INSIGNIA FINANCIAL LTD — Governance Information 2021

Oct 21, 2021

IOOF Holdings Ltd GPO Box 264 ABN 49 100 103 722 Melbourne VIC 3001 Level 6, 161 Collins Street Phone 13 13 69 Melbourne VIC 3000 www.ioof.com.au

==> picture [95 x 75] intentionally omitted <==

22 October 2021

Corporate Governance Statement

IOOF today released its Appendix 4G which contains a link to IOOF’s Corporate Governance Statement. In accordance with ASX Listing Rule 4.7.4, a copy of that Corporate Governance Statement is attached.

-ENDS-

Authorised for release by the Company Secretary of IOOF Holdings Ltd.

Enquiries:	Media enquiries:
Cary Helenius	Kristen Allen
Executive Director	GM Corporate Affairs & Reputation
Market Eye	IOOF
M: +61 403 125 014	M: +61 412 759 753
E:investorrelations@ioof.com.au	E: kristen.allen@ioof.com.au

About IOOF Holdings Ltd

IOOF has been helping Australians secure their financial future since 1846. During that time, we have grown substantially to become one of the largest groups in the financial services industry.

IOOF provides advisers and their clients with the following services:

• Financial Advice services via our extensive network of financial advisers;

• Portfolio Management and Administration for advisers, their clients and hundreds of employers in Australia; and

• Investment Management products that are designed to suit any investor’s needs.

Further information about IOOF can be found at www.ioof.com.au

==> picture [89 x 65] intentionally omitted <==

IOOF

Corporate Governance Statement

The Board of Directors (Board) of IOOF Holdings Ltd (IOOF) is responsible for the governance of IOOF and its subsidiaries and related bodies corporate (the Group). Key aspects of the Group’s corporate governance framework, policies and practices are set out in this Corporate Governance Statement (Statement).

Introduction

Our approach to corporate governance is based on a set of values and behaviours that underpin day-to-day activities, provide transparency and fair dealing, and seek to protect stakeholder interests. The Board and management of IOOF recognise the importance of good corporate governance and are committed to maintaining the highest standards of corporate governance within the Group.

This Statement:

• reports against the ASX Corporate Governance Principles and Recommendations, 4th Edition (ASX Governance Principles) and the practices detailed in this Statement are current as at 23 September 2021; and

• has been approved by the Board.

Further information regarding IOOF’s compliance with the ASX Governance Principles is set out in IOOF’s Appendix 4G, which is a checklist cross-referencing the ASX Governance Principles to the relevant disclosures in this Statement or other relevant documents.

This Statement along with our ASX Appendix 4G was lodged with the ASX on 22 October 2021. Details about the ASX Governance Principles can be found on the ASX Limited (ASX) website www.asx.com.au

IOOF’s Board Charter, Code of Conduct and the Terms of Reference for the Board Committees identified in this Statement can be located here https://www.ioof.com.au/ about-us/about-ioof/corporate-governance

Board oversight of management and Committees

Roles and responsibilities of the Board

The Board Charter outlines the roles and responsibilities of the Board and management. Some of the key responsibilities of the Chief Executive Officer (CEO) are as follows:

• Embed the Group culture, reflecting the Group’s Principles[1] and Code of Conduct.

• Ensure that decisions are made and resources are used only to further the Purpose[1] and Strategy[1] .

• Implement the Group’s Strategy and business plan, operating within the budget and risk appetite set by the Board.

• Exercise the powers delegated by the Board in conformity with the duties imposed on directors under the Corporations Act and IOOF’s Constitution.

1 As that term is defined in the Board Charter

1

IOOF | Corporate Governance Statement

• Ensure that decisions are made in the best interests of shareholders and take into account other stakeholder interests as appropriate, including customers, beneficiaries, members, employees and the community.

• Maintain systems of risk management, compliance and internal controls for financial and non-financial risk.

• Ensure that all material matters and any material correspondence from regulators are brought to the attention of the Board in a timely manner to enable the Board to discharge its responsibilities.

The key responsibilities of the Board are oversight of the strategic direction of the Group and the effective oversight of management. This includes the following, as well as specific matters reserved to the Board set out in the Charter:

• Oversight of management in embedding the Group culture reflecting the Group’s Principles[2] , Code of Conduct and a sound risk management culture.

• Developing the Group’s Strategy with management and monitoring the implementation of the Strategy and achievement of financial objectives.

• Monitoring compliance with regulatory requirements.

• Monitoring the effectiveness of corporate governance practices.

• Challenging management whenever required and holding management to account.

• Considering environmental, social and ethical impacts of the Group’s activities.

Appointment of Directors

The Board is responsible for the review of the Board’s composition and performance.

The Group Nominations Committee assesses candidates for recommendation to the Board for appointment and election. In the case of appointment, candidates are assessed paying particular attention to the mix of skills, experience, expertise, diversity (see below) and other qualities of existing directors. It is considered how the candidate’s attributes will balance and complement those qualities. The process includes consideration of the following:

• Selection criteria, having regard to the Board skills matrix.

• An assessment of a candidate’s independence.

• Background checks and a fit and proper analysis.

• Current and past associations of candidates.

• The appropriateness of other directorships.

• The ability of the candidate to meet the time commitment required (as advised to the candidate) and receipt of an acknowledgement from the candidate that they will have sufficient time to fulfill their responsibilities as a director.

Should a Board vacancy fall between Annual General Meetings (AGM), a person may be appointed by the Board to fill a casual vacancy or as an addition to the Board. The director then holds office until the next AGM and is eligible for election at that meeting.

In the case of a director who has been appointed by the Board and seeks election for the first time, or the re-election of a director, the assessment process takes annual performance reviews into account. The AGM notice includes information about each candidate and a recommendation of the Board as to whether shareholders should vote in favour of the election or re-election of a director.

A new director receives an appointment letter setting out the terms of appointment and a deed of indemnity.

Directors Induction and Continuing Professional Development

On appointment, each new director undertakes an induction program to familiarise the director with the Group’s business and strategy. The program is structured to make sure that the new director is introduced to senior management and acquainted with relevant business operations. This includes access to a directors’ induction pack containing information about corporate governance policies and the business of the Group, along with one-on-one sessions with senior executives.

Each director is required to accrue Continued Professional Development (CPD) hours. Directors are supported through in-house education and access to any external training required to maintain the skills and knowledge needed to perform their roles as directors effectively

Independence of Directors

The Board has adopted a policy that the majority of its directors must be independent. It makes an independence assessment upon a director’s appointment and then annually, as well as if any new information or change in circumstance requires a reassessment.

The Board has adopted the approach in the ASX Governance Principles and considers that a director is independent if the Board assesses the director as being free of any interest, position or relationship that might influence, or reasonably be perceived to influence, in a material respect, their capacity to bring an independent judgement to bear on issues before the Board and to act in the best interests of IOOF as a whole rather than the interests of an individual security holder or other party. The Board takes into account the following in making that assessment:

• Executive relationship – The person is, or has been, employed in an executive capacity by IOOF or any of its subsidiaries or its related bodies corporate and there has not been a period of at least three years between ceasing such employment and serving on the Board.

2 As that term is defined in the Board Charter

2

IOOF | Corporate Governance Statement

==> picture [484 x 682] intentionally omitted <==

----- Start of picture text -----

• Performance-based remuneration – The person receives
Skills and experience No of
performance-based remuneration (including options or Directors
performance rights) from, or participates in, an employee
Industry
incentive scheme of IOOF.
Superannuation 6
• Material business relationship – The person is,
or has been within the last three years, in a material Financial planning 4
business relationship (e.g., as a supplier, professional Funds management 4
adviser, consultant or customer) with IOOF or any of its Trustee 6
subsidiaries or its related bodies corporate, or is an officer
Mergers and Acquisitions 6
of, or otherwise associated with, someone with such
a relationship. Responsible Entity 6
• Substantial holder – The person is, represents, or is or has Insurance 5
been within the last three years an officer or employee of, Operations 6
or professional adviser to, a substantial holder.
Human Resources 6
• Close personal ties – The person has close personal ties
Influencer and negotiator 6
with any person who falls within any of the categories
described above. Crisis management 6
• Long tenured director – The person has been a director Strategic alignment
of IOOF for such a period that their independence Strategic thinking 6
from management and substantial holders may have Strategic initiatives:
been compromised.
Access to capital and strategic funding options 5
The Board has assessed the independence of each Reporting and optimisation 4
non-executive Director and has concluded that all are
Customer relationships 4
independent. Accordingly, at the date of this report, five
of the six Directors (being all the Non-Executive Directors) Technical
are considered independent. Accounting and tax 3
Financial reporting literacy 6
Board skills matrix
Audit 5
The Group Nominations Committee reviews the balance
Business management 5
of skills, experience, independence, knowledge and diversity
of Directors. This involves the creation of a board skills matrix Stakeholder engagement 4
setting out the mix of skills and diversity that the Board Legal 2
currently has or is looking to achieve in its membership. The Education 6
Board considers that its collective aptitude for a particular skill
Governance
is strong if two 2 or more Board members possess that skill.
Regulators 6
The following table summarises the board skills matrix for the
Policy development 6
reporting period and the skills and experience of the Directors.
Audit expertise 4
Skills and experience No of
Risk and compliance expertise 6
Directors
Information Technology 5
Threshold capabilities
Executive management 5
Honesty and integrity 6
Commercial experience 5
A proven track record of creating value for 6
shareholders Environment and social 3
Time available to commit to the 6
An external evaluation of the board skills matrix was
responsibilities
commenced during the reporting period to assist the Board
A preparedness to question, challenge and 6
in its assessment of whether it has the appropriate mix of
critique
competencies and skills to address existing and emerging
A willingness to understand and commit to 6
business and governance issues, and to align with the strategic
the highest standards of governance
----- End of picture text -----

An external evaluation of the board skills matrix was commenced during the reporting period to assist the Board in its assessment of whether it has the appropriate mix of competencies and skills to address existing and emerging business and governance issues, and to align with the strategic objectives of IOOF. We look forward to sharing the refreshed Board skills matrix in the 2022 Corporate Governance Statement.

3

IOOF | Corporate Governance Statement

Chair

The Board elects an independent Non-Executive Director as Chair. The current Chair is Mr Allan Griffiths.

The principal role of the Chair is to lead the Board and ensure that high governance standards are maintained, with responsibilities including the following:

Internal responsibilities

• Establishing and maintaining a working relationship with management.

• Establishing and maintaining a working relationship with the CEO and CEO succession planning.

• Setting the tone for the Board, leading through living the Principles[3] .

• Making sure relevant, accurate, timely and sufficient information is provided to Board meetings.

• Taking the lead in relation to performance and succession planning, induction and continuing director education and development.

External responsibilities

• Representing the Board and IOOF to external stakeholders.

• Chairing shareholder meetings.

Company Secretary

The Company Secretary is responsible for the operation and management of the company secretariat function. The Company Secretary has a dual reporting line to the CEO and the Chair (on behalf of the Board) with respect to the proper functioning of the Board. Each member of the Board has access to the Company Secretary.

The appointment and removal of the Company Secretary is determined by the Board.

• Chairing board meetings efficiently and making sure adequate time is available for discussion of all matters, including encouraging contributions and fostering open, inclusive and constructive debate.

Board and Board Committee Membership

==> picture [483 x 285] intentionally omitted <==

----- Start of picture text -----

Director Director since Status Group Audit Group Risk & Group Group
Committee Compliance People & Nominations
Committee Remuneration Committee
Committee
Mr Allan Griffiths July 2014 Non-Executive Member Member Member Member
Director
and Chair,
independent
Mr Renato Mota June 2019 Chief Executive
Officer
Ms Elizabeth September 2015 Non-Executive Member Chair Member Member
Flynn Director,
independent
Mr John Selak October 2016 Non-Executive Member Member Chair Member
Director,
independent
Mr Andrew September 2019 Non-Executive Member Member Member Chair
Bloore Director,
independent
Ms Michelle October 2019 Non-Executive Chair Member Member Member
Somerville Director,
independent
----- End of picture text -----

The skills and experience of the members, the number of times the Committees met and individual attendances of the members at those meetings can be found in the Directors’ Report within the 2021 Annual Report.

3 As that term is defined in the Board Charter

4

IOOF | Corporate Governance Statement

Board Committees

Board Committees comprising all independent directors, including an independent director as Chair, have been established to assist the Board in discharging its responsibilities. The responsibilities of each Committee are set out in a Terms of Reference for that Committee.

Members and their qualifications are set out in the Directors’ Report within the 2021 Annual Report.

Group People & Remuneration Committee

The Board has established a Group People & Remuneration Committee to assist the Board in relation to people and culture, remuneration policies and practices for Directors and employees and succession planning for senior executives.

See page 11 for additional information on our remuneration approach.

Group Nominations Committee

The Board has established a Group Nominations Committee to assist the Board in relation to the nomination of Board members, composition of the Board, succession planning and performance evaluation of directors.

Group Audit Committee

The Board has established a Group Audit Committee to provide assistance to the Board in relation to financial reporting, audit and taxation (see page 8 for additional information).

Group Risk & Compliance Committee

The Board has established a Group Risk & Compliance Committee, which is responsible for reviewing risk and compliance on behalf of the Board (see page 9 for additional information).

Performance

Board, Board Committees and Directors

The performance of the Board, Committees and Directors (including that of the Chair) is reviewed annually either through an internal process or an independent third party.

In 2021, the Board and all Board Committees conducted a skills and performance evaluation by way of an external assessment carried out by an independent third party. The Board performance review included evaluation to determine: the effectiveness and composition of the Board; identify gaps in skills, experience and expertise; consider the operation and business of the Board and interaction with management; the Board’s influence and alignment with organisational values and culture; and the Board’s role and engagement in stakeholder relations. Action items from that review are in the course of being assessed and implemented.

Management

All Executive candidates undergo appropriate background checks before appointment.

The Board, in conjunction with the Group People & Remuneration Committee, is responsible for approving the performance objectives and measures for the CEO and other senior executives and providing input into the evaluation of performance against these objectives. The Group Audit Committee and the Group Risk & Compliance Committee also refer to the Group People & Remuneration Committee any matters that they may consider appropriate with respect to remuneration policy or practices.

Management performance evaluations for the financial year ended 30 June 2021 were conducted following the end of the financial year.

There is further discussion on performance objectives and performance achieved in the Remuneration Report in the 2021 Annual Report.

Ethical and responsible decision making

The IOOF Group is committed to the highest standards of conduct and ethical behaviour in all our business activities, and to promoting and supporting a culture of honest and ethical behaviours, corporate compliance and good corporate governance.

Code of Conduct

The Board has adopted a Code of Conduct (the Code) which applies to all Directors, officers, employees, contractors and consultants within the Group and is designed to ensure a high standard of honest and ethical corporate and individual behaviour. Each employee is required to read and accept the Code as part of their induction and then review its terms annually.

The IOOF Principles that underpin the Code include:

• Be Human – We treat those around us the way we’d like to be treated – openly, honestly and respectfully.

• Deliver what matters – We make sure we understand what matters to every client and we make it happen.

• Stronger together – Only by working together can we truly serve our clients.

• Keep it simple – We remove complexity.

• Do what’s right, not what’s easy – We back ourselves to make the right call. We speak up.

Our Code is an undertaking from all our people outlining the standards and principles we have agreed to adopt. As we work in our day-to-day roles and deliver on our advice-led strategy, we all play a vital role in upholding the standards of the Code for our clients, the community and each other.

5

IOOF | Corporate Governance Statement

The Code interacts with various Group policies and associated practices including the following: Anti-Bribery and AntiCorruption Policy, Anti-Money Laundering and Counter Terrorism Financing Program – Parts A and B, Incidents and Breaches Policy, Confidentiality Undertaking, Conflicts Management Framework, Conflicts Management Policy, Drug and Alcohol Policy, Fraud Policy, Internal Social Media Policy, IT Code of Conduct Policy, IT Acceptable Use Policy, IT Security Policy, Managing Performance and Conduct Policy, Workplace Health & Safety Policy and Whistleblower Policy.

Breaches of the Code of Conduct are reported to the Board and relevant risk and compliance committees. The IOOF Code of Conduct is available on our website.

Securities Trading

Under the Personal Trading in Securities Policy (Group Trading Policy) , Directors, employees and certain associates of those persons are restricted from dealing in securities (including IOOF securities) if they are in possession of inside information. The Group Trading Policy aims to balance the personal investment interests of IOOF staff with the responsibilities and interests of IOOF, its shareholders and the market by ensuring that all personal trading and investing activities are lawfully and properly conducted.

The Group Trading Policy also prohibits Directors, employees and certain restricted persons from trading in IOOF securities during ‘blackout periods’ as defined in the Policy. The Group Trading Policy provides for some exceptional circumstances where trading may be permitted during a prohibited period with prior written approval.

Directors have entered into an agreement with IOOF which requires approval before trading in IOOF’s securities as well as ongoing disclosure to IOOF of any change in the Director’s interest in securities within three business days of the change occurring. Certain restricted employees are also required to obtain consent before conducting any trading in IOOF securities.

The Group Trading Policy prohibits employees and their associates from engaging in trading in IOOF shares where the trading is likely to be considered short-term, speculative or excessive. It also prohibits employees from hedging interests that have been granted under any IOOF employee share plan that are either unvested or subject to a holding lock. Any staff margin lending arrangements over IOOF shares are required to be notified to the Company Secretary.

A copy of the Group Trading Policy is available on our website.

The IOOF Group has an additional policy which governs the personal trading activities of certain staff who may have access to inside information about funds, companies and business which have been obtained during the course of their employment and is not otherwise publicly available. This includes staff in the Asset Management division, the Advice Research team and Bridges Financial Services.

Whistleblower Protection

Under the IOOF Whistleblower Policy, employees (and other eligible whistleblowers) are encouraged to raise any concerns and report instances of misconduct (including dishonest or illegal activity). IOOF is committed to absolute confidentiality and fairness in all matters raised under the Policy and whistleblowers will not be personally disadvantaged in their employment by having made a report in accordance with the Policy. A whistleblower may elect to report anonymously.

The Whistleblower Policy outlines the channels for reporting internally or externally including to the Whistleblower Hotline. A whistleblower may report to the IOOF Whistleblower Protection Officer (WPO), who is appointed to safeguard the interests of Whistleblowers, so they feel free to report without fear of retaliatory action. The WPO will provide reports of any Whistleblower notifications to the Chair of the Group Risk & Compliance Committee (and any other relevant Risk & Compliance Committees). The IOOF Whistleblower Investigation Officer (WIO) will work with an investigations team to review, assess and prepare a findings report on all Whistleblower Reports. The WPO and the WIO will work independently of each other and each will be provided direct and unrestricted access to financial, legal and operational assistance when this is required for an investigation.

Once an investigation has been completed, depending on the nature of the disclosure, the final report is provided to the Chair of the Group Audit Committee, Chair of the Group Risk & Compliance Committee (and any other relevant Audit or Risk & Compliance Committees) and the CEO. The IOOF Whistleblower Policy is available on our website.

Anti-Bribery and Anti-Corruption

The IOOF Anti-Bribery and Anti-Corruption Policy prohibits employees from engaging in any activity that constitutes bribery or corruption, and provides a framework to ensure that related risks within IOOF’s businesses are properly identified, mitigated and managed.

Breaches of the Policy will be dealt with in accordance with the IOOF Incidents and Breaches Policy and are reported to the Board.

The IOOF Anti-Bribery and Anti-Corruption Policy is available on our website.

Diversity and Inclusion

At IOOF, we believe that by creating an environment which allows people to bring their whole selves to work, they will feel more connected to the organisation and operate at their best, both personally and professionally. This is a key enabler to sustainable business success, ensuring we attract and retain the best people. All our people are equal at IOOF and this is reflected in our culture and operations.

6

IOOF | Corporate Governance Statement

This belief exists strongly in our culture. In August 2020, IOOF initiated a program of work to understand and define our culture through a data-driven approach. This analysis determined that the primary cultural motivation is that of belonging – creating structure, processes and an environment where our people and clients feel they are part of something. This type of culture encourages people, through behaviour and ways of working, to be themselves. It recognises and celebrates the value of individual difference. This applies to employees and clients alike. This culture is central to creating true diversity and inclusion in our workplace.

Our Diversity and Inclusion Plan details our vision, strategy and the steps we will take to achieve this. The plan was developed in consultation with the IOOF Executive Team, Directors and the IOOF Diversity and Inclusion Advisory Committee and focuses on four key pillars:

• 1 Gender balance

• 2 Inclusion and belonging

• 3 Culture, leadership and environment

• 4 Supporting recruitment practices

Some of the key achievements in the diversity and inclusion space during financial year 2021 include:

• Improved female representation at executive, senior manager and other manager levels reaching our 40% target.

• A financial wellbeing program accessible to all our people which included financial support for financial advice.

• Partnership with ’Financial Executive Woman’ which provides education and support and is accessible to all our employees.

• Financial sponsorship of the ’Positive Progression of Women Awards’.

• Development of ‘Our leading women’ female talent development program.

• Scaling the Diversity and Inclusion Advisory Committee who act as a representative body on behalf of all employees and a sounding board for matters related to the Diversity and Inclusion Action Plan and support delivery of the plan.

• Roll-out of a compulsory diversity and inclusion learning module, supported by Executive-led webinars.

• Partnership with ‘Pride in Diversity’ which provides education and support accessible to all of our people.

• Carried out a detailed gender pay analysis and implemented an action plan to address any gender pay gap.

• Whole company webinars delivered on the Diversity and Inclusion Action Plan, Reconciliation and International Women’s Day.

• Increase in positive sentiment around diversity and inclusion in our engagement survey:

• +9 points – ‘I feel like I belong at IOOF’

• +10 points – ‘Our leaders champion the importance of diversity and inclusion’

The table below displays the number of women in Board, executive and senior management positions, and across the whole workforce:

==> picture [229 x 141] intentionally omitted <==

----- Start of picture text -----

Category Female Female
Representation Representation
July 2020 July 2021 [1 ]
Board (excluding CEO) 40.00% 40.00%
Executives 27.27% 35.70%
(including CEO)
Senior Managers [2] 36.27% 45.10%
Other Managers [3] 40.53% 41.30%
Total workforce 49.12% 49.50%
----- End of picture text -----

• 1 This data set includes leaders who transferred from MLC to IOOF in June 2021.

• 2 Senior Managers includes all roles reporting to an Executive, excluding administrative support roles.

• 3 Other Managers includes all other managers.

Our Diversity and Inclusion Action Plan is available on our website.

The IOOF Foundation

At IOOF we are dedicated to making an ongoing positive contribution to the communities in which we live. In the financial year 2021, the IOOF Foundation contributed more than $700,000 to community organisations, bringing the total funds distributed since its inception to more than $16 million. Our grants program offers long term grants (up to three years) in areas that have been historically important to IOOF and also to the wider Australian community. To date we have focused on mental health, aged care, families, and at-risk children and youth.

Detailed information can be found in our Environmental, Social and Governance (ESG) report within our 2021 Annual Report.

Our people

At IOOF we strive to create an environment where our employees are engaged, inspired and motivated to grow with us.

We are committed to attracting and retaining the best talent. We recognise the value of diversity and embrace an inclusive culture where people from diverse backgrounds, with different skills, knowledge and experiences can develop their unique talents.

Equipping our people with the right tools, knowledge and development opportunities is an investment we make for our future success. We continue to focus on our employees’ safety, health and wellbeing, providing diverse support and educational opportunities to ensure they thrive. This includes career and development planning, learning opportunities, and commitment to financial study support. In addition, we offer a range of programs and services to support the wellbeing of all employees, including investing in and promoting initiatives to support employee mental and physical health.

Further information can be found in our ESG report within our 2021 Annual Report.

7

IOOF | Corporate Governance Statement

Financial reporting

The Board has a strong commitment to the integrity and quality of its financial reporting and its systems for risk management, compliance and internal control. The Board of IOOF receives regular reports about the financial condition and operational performance of IOOF and its subsidiaries and related bodies corporate. The CEO and Chief Financial Officer report in writing to the Board that the consolidated financial statements of IOOF and each of the subsidiaries and related bodies corporate for each half year and full year present a true and fair view, in all material respects, of the Group’s financial condition and are in accordance with accounting standards. In addition, they report on the Group’s risk management system (financial, strategic and operational) and its effectiveness.

Unaudited financial information is provided to the market in the form of the Directors’ Report, quarterly Funds Under Management and Administration (FUMA) updates, and other ad hoc market updates such as profit guidance. The content of these reports and updates is verified through monthly management reports, with key strategies reviewed by relevant executive team members and their teams to ensure they are relevant and current before release to the market.

Group Audit Committee

The Board has established a Group Audit Committee to provide assistance to the Board in in relation to financial reporting, audit and taxation.

The primary objectives of the Committee are oversight of the following:

• The system of risk management, compliance and internal control framework relating to financial information, reporting and disclosure.

• Financial reporting (including professional accounting) requirements, including regulatory reporting.

• The internal audit function (including appointment of the internal auditor).

• The external audit function (including appointment of the external auditor).

The Committee comprises five independent Directors. The Chair of the Committee is not the Chair of the Board. All Group Audit Committee members have appropriate financial experience, an understanding of the financial services industry and satisfy the independence requirements under the ASX Governance Principles.

External auditor

The role of the external auditor is to provide an independent opinion that the financial reports are true and fair, and comply with applicable regulations.

Our external auditor is KPMG. The external auditor receives all Group Audit Committee and Group Risk & Compliance Committee papers, attends all meetings of these Committees and is available to Committee members at any time. The external auditor has the opportunity to present to the Group Audit Committee at least annually, and in practice at each Group Audit Committee meeting, without management being present. The external auditor attends the AGM to answer questions from shareholders regarding the conduct of its audit, the audit report, financial statements and its independence.

KPMG is required to confirm its independence and compliance with independence standards. In order to ensure this independence, the roles of lead audit partner and review audit partner must be rotated every five years and cannot be resumed by the same person for a minimum of five years.

The Board has also adopted a formal policy on the provision of non-audit services from any audit firm engaged.

Internal audit

During the reporting period, the internal audit function was performed by PricewaterhouseCoopers (PwC) . Pursuant to its governing charter, the scope of responsibility of internal audit was to determine whether the organisation’s network of risk management, control and governance processes were adequate and functioning. Internal audit reported administratively to the Chief Risk Officer and functionally had a direct reporting line to the Chair of the Group Audit Committee.

As of 1 July 2021, IOOF’s internal audit activities are undertaken by the Group Internal Audit function, which is governed by a Charter approved by the Group Audit Committee. The role of Group Internal Audit is to provide the Board and management with independent and objective assurance on the effectiveness of the Group’s governance, risk management and internal control processes. To maintain its necessary independence, Group Internal Audit has no direct operational responsibility or authority over any of IOOF’s business or risk management activities.

Functional responsibility for Group Internal Audit resides with the General Manager, Group Internal Audit, whose appointment is approved by the Board. The General Manager, Group Internal Audit reports directly to the Group Audit Committee and to relevant subsidiary Audit Committees. Group Internal Audit has full and unrestricted access to all of IOOF’s information systems, records, physical properties and employees in order to carry out its activities. The work of Group Internal Audit is guided by The International Professional Practices Framework provided by the Institute of Internal Auditors. The Group Audit Committee monitors Group Internal Audit’s activities and performance, including its independence.

8

IOOF | Corporate Governance Statement

Market and shareholder communication

Market disclosure

The Board is committed to keeping its shareholders and the market fully informed of material developments that may have an impact on the Group. In line with this commitment, IOOF maintains a Disclosure and Communications Policy which governs how we communicate with shareholders and the investment community.

The Disclosure and Communications Policy is designed to ensure compliance with IOOF’s obligations under the ASX Listing Rules and the Corporations Act. Procedures are in place to identify matters that are likely to have a material effect on the price of the IOOF’s securities and to ensure notifications to the ASX are factual and made in a timely manner in accordance with the ASX Listing Rule requirements. Processes for engagement with analysts and investors are also detailed in this Policy, including a requirement that any investor or analyst presentation is released to the ASX ahead of the presentation. Once relevant information is disclosed to the market, it is also published on the IOOF website.

The Board is supported by a management Disclosure Committee which is responsible for considering potentially market sensitive information, and monitoring IOOF’s disclosure processes and reporting framework. The Terms of Reference for the Disclosure Committee are available on the IOOF website.

The Company Secretary has been nominated as the person responsible for all communications with the ASX, and Board members are provided with copies of all material market announcements once they have been made.

Information about IOOF and its governance framework

IOOF recognises the right of shareholders to receive effective communication which ensures shareholders are informed of all necessary information to fully assess the performance of the Group. IOOF communicates shareholder information about the Group through its Annual Report, disclosures to the ASX, at the AGM and via the IOOF website. In addition, shareholders have the opportunity to receive relevant documentation electronically via IOOF’s Registry and can communicate with IOOF via email.

The Board encourages active participation by shareholders at any IOOF shareholders meeting. The Board encourages shareholders to attend the AGM and take the opportunity to ask questions of the Board either at the meeting or ahead of the meeting. The meeting for 2021 will be held as a virtual event. The external auditor attends the AGM and is available to answer any questions relevant to the audit report.

The Board ensures that the Notice of Meeting and Explanatory Notes are clear and concise and provides shareholders with

all necessary information on the business to be considered in order for them to make an informed decision when voting. Resolutions are decided by poll. These materials, together with any presentations made at the AGM and the voting results, are released on the ASX.

Shareholders may appoint proxies and lodge proxy instructions for items of business to be considered at general meetings.

Investor relations program

IOOF has a scheduled program of regular disclosures to the ASX on its financial results. IOOF also hosts strategy briefings, meetings, telephone calls and webcasts for institutional and retail investors, analysts and financial media to give further information on the business, in addition to the half year and full year results.

Advance notice of investor and analyst briefings is announced via the ASX and a copy of the presentations are also made available on the ASX and IOOF websites. In all communications with investors, analysts and media, only publicly available information or information which is not market sensitive is discussed.

Risk management

Roles and responsibilities

The Board recognises that effective management of risk is an integral part of sound governance and is vital to the continued growth and success of IOOF. The Board is ultimately responsible for the oversight of the IOOF Group’s Risk Management Framework. The Board has implemented a framework designed to ensure that the Group’s risks are identified, analysed, evaluated, monitored and communicated, both within the organisation or to any relevant external party and that adequate controls and mitigation processes are in place and function effectively.

In addition to the Group Audit Committee, the Board has established a Group Risk & Compliance Committee. The primary objectives of the Committee are to monitor and receive assurances that:

• An appropriate and effective Risk Management Framework (RMF) is in place for identifying, assessing, mitigating and monitoring material risks.

• Appropriate and effective compliance policies, procedures and frameworks are in place for identifying, monitoring and managing relevant obligations.

• Operations are conducted within the scope of the abovenamed policies, procedures and frameworks.

• Management devotes relevant, appropriate and proper attention to compliance and risk management issues.

In accordance with the annual work plan, the Group Risk & Compliance Committee reviewed the risk management framework during the reporting period to satisfy itself that it continues to be sound.

9

IOOF | Corporate Governance Statement

The Group Risk & Compliance Committee comprises five independent Directors including an independent Director as Chair. It is regularly attended by representatives from the Enterprise Risk & Compliance division, Internal and External Audit as well as representatives from each operating business within the Group at the request of the Chair. The Chief Risk Officer and the Enterprise Risk & Compliance team report to the Committee on the monitoring of risk through the enterprise-wide framework including, where appropriate, positive assurance.

The Committee meets regularly and reports to the Board.

Risk Management Framework

IOOF adopts a Three Lines of Defence Model to govern risk management activities across the organisation. The model is represented as follows:

==> picture [376 x 297] intentionally omitted <==

----- Start of picture text -----

IOOF Boards
Risk & Compliance Committees
Audit Committees
Internal &
Independent Assurance External Audit 3rd Line of Defence
Enterprise Risk &
Compliance Function
Review & Challenge 2nd Line of Defence
Framework and Policies
All IOOF Group Companies,
Risk Ownership Business Divisions and Business 1st Line of Defence
Support Functions
----- End of picture text -----

First Line of Defence – Business Ownership

The first line of defence is business line management and employees, which means that business units are accountable for identifying, managing and owning the risks inherent in the products, services, activities, processes and systems for which they are responsible.

Second Line of Defence – Independent Risk & Compliance Function

The second line of defence is the independent Enterprise Risk Management function comprising the Chief Risk Officer and the Enterprise Risk & Compliance Team.

The second line of defence is responsible for the design, maintenance and ongoing development of the Risk Management Framework and to support the first line in its risk management responsibilities by providing risk insight and advice, training, and providing challenge and oversight. Oversight includes assessing the use and adequacy of frameworks, systems, processes, and behaviours to form a view of how well risk and compliance is being managed across the Group.

Third Line of Defence – Independent Review

Internal and external audit provide a third line of independence and oversight over both the second line and first line activities. This oversight may include other independent reviews commissioned by the Board.

10

IOOF | Corporate Governance Statement

Board and Committees

The Board and Committees are responsible for:

• an effective governance structure;

• oversight of the Risk Management Framework;

• review and approval of the Risk Management Strategies;

• setting the risk appetite for each risk category;

• oversight of the Group risk profile; and

• promoting a sound risk culture.

Material risk categories are reviewed by the Board annually or as emerging risks arise. Key risks identified, including emerging risks, and IOOF’s response to managing those risks have been disclosed at pages 13 through 17 of the Annual Financial Report released to the ASX on 26 August 2021.

The CEO and the Chief Financial Officer report to the Board that to the best of their knowledge the financial reporting assurances given under section 295A Corporations Act are founded on a sound system of risk management and internal compliance and control which is operating efficiently and effectively in all material respects in so far as they relate to financial, strategic and operational risks. This report confirms that the system which implements the policies adopted by the Board either directly or through delegation to management, and the Group’s risk management and internal compliance are operating effectively in all material respects as at the date of the report, based on the risk management model adopted by the Board. The statement provides a reasonable, but not absolute, level of assurance and does not imply a guarantee against adverse events or more volatile outcomes arising in the future. In addition, the report sets out that the risk management and internal compliance and internal control systems are subject to periodic declaration by process owners and review through the Group’s internal audit process and by regulators.

Material Exposure to Environmental and Social Sustainability Risks

There are a number of material business risks that could adversely affect the Group and the achievement of the Group’s financial performance objectives. These risks and how they are managed are described in the ESG report in the 2021 Annual Report.

Exposure to environmental and social sustainability risk is contemplated by the Group’s Risk Management Framework and quarterly assessment of IOOF’s risk appetite. The Board is responsible for developing the Risk Management Framework which is designed to ensure that the Group’s risks are identified, analysed, evaluated, monitored and communicated, both within the organisation or to any relevant external party and that adequate controls and mitigation processes are in place

and function effectively. The Board is responsible for setting the Group’s risk appetite and ensures that it reviews the Group risk profile for the business on a quarterly basis.

Material environmental risk, such as climate change, and material social risk, such as may arise following the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, has been addressed in our ESG report within our 2021 Annual Report.

Remuneration

The remuneration policy for the Board and remuneration of each Director and senior executive is set out in the Remuneration Report. Information in relation to IOOF’s remuneration framework can be found in the Remuneration Report in the 2021 Annual Report.

The Board has also established the Group People & Remuneration Committee. The Committee’s responsibilities are set out in the Terms of Reference which are available on the IOOF website. The Group includes Australian financial services licensees, responsible entities (REs) and APRA-regulated (AREs) subsidiaries.

The responsibilities of the Committee in relation to remuneration matters include (but are not limited to) developing, reviewing and making recommendations to the Board, the ARE and the RE Boards in discharging their responsibilities in relation to:

• the remuneration framework for Non-Executive Directors, the CEO and other senior executives or other categories of persons covered by the Committee’s Terms of Reference;

• the Group Remuneration Policy, any changes to the Policy and the implementation of the Policy (including any shareholder approvals required) as well as assessing the Policy’s effectiveness and compliance with APRA Prudential Standards;

• the remuneration of categories of persons covered by the Group Remuneration Policy and the Committee’s Terms of Reference; and

• the total remuneration packages for the CEO and senior executives, any changes to remuneration packages and as part of the annual review process proposed rewards after performance evaluation procedures.

The Board may engage an external independent consultant to provide market data and to provide advice in relation to levels of remuneration and suitable remuneration plans. The Group People & Remuneration Committee consists of five Non-Executive Directors and is Chaired by an independent Non-Executive Director, who is not the Chair of the Board.

Approved by the Board of IOOF Holdings Limited.

11

IOOF Holdings Ltd ABN 49 100 103 722