragraph 1, letter c of the TUF)

d) Securities conferring special rights (pursuant to article 123-bis, paragraph 1, letter d) of the TUF)

e) Employee shareholdings: mechanism to exercise voting rights (pursuant to article 123-bis, paragraph 1, letter e) of the TUF)

f) Restrictions on voting rights (pursuant to article 123-bis, paragraph 1, letter f) of the TUF)

g) Shareholder agreements ( pursuant to article 123-bis, paragraph 1, letter g) of the TUF)

h) Change of control clauses (pursuant to article 123-bis, paragraph 1, letter h) of the TUF and statutory provisions on Takeover bids (pursuant to articles 104, paragraph 1-ter, and 104-bis, paragraph 1)

i) Delegated powers to increase share capital and authorisation to purchase treasury shares (pursuant to article 123-bis, paragraph 1, letter m) of the TUF)

l) Management and coordination (pursuant to article 2497 and subsequent of the Civil Code)

TUF)

4. BOARD OF DIRECTORS 4.1 Appointment and replacement (pursuant to article 123-bis, paragraph 1, letter l), of the TUF)

Succession Plans

4.2 Composition ( pursuant to article 123-bis, paragraph 2, letter d) of the TUF)

Diversity policies

4.2.1. Maximum number of board mandates in other companies

4.2.2. Induction and ongoing training

4.3 Role of the Board of Directors ( pursuant to article 123-bis, paragraph 2, letter d) of the TUF)

4.3.1 Duties

4.3.2 Meetings and functioning

4.3.3 Self-assessment

4.3.4 Competing activities

4.4 Executive bodies and officers

4.4.1 Managing Director and General Manager

4.4.2 Chairman of the Board of Directors

4.4.3 Reporting to the Board of Directors

4.5 Other executive directors

4.6 Independent directors

4.7 Lead Independent Director

*******

6. BOARD COMMITTEES (PURSUANT TO ARTICLE 123-BIS, PARAGRAPH 2, LETTER D) OF THE TUF)

7.1. Composition

Committee was as follows:

7.2. Functioning

7.3 Duties and Responsibilities

7.4 Activities performed

9.1. Composition

9.2. Functioning

9.3. Duties and Responsibilities

9.4. Activities performed

10. REMUNERATION OF DIRECTORS

Board of Directors and Risks and Related Parties Committee

Board of Statutory Auditors

Control functions

The Risk Management function

The Compliance Function

11.1 Director in charge of the Internal Control and Risk Management System

11.2 The Internal Audit Function

11.3 Compliance programme pursuant to Legislative Decree no. 231 of 8 June 2001

11.4 External Auditors

11.5 Financial Reporting Officer

Financial reporting process

11.6 Coordination of entities involved in the internal control and risk management system

12. DIRECTORS' INTERESTS AND RELATED-PARTY TRANSACTIONS

14. COMPOSITION AND FUNCTIONING OF THE BOARD OF STATUTORY AUDITORS

Diversity policies

Self-assessment

C) OF THE TUF)

16.1 Legitimation, procedures for taking the floor and voting

16.2 Proceedings of shareholdings' meetings

16.3 Significant changes in capitalisation and ownership structure

CORPORATE GOVERNANCE COMMITTEE

More from FinecoBank

Talk to a Data Expert