Name of the Issuer:

UniCredit S.p.A. Website: www.unicreditgroup.eu

Reference Period:

January 1, 2018/December 31, 2018

Report approved on: March 5, 2019

Index

Glossary	4
1. Profile of the Issuer	6
2. Information on the ownership structure	15
2.1 Share capital structure	15
2.2 Restrictions on stock transfers	16
2.3 Relevant equity holdings	16
2.4 Restrictions on voting rights	17
2.5 Change of control clauses and by-laws provisions
on public purchase offers	17
2.6 Delegation of power to increase share capital and
authorisations to purchase own	17
3. Shareholders' Meeting	19
4. Board of Directors	22
4.1 Appointment and replacement	22
4.2 Composition	25
4.3 Board of Directors' role	31
4.4 Delegated bodies	35
4.5 Independent Directors	36
4.6 Lead Independent Director	38
5. Board of Directors internal Committees	42
5.1 Internal Controls & Risks Committee	46
5.2 Corporate Governance, Nomination and
Sustainability Committee	48
5.3 Remuneration Committee	51
5.4 Related-Parties Committee	51
6. Directors' Remuneration	54

Indemnities to Directors in the event of resignation, dismissal or termination of
employment following a public purchase offer
7. Directors' interests and related-parties transactions	55
8. Internal controls and risks management system	57
8.1 Bodies and functions	57
8.2 Financial reporting process, also on a consolidated basis	66
8.3 Coordination procedures among the parties involved in the
internal controls and risks management system	68
8.4 Group governance mechanisms	69
8.5 Organization Model as per Legislative Decree no. 231/2001	70
8.6 Whistleblowing	70
8.7 Auditing firm	71
9. Treatment of corporate information	72
10. Appointment of the Statutory Auditors	74
11. Composition and functioning of the Board of Statutory Auditors	75
12. Relations with Shareholders	81

ANNEXES:

-	Positions held by the UniCredit Directors in other companies
	listed on regulated markets (both in Italy and abroad), as
	well as in financial services companies, banks, insurance
	companies or other large companies	82
-	Managerial powers	84

Glossary

Banca d'Italia

The central bank of the Italian Republic

Bank (also Holding Company or Company)

UniCredit S.p.A.

Circular no. 263/2006

The "New prudential Supervisory Regulations for banks" contained in Circular no. 263 dated December 27, 2006, issued by Banca d'Italia, and subsequent amendments

Circular no. 285/2013

Compensation Report

Circular no. 285 dated December 17, 2013, issued by Banca d'Italia, concerning Supervisory Regulations for banks, and subsequent amendments

CONSOB Issuers Rules

The regulation implementing the Italian Consolidated Law on Finance governing issuers, adopted by CONSOB through its Resolution no. 11971 dated May 14, 1999, and subsequent amendments

Consolidated Law on Finance or TUF

The Legislative Decree no. 58 dated February 24, 1998, and subsequent amendment

European Central Bank (ECB)

The central bank of the 19 Member States of the European Union which adopted the euro

The compensation report drawn up according to Section 123/ter of the TUF and Section 84/quater of the CONSOB Issuers Rules

CONSOB Regulations on relatedparties

The regulation concerning the transactions with related-parties accomplished by companies making use of the venture capital market directly or through subsidiaries, adopted by CONSOB through its resolution no. 17221 dated March 12, 2010, and subsequent amendments

Corporate Governance Code or Code

The "Corporate Governance Code for listed companies" approved by the Italian Corporate Governance Committee and issued by Borsa Italiana S.p.A., ABI, Ania, Assogestioni, Assonime and Confindustria – version in being as at July 2018

Financial year to which the Report refers (also Reference Period or Period)

January 1, 2018/December 1, 2018

CONSOB

Commissione Nazionale per le Società e la Borsa, the independent Authority whose purpose is to safeguard investors, efficiency, transparency and development of the Italian securities market

Consolidated Law on Banking or TUB

The Legislative Decree no. 385 dated September 1, 1993, and subsequent amendment

CRD IV

Capital Requirements Directive IV, referring to Directive 2013/36/EU of the European Parliament and Council of June 26, 2013, on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms

Italian Civil Code

The Royal Decree no. 262 dated March 16, 1942, and subsequent amendments

Manager in Charge

The Manager charged with preparing the company financial reports

The Legislative Decree no. 231 dated June 8, 2001, containing the framework governing the administrative responsibility of legal personalities, companies and associations with or without legal liability, and subsequent amendments

Supervisory Authority

The European Central Bank, Banca d'Italia, CONSOB, as defined above, and/or any other independent authority and/or administration at national or EU level

The Company website www.unicreditgroup.eu

Website

Report

This "Report on corporate governance and ownership structure" referring to the 2018 financial year, made available on the Company's website

Profile of the Issuer

Foreword

The overall corporate governance framework of UniCredit S.p.A. has been defined in compliance with current national and European provisions, as well as the recommendations contained in the Italian Corporate Governance Code.

Moreover, UniCredit is subject to the provisions contained in the Supervisory Regulations issued by Banca d'Italia and, in detail, with regards to corporate governance issues, to the regulations on banks' corporate governance (Circular no. 285/2013, Part I, Title IV, Chapter 1). In compliance with the aforementioned Supervisory Regulations, UniCredit, as significant bank subject to the direct prudential supervision of the ECB, as well as as a listed bank, is qualifiable as bank of a major size or operational complexity and consequently complies with the provisions applicable to such kind of bank.

UniCredit, as issuer of shares also listed on the Frankfurt and Warsaw regulated markets, also fulfills the legal and regulatory obligations related to listings on said markets as well as the provisions on corporate governance contained in the Polish Corporate Governance Code issued by the Warsaw Stock Exchange.

The Corporate Governance Code

The Code, according to the major international markets' experience, identifies the corporate governance standards and best practices for Italian listed companies recommended by the Corporate Governance Committee, to be applied according to the "comply or explain" principle that requires the explanation in the corporate governance report of the reasons of failure to comply with one or more recommendations contained in its principles or criteria.

Since 2001, UniCredit has adopted the Code, which is available to the public on the Corporate Governance Committee website (http://www.borsaitaliana.it/comitatocorporate-governance/codice/codiceeng2018.en.pdf).

The Code assigns to the Corporate Governance Committee the task to monitor the level of compliance with its provisions by the company with listed shares adopting the Code itself. Any possible area of improvement of the listed companies' governance is highlighted in the yearly Report on the compliance with the Code and disclosed to the same companies.

In particular, the areas of improvement identified in the last letter sent by the Chairman of the Corporate Governance Committee of December 21, 2018, and aimed to achieve a more substantive application of the recommendations outlined in the Code, in addition to promote the improvement of corporate governance in all Italian listed companies, regardless their formally adoption to the Code itself, have been focused on:

the adequacy and timely transmission of pre-meeting information to the Board;
the proper application of the independence criteria established in the Code;
a proper level of transparency in performing Board review activities;
the evaluation of the adequacy of remuneration policies aligning them to the objective of medium-long-term corporate activity sustainability.

The issued recommendations have been put to the attention of the Corporate Governance, Nomination and Sustainability Committee (in its meetings held on January 30 and February 25, 2019) and Remuneration Committee (in its meeting held on March 4, 2019), of the Board of Directors (in its meetings held on February 6 and March 5, 2019), as well as of the Board of Statutory Auditors (in its meeting held on March 4, 2019).

On that regard, it should be noted that all the above highlighted critical areas have already been object of an in-depth attention and discussion by the Board and its Committees aimed at strengthening the Company's corporate practices and at meeting the market's increasingly high expectations.

With regard to the adequacy and timely transmission of pre-meeting information to the Board of Directors, with an ad hoc amendment to the Corporate Bodies and Committees Regulation, in the month of October 2018, UniCredit has resolved to adopt the best practices approach, for which information is provided at least 3 working days prior to meetings, with the possibility of waiving this requirement only in the event of emergencies. Therefore, the issue of confidentiality is managed not by delaying the disclosure of confidential information, but through the existing appropriate access procedures in order to track access and avert the risk of accidental disclosure.

With regard to the proper application of the independence criteria established in the Code, it should be noted that from several years UniCredit has in place a structured process for gathering and analyzing the information relating to the existence of direct or indirect relationships (credit relationships, significant offices held, employee relationships and business / professional ones), that Directors and their other connected subjects may have with UniCredit and Group companies, able to support efficiently the Board of Directors in its checking the declaration dealing with the independence requirements met by its members, in abidance to the assessment criteria for an overall evaluation of both objective and subjective aspects as identified by the Company itself.

With reference to the level of transparency of the Board review, and in particular to the level of involvement by Board members in defining scope, terms and conditions of the self-assessment process, the following subjects shall be taken into due account:

scope, persons involved, terms and conditions of the self-assessment process are clearly and analytically described within the Corporate Bodies and Committees Regulation, made available on the corporate website, and reported in the yearly Report on corporate governance;
all the process phases are overseen by the Chairman, who is also responsible to select the external consultant for carrying out the relevant activities as well as the employees belonging to the Group Corporate Affairs department to be involved in the process, on proposal of the Corporate Governance, Nomination and Sustainability Committee;
the process is not undertaken exclusively by sending out standardized questionnaires, and the opportunity for an interaction with each Director is ensured in any phase of the process through dedicated collective or individual interviews conducted by the external consultant, if any, as well as the collegial examination, discussion and approval of the relevant outcomes;
both within the yearly Report on corporate governance and ownership structure and in the Overview on the Corporate Governance (a document published on the Company's website together with the Report on corporate governance in order to support the investors comprehension of the UniCredit corporate governance system), the outcomes of the process are reported to the market together with a clear reference to the external consultant chosen for carrying out such activities.

Profile of the Issuer

Finally, with reference to the evaluation of the adequacy of remuneration policies aligning them to the objective of medium-long-term corporate activity sustainability, no criticalities emerged considering that the UniCredit remuneration and incentives policies are already compliant with the above recommendations.

In view of the above, no criticalities have been resulted with reference to the areas of improvement highlighted in the above letter of the Corporate Governance Committee, considering the good quality of the UniCredit corporate governance that complies with the concerned Corporate Governance Code's recommendations, with room for improvement only as regards the execution of the provisions regarding the information to the Board.

The Report on corporate governance and ownership structure

UniCredit yearly draws up a Report meant for its shareholders, for institutional and non-institutional investors and the market. The Report supplies suitable information on UniCredit's own corporate governance system.

Consistently with the relevant legal and regulatory obligations, as well as in line with the provisions of the Code, in its latest edition approved in July 2018, this UniCredit Report on corporate governance and ownership structure has been drafted in accordance with Section 123/bis of the TUF.

The Report approved by the Company's Board of Directors on its March 5, 2019, meeting is published at the same time as the Report on Operations on the Issuer's website¹ .

The information contained in the Report, unless otherwise specified, refers to the date of its approval by the Board of Directors. Please note, furthermore, that the Report on Operations of the Consolidated Reports and Accounts contains the chapter "Corporate Governance" in which the UniCredit corporate governance system is described in short.

Profile and structure

The UniCredit Group is a leading global financial group on site in 14 core markets.

The UniCredit Group organization reflects an organizational and business model which maintains a divisional structure for the government of the Corporate Investment Banking business/products and the business in the CEE Countries, as well as a global control over the Chief Operating Office Area functions, while ensuring the autonomy of the Countries/ Banks on specific activities, in order to guarantee increased proximity to the client and more efficient decision processes.

UniCredit is a Company with shares listed on the Milan, Frankfurt and Warsaw regulated markets and as a bank, parent company of the UniCredit banking Group, it carries out, pursuant to the provisions of Section 61 of the TUB, in addition to banking activities, governance and coordination as well as control functions vis-à-vis its subsidiary banking, financial and instrumental companies within the banking Group.

¹ The address of the UniCredit website where the Report on corporate governance and ownership structure is available is the following: https://www.unicreditgroup.eu/en/governance/governance-system-and-policies.html

UniCredit also carries out governance and coordination activities pursuant to Article 2497, and subsequent, of the Italian Civil Code with reference to the Italian subsidiaries belonging to the UniCredit Group, directly and indirectly controlled by the same.

The Company is not subject to guidance and coordination by other legal entities.

A. Set up according to the Legislative Decree no. 231 dated June 8, 2001. On its February 6, 2019 meeting, the UniCredit Board of Directors has resolved on the assignment to the Board of Statutory Auditors of the Supervisory Body functions pursuant to the Legislative Decree no. 231/2001, starting from the renewal of the control body for the 2019-2021 financial years.

Shareholder structure

The UniCredit share capital as at December 31, 2018, amounted to Euro 20,940,398,466.81 divided into 2,230,176,665 ordinary shares with no nominal value. The ordinary shares are issued in a dematerialized form and are indivisible as well as freely transferable.

Profile of the Issuer

As at December 31, 2018, the shareholders were about 293,000; 92.13% of the ordinary share capital appeared to be owned by legal persons and the remaining 7.87% by physical persons² .

Corporate governance model

UniCredit has adopted the so-called "traditional" management and control system based on the existence of two corporate bodies appointed by the Shareholders' Meeting: the Board of Directors, in charge of the strategic supervision and management of the concern, and the Board of Statutory Auditors, responsible for supervising of the management. Legal accounting supervision is entrusted by the Shareholders' Meeting to an external audit firm, on proposal of the Board of Statutory Auditors, according to current provisions.

UniCredit believes that said governance model has proven capable of managing the business efficiently, while ensuring effective controls. That is, it creates the conditions for the Company to be able to guarantee the sound and prudent management of a complex and global banking group, such as the UniCredit Group.

Traditional system

²The above UniCredit shareholders' composition stems from analyses relying on heterogeneous sources, such as the shareholders' register, participation to Shareholders' Meetings, communications to CONSOB, public filings available on the market.

The heterogeneity of sources, the different dates of updating of the sources and the dealings in UniCredit shares, are such that the representation provided is the best estimate of the UniCredit shareholders base, but the above sources are not such as to ensure that the composition represented corresponds to the actual shareholder base at any given time.

Shareholders' Meeting

The Shareholders' Meeting is empowered to resolve both in ordinary and extraordinary sessions, with different constitutive and resolving quorums, depending on the specific topics to be discussed.

The Ordinary Shareholders' Meeting approves, inter alia, the financial statements and the resolution concerning the allocation of net profits, the appointment of the directors and statutory auditors and the assignment of the mandate for the external auditing to an audit firm, resolving on the connected fees. Furthermore, it resolves on the remuneration and incentive policies and practices provided for by current provisions as well as the criteria to determine the compensation to be granted in the event of early termination of employment or early retirement from office.

The Extraordinary Shareholders' Meeting is empowered to resolve on the amendments to the Articles of Association, on increases in share capital, on mergers and de-mergers.

The holders of voting rights for whom notification has been received by the Company from the broker holding their accounts, within the time period established under the provisions in being (i.e. the "record date", falling 7 market trading days before the date established for the Shareholders' Meeting) are entitled to attend the Shareholders' Meeting.

For more information on the Shareholders' Meeting, please see Section no. 3

Board of Directors

The Board of Directors of UniCredit may be comprised of between a minimum of 9 up to a maximum of 24 members. As at March 5, 2019, the number of Directors is 15 and their term of office will expire on the date of the Shareholders' Meeting called upon to approve the 2020 financial statements.

At the date of the Report's approval, 40% of the Board members are Directors belonging to the less represented gender and 33% of them come from countries other than Italy.

The Board members shall be appointed on the basis of a proportional representation mechanism (voto di lista). The legitimate parties who are entitled to submit lists are the Board of Directors and the shareholders who individually or collectively with others represent at least 0.5% of share capital in the form of shares with voting rights at the ordinary Shareholders' Meetings.

The UniCredit Articles of Association envisage that, regardless of the total number of the Board members, two Directors shall be appointed from the second list receiving the highest votes, without any connection with the shareholders who, even jointly, filed, or voted for, the slate first by number of votes, to ensure to the minority shareholders a greater presence on the Board of Directors.

In the appointment process shareholders are invited to take into account the qualitative and quantitative composition that the Board deemed optimal for the effective completion of the duties and responsibilities entrusted to the body with supervisory functions by law, by the Supervisory Provisions and by the UniCredit Articles of

Ordinary Shareholders' Meeting

Extraordinary Shareholders' Meeting

Record date

Members number

Gender diversity

Appointment process

Qualitative and quantitative composition

Profile of the Issuer

Association, according to the current national and European provisions applicable on such topics also concerning time commitment and the limits upon the maximum number of offices that UniCredit Directors may hold.

The Board members meet the professional experience, integrity and independence requirements envisaged by current provisions, also of a regulatory nature, and by the Articles of Association.

Pursuant to the provisions of the Articles of Association, the Board of Directors has appointed a Chief Executive Officer, to whom it has entrusted the management of the Company within the terms and limits set forth by the Board itself.

The function and competencies of the Board of Directors are set forth in the UniCredit Corporate Bodies and Committees Regulation³ .

For more information on the Board of Directors, please see Section no. 4

Board Committees

The Board of Directors, also pursuant to the provisions of the Corporate Governance Code, has established four Committees, vested with research, advisory and proposalmaking powers diversified by sector of competence: the Internal Controls & Risks Committee, the Corporate Governance, Nomination and Sustainability Committee, the Remuneration Committee and the Related-Parties Committee. Their duties are undertaken based on terms of reference and procedures set forth by the Board.

The Board Committees' composition, functions and competencies are set forth in the UniCredit Corporate Bodies and Committees Regulation.

For more information on the Board Committees, please see Section no. 5

Board of Statutory Auditors

Pursuant to the UniCredit Articles of Association, the Ordinary Shareholders' Meeting appoints five permanent Statutory Auditors, among whom the Chairman, and four substitute Statutory Auditors. As at March 5, 2019, the Board of Statutory Auditors is comprised of five permanent members. Their term of office expires on the date of the Shareholders' Meeting called to approve the 2018 financial statements, convened on April 11, 2019.

The Board of Statutory Auditors members shall be appointed on the basis of a proportional representation mechanism (voto di lista). The UniCredit Articles of Association set forth that two permanent Auditors and two substitute Auditors shall be appointed by the minorities. The Chairman of the Board of Statutory Auditors shall be

Auditors appointment

Auditors appointed by the minorities

Requirements

CEO

³ The address of the UniCredit website where the Corporate Bodies and Committees Regulation is available is the following: https://www.unicreditgroup.eu/en/governance/governance-system-and-policies.html

appointed by the Shareholders' Meeting among the Auditors elected by the minority.

At the date of the Report's approval, 40% of the Board of Statutory Auditors members are Auditors belonging to the less represented gender.

The members of Board of Statutory Auditors in office are enrolled with the Rolls of Auditors and meet the professional experience, integrity and independence requirements envisaged by current laws and regulatory provisions.

The function and competencies of the Board of Statutory Auditors are set forth in the UniCredit Corporate Bodies and Committees Regulation.

For more information on the Board of Statutory Auditors, please see Sections no.s 10 and 11

Diversities policies

In formulating its own recommendations on the composition of the Board and its Committees, in view of the renewal of the Board of Directors for the 2018-2020 financial years, UniCredit recommended its shareholders to file lists of candidates made up in order to ensure the presence of at least one-third of members of the least represented gender, in line with the provisions envisaged by Law no. 120/2011.

Said Law, which introduced in Italy gender quotas for the composition of the corporate bodies of listed companies, establishes a progressive application of its provisions, requiring for the first mandate the abidance to a criterion of composition of the bodies based upon which to the least represented gender should be given at least one-fifth of available seats, and then, after that time, equal to at least one-third in its ordinary enforcement regime.

It should be noted that UniCredit already voluntarily recommended its shareholders to spontaneously abide by the said provisions on gender balance, in its enforcement regime, in the previous 2015 qualitative-quantitative profile.

On the topics of diversities, in formulating the above-mentioned recommendations for the renewal of the Board of Directors for the 2018-2020 financial years, the following factors are, inter alia, taken into account by UniCredit: i) the international nature of the UniCredit Group, which suggests that proper consideration should be given to the presence of Directors with an international training and professional experience (regardless of nationality), ii) the presence of members having the theoretical and practical expertise and experience that allow also them to understand the Company's activities and main risks as well as iii) different age. Furthermore, some areas of competence have been selected, with the recommendations that candidates shall preferably have two or more of them.

The abidance of the diversity composition requirements stated in the 2018 qualitativequantitative profile have been checked by the Board at the end of the Directors' appointment process as well as in the event of any other change in the body's composition. The Directors' personal qualities, as well as age and gender diversity (the female component is well above the quota established by current provisions) fully comply with the indications in the theoretical profile. Furthermore, with reference to professional expertise accrued in the areas of competence envisaged by the profile, all

Directors gender

Training, professional experience, age

Gender diversity

Requirements

Profile of the Issuer

of the areas of competence were represented in the Board and the experience gained by all Directors is in line with the requirements provided for by the profile, considering that they possess a good understanding and experience in more than two of the required areas of competence.

The Board of Statutory Auditors' composition shall also ensure the balance between genders envisaged by Law no. 120/2011. The abidance to such requirement has been fulfilled both in the appointment process of the body and in the event of other changes of its composition.

On this regard, it should also be noted that in view of the Board of Statutory Auditors renewal for the 2019 – 2021 financial years - although there is no specific provision requiring the identification of the qualitative and quantitative composition deemed to be optimal even for the control body - the UniCredit Board of Directors, in accordance with the outgoing Board of Statutory Auditors, on February 19, 2019, has made available to the Company's shareholders a theoretical profile for the Statutory Auditors in order to facilitate the best choice of candidates to be presented at the 2019 Shareholders' Meeting.

In formulating its own recommendations on the composition of the Board of Statutory Auditors, UniCredit recommended its shareholders to file lists of candidates made up in order to ensure the presence of at least one-third of members of the least represented gender, in line with the provisions envisaged by Law no. 120/2011. Furthermore, on the topics of diversities, in formulating the above-mentioned recommendations the following factors are, inter alia, taken into account by UniCredit: i) the presence of Auditors with a balanced mix of training and professional experience, ii) the presence of members having the expertise and experience to enable the control body to understand the business areas and risk exposures of the UniCredit Group, as well as iii) different age. Furthermore, some areas of competence have been selected, with the recommendations that candidates shall preferably have two or more of them.

Moreover, it is noted that in UniCredit there is an active and permanent induction program for the Board members, also for the benefit of the Board of Statutory Auditors members, consisting, inter alia, of recurring trainings sessions to preserve over time the expertise needed for the proper fulfilment of their duties.

With regard to the topic of gender balance, UniCredit, within its whole organization as well as its Group, has adopted specific guidelines concerning all processes and practices in the selection and internal appointment areas, in professional development, remuneration, work life balance as well as information and training.

Moreover, in 2018 UniCredit signed the UK's HM Treasury Women in Finance Charter to pledge its full support to helping improve gender diversity in the financial services sector worldwide.

* * *

For further information on the UniCredit corporate governance structure, please see, apart from the specific Sections contained in this Report, the website of the Company where the same are available together with economic/financial nature information, data and documents of interest for the shareholders in general.

Auditors gender

Training, professional experience, age

Gender in UniCredit

Information on the ownership structure

2.1 Share capital structure

As at December 31, 2018, the fully subscribed and paid up UniCredit share capital amounted to Euro 20,940,398,466.81, divided into 2,230,176,665 ordinary shares with no nominal value.

The UniCredit shares are listed on the Milan, Frankfurt and Warsaw regulated markets, respectively on the Borsa Italiana S.p.A. MTA (Electronic Share Market), on the Frankfurt Stock Exchange and on the Warsaw Stock Exchange. The shares traded on the aforesaid markets have the same characteristics and anyway give the same rights.

No other types of shares, equity instruments or convertible or exchangeable bonds have been issued.

As at March 5, 2019, the fully subscribed and paid up UniCredit share capital amounts to Euro 20,940,398,466.81, divided into 2,230,176,665 ordinary shares with no nominal value.

Rights and obligations

Each ordinary share gives holders the right to cast one vote at Ordinary and Extraordinary Shareholders' Meetings. Ordinary shares give holders all the administrative and economic rights and obligations envisaged by law.

No stocks granting special controlling rights or special powers have been issued.

Other financial instruments granting the right to subscribe new shares
------------------------------------------------------------------------	--	--	--

	Listed / not listed	Number of outstanding instruments	Category of shares serving the conversion/exercise	Number of shares serving the conversion/exercise
Convertible bonds	=	=	=	=
Warrant	Not listed	21,724,100	Ordinary shares	776,459

Since 2000, UniCredit has set up equity based incentive plans for the Top Management (therefore including also the CEO and the executives with strategic responsibilities). The exercise of the warrants issued to service UniCredit Group executive and employee incentive plans grants the right to subscribe new ordinary shares. In that regard, please refer to "Part I) – Share-based payments" of the notes to the consolidated financial statements⁴ , to the information documents⁵ prepared in compliance with Section 84/bis of the CONSOB Issuers Rules and to the report on remuneration⁶ prepared in compliance with Section 123/ter of the TUF and Section 84/quater of the CONSOB Issuers Rules.

Please also be informed that, with regard to the capital increase approved by the Extraordinary Shareholders' Meeting of UniCredit S.p.A. on November 14, 2008, no. 967,564,061 ordinary shares, subscribed by Mediobanca -

⁴ The address of the UniCredit website where the Company financial statement is available is the following: https://www.unicreditgroup.eu/en/investors/financial-reports.html

⁵ The address of the UniCredit website where the information documents are available is the following: https://www.unicreditgroup.eu/en/governance/compensation/incentive-systems.html

⁶ The address of the UniCredit web site where the report on remuneration is available is the following: https://www.unicreditgroup.eu/en/governance/shareholders-meeting.html; https://www.unicreditgroup.eu/en/governance/compensation.html; https://www.unicreditgroup.eu/en/governance/compensation/directors-and-auditors-compensation.html

Banca di Credito Finanziario S.p.A. pursuant to the guarantee agreement stipulated with UniCredit S.p.A., have been used to service the issue of, and are underlying, Convertible and Subordinated Hybrid Equity-linked Securities ("Cashes") financial instruments. The Cashes too have been subscribed in full by institutional investors. Mediobanca gave the right of usufrutto over such shares to UniCredit maintaining the mere ownership (nuda proprietà ownership deprived of the rights belonging to the holder of the right of usufrutto) of the shares. By way of the reverse split transactions of the shares carried out in December 2011 and in January 2017, at the date of the Report's approval the number of the aforesaid ordinary shares is equal to 9,675,640.

2.2 Restrictions on stock transfers

At the date of the Report's approval, there are no restrictions on stock transfers, taking into account the no. 9,675,640 ordinary shares used to service the Cashes of which Mediobanca holds the nuda proprietà (see previous paragraph on the Share capital structure).

2.3 Relevant equity holdings

On the basis of the evidence of the Shareholders Register, completed with the communications received according to Section 120 of the TUF, and of other information available to the Company, hereafter you may find the relevant equity holdings, direct and indirect, as at December 31, 2018.

According to the communication received pursuant to current provisions, the shareholder listed below hold significant shareholdings (more than 3%), not falling within the disclosure exemptions (Section 119/bis of the CONSOB Rules no. 11971/99).

Declarant	Direct Shareholder	% of ordinary capital	% of voting capital
Mubadala Investment Company PJSC	Aabar Luxembourg S.a.r.l.	5.028%	5.028%

According to the communications received pursuant to Section 120 of the TUF, and the other information available to the Company, hereafter you may also find the relevant equity holding as at March 5, 2019.

Declarant	Direct Shareholder	% of ordinary capital	% of voting capital
Mubadala Investment Company PJSC	Aabar Luxembourg S.a.r.l.	5.028%	5.028%
Dodge & Cox non-discretional asset management	Dodge & Cox	5.009%	5.009%

There is no employee equity holding system in place whereby voting rights can be exercised by employee representatives.

Information on the ownership structure

2.4 Restrictions on voting rights

At the date of the Reports' approval, there is no limitation to the exercise of voting rights.

At the date of the Report's approval, the voting rights of the no. 9,675,640 UniCredit ordinary shares, subscribed by Mediobanca pursuant to the guarantee agreement stipulated with UniCredit S.p.A. and used to service the Cashes, in relation to which the aforementioned has created the usufruct right in favour of UniCredit, is suspended (see previous paragraph on the Share capital structure).

The Company knows of no shareholders' agreements among relevant shareholders as defined by Section 122 of the TUF.

2.5 Change of control clauses and by-laws provisions on public purchase offers

Taking into account that UniCredit S.p.A. is not a Company controlled by any shareholder or subject to any shareholder agreement, in the meaning provided for by law, please note that the Company is one of the parties who entered into the consultation agreement among shareholders of "Mediobanca – Banca di Credito Finanziario S.p.A.", pursuant to Section 122 of the Legislative Decree no. 58/1998, equivalent to the type of agreement contemplated under Section 122, point 5, letter A). Such agreement was executed on December 20, 2018 (in force on January 1°, 2019), against a backdrop of co-operation between the parties and in continuity with the previous agreement. The agreement is aimed to ensure unified management in accordance with Mediobanca's traditions of autonomy and independence.

The abovementioned agreement provides that "The parties meet in general meetings to pass resolutions regarding […] submission by the parties of lists for appointment to the Mediobanca Board of Directors […] including the designation of candidates for the positions of Chairman of the Board of Directors and Chief Executive Officer respectively" according to the manner and terms envisaged by the agreement itself in the event the outgoing Board does not submit its own list.

No UniCredit subsidiaries executed agreements to be considered relevant pursuant to Section 123/bis of the TUF.

The UniCredit Articles of Association do not envisage exceptions to the provisions on the passivity rule envisaged by Section 104, sub-sections 1 and 1-bis, of the TUF.

* * *

The Articles of Association do not envisage the application of the counteracting rules envisaged by Section 104/bis, sub-sections 2 and 3, of the TUF.

2.6 Delegation of power to increase share capital and authorisations to purchase own shares

The Board of Directors has been empowered by the Shareholders' Meeting to execute share capital increases, with the exclusion of option rights, both free and by way of contribution in cash, in order to service Incentive Plans for UniCredit Group employees (see Clause 6 of the Articles of Association). The Board of Directors has not been granted any authority to issue other equity instruments.

As at March 5, 2019, the Shareholders' Meeting of UniCredit has not authorized the purchase of own shares. At the end of the financial year, to which the Report refers, the amount of own shares held was equal to no. 4,760.

The Board of Directors, in its meeting held on February 6, 2019, has resolved to submit to the Shareholders' Meeting convened for the approval of the 2018 financial statements an authorization to purchase and dispose of treasury shares so that the Board itself, also taking into account market trends and the strategy that the Company intends to pursue, can start the procedure aimed at achieving the revocation from the trading of the UniCredit shares acquired on the Warsaw Stock Exchange, and registered with the Polish National Depository of Securities, in accordance with the resolution taken on September 2017 concerning the strengthening of corporate governance.

Shareholders' Meeting

In compliance with the current provisions, the UniCredit Articles of Association envisage that the Ordinary Shareholders' Meeting is convened at least once a year within 180 days of the end of the financial year, in order to resolve upon the issues that current laws and the Articles of Association make it responsible for. An Extraordinary Shareholders' Meeting is convened, instead, whenever it is necessary to resolve upon any of the matters that are exclusively attributed to its jurisdiction by current laws.

Shareholders' Meetings are held in a single call in accordance with the provisions of law, but the Articles of Association, in order to maintain an adequate organizational flexibility, keep the possibility for the Board, for single meetings, to provide more than one call.

The Shareholders' Meeting is convened, in accordance with legal and regulatory requirements, via a notice published on the Company's website, as well as through other channels provided for under prevailing laws and regulatory provisions, including the publication in extract form in the daily newspapers. The Agenda of the Shareholders' Meeting is established in accordance with legal requirements and the Articles of Association by whoever exercises the power to call a Meeting.

Within the deadline for the publication of the Shareholders' Meeting call notice provided for each item on the Agenda – or within any other time limits envisaged by other legal provisions, the Board of Directors shall make a report on each of the items on the Agenda publicly available.

The right to ask for the integration of the Agenda may be exercised, according to the cases, methods, terms and conditions outlined in the current provisions, by shareholders who individually or jointly represent at least 0.50% of the share capital. Shareholders requesting additions to the Agenda shall prepare a report stating the reason for their resolution proposals on the new matters they propose for discussion. Shareholders may also submit further resolution proposals on items already on the Agenda, stating the reasons therefore.

The Shareholders' Meeting takes place at the Company's Registered Office in Milan or in another location in Italy, as indicated in the Meeting call notice, and it resolves with the majorities envisaged by current laws.

The Articles of Association do not provide for particular quorums and in order for a Shareholders' Meeting, along with the resolutions taken therein, to be valid, the relevant legal and regulatory provisions must be complied with.

Clause 23 of the Articles of Association, in compliance with the provisions set forth by Article 2365 of the Italian Civil Code, grants to the authority of the Board of Directors the resolutions regarding the following:

the adjustments made to the Articles of Association to comply with legal requirements;
the merger by incorporation of companies in the situations envisaged by Articles 2505 and 2505/bis of the Italian Civil Code;
the de-merger of companies in the situations envisaged by Article 2506/ter of the Italian Civil Code;
the reduction of share capital in the event of a shareholder withdrawing;
decisions on which Directors, in addition to those indicated in the Articles of Association, may represent the Company.

In compliance with the Articles of Association, and pursuant to the current provisions issued by Banca d'Italia concerning the remuneration and incentive policies and practices for banks and banking groups, the Ordinary Shareholders' Meeting, in addition to establishing the compensation payable to the corporate bodies appointed by the same, approves: (i) the remuneration and incentive policies for the members of the supervisory, management and controlling bodies as well as for the remaining employees; (ii) equity-based compensation schemes; (iii) the criteria to determine the compensation to be granted in the event of early termination of employment or early retirement from office including the limits set for said compensation in terms of number of years of fixed remuneration as well as the maximum amount deriving from their application. Furthermore, the Ordinary Shareholders' Meeting can exercise, on the occasion of the remuneration and incentive policies' approval, the faculty to determine a ratio of variable to fixed remuneration of employees higher than 1:1, but in any case not exceeding

the ratio of 2:1. In accordance with Section 123/ter of the TUF the Shareholders' Meeting resolves in favour or against the section of the report on remuneration explaining the Company's policy on the remuneration of the Board of Directors members, of the General Manager and of the executives with strategic responsibilities as well as the procedures used to adopt and implement this policy. Such resolution is not binding.

Information to the Shareholders' Meeting on the ways in which the Remuneration Committee may exercise its functions as well as on the activities carried out is available in the "Annual Report on Remuneration" published within the Group Compensation Policy that is yearly submitted to its approval.

Legitimation, how to attend and voting rights

Pursuant to current provisions, the holders of voting rights whose notification has been received by the Company through the broker holding their accounts, within the time period established under law, are entitled to attend the Shareholders' Meeting. Those who hold voting rights may arrange to be represented in the Shareholders' Meeting via proxy.

The UniCredit Articles of Association provide for the possibility for the holders of voting rights to participate remotely in Shareholder's Meetings via telecommunication means and to exercise their voting rights by using electronic means, referring the decision on the activation of said instruments to the Board of Directors with regard to single meetings.

As a rule, all Directors attend the Shareholders' Meeting.

The Board reports to the Shareholders' Meeting on the activities performed and planned within the framework of the management report. Furthermore, it makes every effort to ensure adequate information on all the relevant items so as to enable the shareholders to take informed decisions on matters within the scope of their competence, in particular by ensuring that the Directors' report and any additional information has been supplied within the time frame established by the law and by regulatory provisions in force.

Shareholders' Meetings conduct

Since 1998 the Shareholders' Meeting laid down rules aimed at ensuring the orderly and effective conduct of ordinary and extraordinary meetings. The Regulations governing general meetings, lastly approved in April 2018, can be consulted online at the UniCredit S.p.A. website on the Governance/Shareholders' Meeting Section⁷ .

Clause 7 of the Regulations on general meetings state that those entitled to attend the Shareholders' Meeting are entitled to take the floor in respect of each of the items presented for discussion. Those intending to exercise such latter right must ask the Chairman for permission, via the Notary or the Secretary, by providing him with a written request containing details of the issue or the issues to which the request refers to, up until he declares discussions regarding the issue or the issues the request to take the floor refers to are closed. The Chairman usually allows persons to take the floor as per the chronological order in which they have submitted their requests. The Chairman may moreover authorize the submission of requests to take the floor by a raising of hands.

* * *

⁷ The address of the UniCredit website where the Regulations governing general meetings are available is the following: http://www.unicreditgroup.eu/en/governance/shareholders-meeting/meeting-regulations.html

Shareholders' Meeting

The UniCredit market capitalization decreased by ca. 13 billion in 2018, reaching 22 bn. In 2018, the UniCredit stock price performance was -37.02% vis-à-vis the broadly positive trend of the European banking sector (the performance of SX7P index, comprising the 600 largest banks in Europe, was +8.98%, higher than UniCredit one).

Regarding the changes affecting the shareholder structure, taking into account the threshold provided for the obligations of disclosure to the market of relevant shareholdings (Legislative Decree no. 25/2016), in 2018:

• Aabar Luxembourg S.A.R.L confirmed its stakes over the relevant threshold of 5%.

No proposals were put to the Shareholders' Meeting to change the Articles of Association in regard to the percentages established for exercising the rights and prerogatives for safeguarding minorities.

Board of Directors

4.1 Appointment and replacement

The UniCredit Directors shall be appointed, according to the current legal and regulatory provisions, on the basis of a proportional representation mechanism (voto di lista) abiding by the membership criteria concerning, inter alia, minority and independent Directors, apart from abiding by the rules on the balance between genders envisaged by Law no. 120/2011 (to that regard, please see the procedures specified in Clause 20 of the Articles of Association available on the UniCredit website⁸ ).

The legitimate parties who are entitled to submit lists are the Board of Directors and the shareholders who individually or collectively with others represent at least 0.5% of share capital in the form of shares with voting rights at the ordinary Shareholders' Meetings. Each party having the right to file lists of candidates may submit, or contribute to the submission of, only one list (including via proxies or trustee companies).

Furthermore, UniCredit has established that the slates of candidates to the position as Director should be filed at the Registered Office in Milan, as per the provisions of Section 147/ter of the TUF, no later than the twenty-fifth day prior to the date of the Shareholders' Meeting called to resolve upon the appointment of the members of the Board. The slates must be made available to the public at the Registered Office, on the Company's website and through other channels provided for under prevailing laws, at least twenty-one days prior to the date of the Shareholders' Meeting. Instead, as far as concerns the percentage of share capital needed to submit the slate, Clause 20, para. 6 of the Articles of Association specifies that the amount is 0.5% of the share capital in the form of shares with voting rights at the ordinary Shareholders' Meetings, consistently with the minimum shareholding percentage established by CONSOB on the basis of the provisions of said Section 147/ter of the TUF (Section 144/quater of the CONSOB Issuers Rules).

Other than those set out by law, no particular rules apply to the amendments to the Articles of Association.

In compliance with current national and European provisions, also concerning time commitment and the limits upon maximum number of offices that Directors may hold, the Board of Directors establishes its qualitative and quantitative composition deemed optimal for the effective fulfillment of the duties and responsibilities entrusted to the body with supervisory functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association. The Board has also established the requirements that the UniCredit Directors shall meet, in addition to possessing those envisaged by current provisions.

The Board, before the appointment of its new members, informs the shareholders about the composition deemed to be optimal in order for the choice of the candidates to take into consideration the expertise required. It goes without saying that the shareholders may carry out their own assessment on the best composition of the body with supervisory functions and file candidacies consistent with same, giving the reasons for any difference vis-à-vis the analyses carried out by the Board.

With regard to the qualitative and quantitative composition of the Board of Directors and the profile for candidates to the position of Director, and in particular the time commitment and the limits upon the maximum number of offices that the Directors may hold, as well as the diversity composition criteria for the body with supervisory

⁸ The address of the UniCredit website where the Articles of Association are available is the following:

https://www.unicreditgroup.eu/en/governance/governance-system-and-policies.html

functions, reference is made to the document⁹ "Qualitative and Quantitative Composition of the UniCredit S.p.A. Board of Directors" - lastly approved on February 7, 2018 - published on the Company's website as well as to the information provided in Section 4.2 "Composition".

* * *

The Board of Directors, based on the discussions that in 2016 took place in the Corporate Governance, Nomination and Sustainability Committee, approved some actions to improve the UniCredit governance and to align the same to the best national and international practices, including, inter alia, the significant changes to the Board's composition, recommended to the shareholders in the event of the 2018 renewal of the Board of Directors; in particular:

the reduction from seventeen to fifteen Directors and in the number of Vice Chairmen from three to one;
a maximum number of three mandates for the Board members.

Furthermore, the Articles of Association was amended in order to:

empower also the outgoing Board of Directors, in the event of its renewal, the faculty to file its own list of candidates;
increase from one to two the number of Directors selected from the second list receiving the highest votes, without any connection with the shareholders who, even jointly, filed, or voted for, the slate first by number of votes, regardless of the composition of the body.

In that regard, the procedure for identifying the candidates for the posts of members of the Board of Directors, including the Chairman and the Chief Executive Officer, was also approved by the Board¹⁰ .

Succession plans

With reference to the recommendations contained in the CONSOB Resolution no. DEM/11012984 dated February 24, 2011, and to what is provided for in Criterion 5.C.2. of the Italian Corporate Governance Code, please be informed that, since 2006, UniCredit has in place a structured process, aimed at managing and developing the Leadership Pipeline across the Group, called Executive Development Plan (EDP) related to all Group Executives (approx. 3,600), including the Chief Executive Officer position.

9 The address of the UniCredit website where the document "Qualitative and Quantitative Composition of the UniCredit S.p.A. Board of Directors" is available is the following:

https://www.unicreditgroup.eu/en/governance/board-of-directors/directors-qualitative-and-quantitative-profiles.html

¹⁰ The address of the UniCredit website where the document "Process for selecting candidates" approved by the Board of Directors is available is the following:

https://www.unicreditgroup.eu/en/governance/board-of-directors/process-for-selecting-candidates.html

Board of Directors

Process

EDP consists in a bottom up process that begins with individual appraisal by each direct manager of any participant to the process, then followed by a number of calibrations at local and Group level, ultimately aiming at having a consistent Group view of each manager. The Chief Executive Officer personally reviews the appraisals and career/succession plans of the top positions at Group level as well as of the key players at positions below.

(*) Con HR Committe si intendono gli incontri individuali tra Amministratore Delegato e Responsabile HR di Gruppo

Timing wise, the update of the succession plans occurs on a yearly basis. At the end of each cycle the summary of the results is discussed by the Board of Directors and by the Corporate Governance, Nomination and Sustainability Committee who look more specifically at succession planning of the Group Management Team, which represents the key managerial positions.

During the year, the CGN&S Committee regularly analyses the evolution of the succession planning, for Group Executives positions and for the CEO and his first reporting line.

Moreover, the CEO succession planning is reviewed on a periodical basis, with regular internal and external scouting for potential successors identification. The outcomes of this exercise are timely shared with the Corporate Governance, Nomination and Sustainability Committee and /or with the Chairman of the Board of Directors along the process.

Content

The Executive Development Plan is based on the Group Leadership Competency Model and fosters Group Leaders growth ensuring business sustainability through the identification of short and medium term successors for all key managerial positions.

In case of anticipated or unforeseen replacement of Executives, including the CEO, the Executive Development Plan results are the reference point for the decisions related to new appointments and for the evaluation of possible candidates.

More specifically the succession planning of the Executive Management Committee (EMC – normally the first reporting lines to the CEO) of the Group is based on a "pool" approach, where a number of Executives are selected based on their potential and ability to prospectively cover one or more positions at EMC level.

To add an external market perspective to the internal appraisal of the identified candidates, as well as to provide additional development opportunities, a specific assessment process has been launched in partnership with external Executive Search Firms since 2016. The process ascertains the standing of UniCredit leadership pipeline against external market benchmarks and validates the perceived "quality" of the selected Executives in addition to their internal performance evaluation. The exercise with the external party also gives the opportunity to draft a series of individual development plans to accelerate individual Executives growth.

4.2 Composition

Pursuant to the Articles of Association, the UniCredit Board of Directors may be comprised of between a minimum of 9 up to a maximum of 24 members. As at March 5, 2019, the number of Directors is 15.

Their term in office is three financial years, unless a shorter term is established at the time they are appointed, and ends on the date of the Shareholders' Meeting called to approve the financial statements relating to the latest year in which they were in office.

The Ordinary Shareholders' Meeting held on April 12, 2018, appointed the Directors for the financial years 2018 - 2020 intended to stay in office until the date of the Shareholders' Meeting called to approve the 2020 financial statements.

According to Clause 20 of the Articles of Association and pursuant to the applicable laws and regulations, the Board had proposed to the aforesaid Ordinary Shareholders' Meeting of April 2018 the appointment of the Directors, after setting their number. The Board, in such circumstance, recommended that shareholders, in submitting lists of candidates, should take into account the document containing the qualitative and quantitative composition of the Board of Directors deemed optimal, approved by the Board itself in February 2018.

Referring to the faculty of the Board of Directors, expressly provided in the Articles of Association, to submit its own list of candidates, on February 7, 2018, the outgoing Board unanimously approved its own list of candidates to the post of Director, taking into account its approach concerning the body's quantitative composition deemed as optimal and, in execution of its February 2018 resolutions, filed a proposal to the Shareholders' Meeting to determine in 15 the number of Directors to elect. The candidates on the list have been chosen on the basis of the procedure for identifying the candidates approved by the Board and the adopted criteria for the issuing of the same list have ensured the abidance by the requirements highlighted in the qualitative and quantitative profile approved by the Board on the same date.

Two lists were submitted, filed and published according to the deadline and in the terms provided for by current provisions and by the Articles of Association:

List no. 1 submitted by the outgoing Board of Directors:
Mr. Fabrizio Saccomanni (Chairman), Mr. Jean Pierre Mustier (Chief Executive Officer), Mr. Mohamed Hamad Al Mehairi, Mr. Lamberto Andreotti, Mr. Sergio Balbinot, Mr. Cesare Bisoni, Ms. Martha Dagmar Boeckenfeld, Ms. Isabelle de Wismes, Mr. Stefano Micossi, Ms. Maria Pierdicchi, Mr. Andrea Sironi, Mr. Alexander Wolfgring, Ms. Elena Zambon, Ms. Elisabetta Pizzini and Mr. Giuseppe Cannizzaro;
List no. 2 submitted by several Funds, with an overall shareholding equal to 1.63% of the share capital: Ms. Francesca Tondi and Mr. Vincenzo Cariello.

In addition to the above slates also the following documentation was submitted and published in accordance with the prescribed deadlines and procedures:

a statement of shareholders, others than those who hold, also jointly, a controlling or relative majority shareholding, attesting the inexistence of any connection, with the latter, as provided for by Section 144/quinquies of the CONSOB Issuers Rules, taking into account the recommendations issued by CONSOB with its Communication no. DEM/9017893 dated February 26, 2009;
exhaustive information on the personal and professional characteristics of the candidates indicated on the slate (curriculum vitae and list of the supervisory, managerial and controlling offices held in other companies);

Board of Directors

the statements of each candidate accepting the position (subject to his/her appointment) and attesting, under his/her own responsibility, that there is no reason for his/her ineligibility, forfeiture or incompatibility to his/her candidacy, as well as that he/she meets the professional experience and integrity requirements required by the current provisions, also of a regulatory nature;
a statement by each candidate concerning his/her meeting or not the independence requirements pursuant to Section 148, sub-section 3, of the TUF and the Corporate Governance Code (which coincide with those envisaged by the UniCredit Articles of Association) as well as information about the knowledges/expertise gained in the areas envisaged by the theoretical profile.

Information on the personal and professional characteristics of each candidate, shown in their curricula, the statements provided for by current laws and by the UniCredit Articles of Association as well as those provided for by the theoretical profile, and, more specifically, the statements certifying their meeting or not the independence requirements prescribed by law and by the Corporate Governance Code were made available on the UniCredit website (https://www.unicreditgroup.eu/en/governance/shareholders-meeting.html). In particular, when submitting their candidacies Mr. Saccomanni, Mr. Al Mehairi, Mr. Andreotti, Mr. Bisoni, Ms. Boeckenfeld, Mr. Cariello, Ms. de Wismes, Mr. Micossi, Ms. Pierdicchi, Mr. Sironi, Ms. Tondi, Mr. Wolfgring and Ms. Zambon declared their independence pursuant to the TUF, the Articles of Association and the Corporate Governance Code. Mr. Balbinot declared his independence pursuant to the TUF.

The Shareholders' Meeting on April 12, 2018, after having resolved that the members of the Board of Directors should be 15, as proposed by the outgoing Board, appointed the Directors for the financial years 2018 – 2020 as follows:

Mr. Fabrizio Saccomanni, Mr. Jean Pierre Mustier, Mr. Mohamed Hamad Al Mehairi, Mr. Lamberto Andreotti, Mr. Sergio Balbinot, Mr. Cesare Bisoni, Ms. Martha Dagmar Boeckenfeld, Ms. Isabelle de Wismes, Mr. Stefano Micossi, Ms. Maria Pierdicchi, Mr. Andrea Sironi, Mr. Alexander Wolfgring and Ms. Elena Zambon were appointed from List no. 1, obtaining the relative majority of the Shareholders' votes;
Ms. Francesca Tondi and Mr. Vincenzo Cariello were appointed from List no. 2, voted by the minority of the Shareholders.

The Board composition resulting from the appointment process was:

quantitatively corresponding to that singled out as optimal by the Board itself. The Board had determined in 15, the quantitative composition deemed to be optimal and the shareholders, who are in charge to decide on, agreed on such proposal, which was consequently approved by the Shareholders' Meeting;
qualitatively corresponding to the theoretical profile singled out by the Board as well as suitable pursuant to the ECB "Guide to fit & proper assessment".

More in detail, also in light of the information given by the person concerned, the requirements concerning, inter alia, experience, integrity and independence, as well as time commitment and the limits upon the maximum number of offices that Directors may hold¹¹ established by the provisions of the CRD IV Directive (Directive 2013/36/EU dated June 26, 2013), were abided by.

The Director's personal qualities, as well as age and gender diversity (the female component was equal to one third of the total) - in line with the composition criterion of the Board of Directors established by the Italian Law n. 120/2011, in its ordinary enforcement regime - fully comply with the indications of the theoretical profile.

With reference to the time commitment recommended for an effective attendance to the Board and Committees meetings, all Directors, inter alia, declared their ability to commit sufficient time to duly perform their functions. The commitments declared by the Directors were found to be compatible with the commitment required to carry out their duties at UniCredit, also including sitting on Board Committees, when applicable.

¹¹ See following paragraph on the "Maximum number of offices held in other companies"

Furthermore, with reference to the professional expertise accrued in the areas of competence envisaged by the theoretical profile (i.e., Banking Business, Banking Governance, Risk and Control, Legal and Regulatory, Strategic Planning, Accounting & Audit, Financial and International Markets, Sustainability), all of the areas were represented in the Board. The experience gained by all Directors is in line with the requirements provided for by the profile, considering that they possess a good understanding and experience in more than two of the areas of competence required by the qualitative and quantitative profile.

Regarding the "collective suitability", the sum of the candidates' profiles matched with the ideal overall Board composition. Specifically, almost all Directors have financial and international markets competencies, as well as international experience; about 40% of them had previous experience in top executive roles; well represented is the expertise in Banking Business, Risk and Control, Accounting, Audit and Legal areas; on average the Directors possess six areas of competence out of nine identified by the Board; all the core competencies are covered within the Board.

After the above appointments, further to the resignation handed in by the Director Mr. Andrea Sironi (effective on February 7, 2019), the Board of Directors, in its meeting held on February 6, 2019, has co-opted as Director Ms. Elena Carletti, effective from February 7, 2019.

The selection of the above Director has been carried out following the articulated process for selecting candidates to the post of Board of Directors' member approved by the Board on the July 6, 2017. The choice of Ms. Carletti, on proposal of the Corporate Governance, Nomination and Sustainability Committee, has been made in compliance with the necessary requirements and in accordance with the criteria defined in the theoretical profile approved by the Board in February 2018. Such appointment has further improved the gender diversity of the UniCredit Board, increasing the percentage of female Directors well above the quota recommended by current provisions. After the appointment, the correspondence to the theoretical profile defined by the Board was checked, including the abidance to the maximum number of offices to be held.

The composition of the Board in office at the approval date of the Report is given at the end of this Section.

Age breakdown Gender breakdown

The apportionment of the Board members according to age and gender are detailed hereinafter.

The Board of Directors members meet the professional experience and integrity requirements envisaged by current provisions.

Board of Directors

For any further details regarding the composition of this corporate body, and the personal and professional characteristics of each Director, reference is made to the information published on the UniCredit website¹². With regard to the requirements that UniCredit Directors must meet, in addition to those required by current laws and regulatory provisions, reference is made to the document "Qualitative and Quantitative Profile of UniCredit S.p.A. Board of Directors" published on the Company's website.

The following chart shows the seniority in office since their first appointment of the current Directors as at the approval date of this Report:

Directors	First appointment date	Directors	First appointment date
Al Mehairi Mohamed Hamad	October 2015	Micossi Stefano	April 2018
Andreotti Lamberto	April 2018	Mustier Jean Pierre	June 2016
Balbinot Sergio	June 2016	Pierdicchi Maria	April 2018
Bisoni Cesare	May 2015	Saccomanni Fabrizio	November 2017
Boeckenfeld Martha Dagmar	September 2016	Tondi Francesca	April 2018
Cariello Vincenzo	April 2018	Wolfgring Alexander	May 2013
Carletti Elena	February 2019	Zambon Elena	May 2015
de Wismes Isabelle	April 2018

Time commitment and number of offices

In light of the provisions contained in the relevant regulations, the availability of time to be dedicated to perform the office, based upon the nature, quality and complexity of the same, is an essential requirement to be guaranteed by Directors, also in relation to the activities deriving from participation in the works of the Board Committees, for members thereof.

The UniCredit Board, within its qualitative and quantitative profile approved in February 2018, recommended that candidates accept the office only if they believe they are able to dedicate the necessary time to that position, considering the following factors: their other professional or personal commitments and circumstances, as well as the conduct of offices covered in other companies; the nature, scale and complexity of the activities performed, the size and the situation of the entities where the positions are held, the place or country where the same entities are based.

Also in line with the ECB guidelines, with a particular attention to the good functioning of the Board and the contribution of each member to its internal dialogue, the Board carried out an estimate to be intended as a reference to assess the minimum time needed for an appropriate meeting attendance, summarized in the following chart.

¹² The address of the UniCredit web site where the information concerning the Directors is available is the following: https://www.unicreditgroup.eu/en/governance/board-of-directors.html

Chairman of the Board of Directors	2/3 days per week
Chief Executive Officer	full time
Chairman of a Board Committee	2 days for each Committee's meeting
Non-executive Director	20 days per year
Member of the Corporate Governance, Nomination and Sustainability Committee	12 days per year
Member of the Internal Controls & Risks Committee	12 days per year
Member of the Remuneration Committee	9 days per year
Member of the Related-Parties Committee	15 days per year

With specific reference to the percentage of attendance at Board and Committee meetings, the same should not be lower than 75% per annum; attendance should preferably be physical, save for extraordinary meetings.

Finally, with reference to the limits upon the maximum number of offices that the UniCredit Directors may hold, should be noted that since December 2008 the Board, in its Regulations as well as in its qualitative-quantitative profiles approved in March 2012 and 2015, expressed its opinion on the maximum number of offices that may be held at the same time according to the provisions of the Corporate Governance Code and to the Supervisory Regulations on banks' organization and corporate governance issued by Banca d'Italia.

In the document dealing with its qualitative and quantitative profile lastly approved in February 2018, the Board deemed necessary to recall the specific minimal limits envisaged by the CRD IV Directive (Directive 2013/36/EU dated June 26, 2013), taking also into account the principles contained in the draft Ministerial Decree concerning the rules on suitability requirements and criteria for holding the offices in the process of being issued pursuant to, inter alia, Section 26 of the Legislative Decree no. 385/1993.

Therefore, within the above mentioned theoretical profile, UniCredit provides that each Director may cover in total (in any type of company, excluding organisations that do not pursue primarily commercial objectives):

one executive office and two non-executive offices
four non-executive offices

with the following specifications, without prejudice to the other relevant provisions that may result after the transposition of the Directive into national law:

a) offices refer to the position held in Board of Directors, Supervisory Board, Management Board, Board of Statutory Auditors, or as General Manager; in foreign companies, offices refer to positions equivalent to the above, on the bases of the relevant regulations applicable to the companies;
b) are considered as a single office, inter alia, all the offices covered within:
i. the same group;
ii. enterprises not falling within the group in which UniCredit has a qualified holding, as envisaged by Section 4 of the Regulation (EU) no. 575/2013.

* * *

The following chart shows the overall number of offices as director held by the current Directors in other companies as at the approval date of this Report. The abidance by the limits on the maximum number of offices that the Directors may hold in other companies envisaged by the CRD IV Directive, was evaluated by taking into consideration the weight applicable to offices held in the same group and the statements made by the Directors themselves.

Board of Directors

Directors	Overall number of offices as director held in other companies	Directors	Overall number of offices as director held in other companies
Al Mehairi Mohamed Hamad	7 (1)	Micossi Stefano	--
Andreotti Lamberto	1	Mustier Jean Pierre	--
Balbinot Sergio	7 (1)	Pierdicchi Maria	3
Bisoni Cesare	--	Saccomanni Fabrizio	--
Boeckenfeld Martha Dagmar	6 (1)	Tondi Francesca	1
Cariello Vincenzo	--	Wolfgring Alexander	5 (2)
Carletti Elena	--	Zambon Elena	12 (1)
de Wismes Isabelle	--

(1) The weight applicable to offices held within the same group was taken into account

(2) The weight applicable to offices held within the same group and the fact that offices that do not mainly pursue commercial aims do not count were taken into account

* * *

Moreover, Directors must take into account the provisions of Section 36 of Law Decree no. 201/2011 (ban on interlocking directorships), approved as statute by Law no. 214/2011, which establishes that holders of a seat in managerial, supervisory and controlling bodies, as well as top management officers in companies or groups of companies active in banking, insurance and financial markets are forbidden to hold similar offices, or to exercise similar duties, in competing companies or groups of companies. The Board must check the existence both of situations falling within the provisions of Section 36 and of situations of supervening forbidden coexistence.

Initiatives of induction and recurring training

In UniCredit a permanent induction program is active for the Board members, also for the benefit of the Board of Statutory Auditors members, based on three year cycles connected to the Board mandate, with the aim of ensuring an ad hoc training on a continuous basis that takes in account both their individual and collective needs.

The induction program, which is put in place with the support of an external consultant, includes both sessions aimed at fostering the integration of new Directors and recurring trainings to preserve over time the expertise needed for the proper fulfilment of their duties.

In addition, individual training plans will be activated in the event it is deemed necessary to strengthen his/her specific technical knowledge and expertise, also to increase the level of diversity and the collective experience of the Board of Directors.

During the Period, training sessions and in-depth study initiatives have been focused on topics of strategic relevance, including the ones linked to digital competencies and cyber security, business and relevant organisational structures, knowledge of macroeconomic scenarios, development of markets as well as legal and regulatory topics, with the aim of assuring awareness and knowledge of the risk profile adopted by the Group.

More specifically, the Chairman of the Board of Directors has supervised that inclusion programmes and training schemes were prepared and implemented for the newly appointed Directors (open also to the members of the Board of Statutory Auditors) focused, inter alia, on speeches by Group Top Executives. Specific initiatives for in-depth examination of topics falling within the competencies of the Board Committees have been devoted to members of each Committee.

Furthermore, specific meetings with the Directors, open also to the members of the Board of Statutory Auditors, have been arranged, focused on the perspectives and key elements for Group strategy and of the entire European banking sector.

4.3 Board of Directors' role

Meetings and functioning

During the last Period, the Board of Directors met 17 times, with an average length of about 3 hours and 25 minutes. The means of attendance of the Board of Directors members to the meetings held during the last operating year are highlighted in the chart at the end of this Section.

For the 2019 financial year, 13 meetings have been planned, of which 3 already held as at March 5, 2019.

The planning of the Board's proceedings is a responsibility of the Chairman, in relation to the items scheduled on the Agenda, on proposal of the Chief Executive Officer. Furthermore, the Chairman ensures that the necessary time is allowed for an effective discussion of the items on the Agenda, encouraging the Directors - during the meetings - to give their contribution.

The General Manager has attended Board meetings, without voting rights; furthermore, Executive Management Committee members and the permanent guests to the same Committee, the Head of the Internal Audit, the Manager charged with preparing the company financial reports, as well as other members of the Management of the Company and the Group have been invited to attend Board meetings, again without voting rights, to report on specific issues as well as, inter alia, to assist the Chief Executive Officer in the presentations to the Board itself.

The UniCredit Corporate Bodies and Committees Regulation establishes that, as a rule, appropriate pre- meeting documentation and the information necessary for Directors to express their opinions in an informed manner on the topics under deliberation are made available at least 3 working days prior to the Board, to the Directors and Statutory Auditors. Such timescale was generally abided by and normally moved up, except for particular cases and for justified reasons due to the nature of the resolution to be taken. In specific cases, should it have proved impossible to give the necessary information flow within the above term, the Chairman has seen to it that the necessary indepth studies have been carried out during the Board meetings.

Duties

Pursuant to Clause 23 of the Articles of Association, the matters reserved to the competence of the Board of Directors include the resolutions concerning the general guidelines and the adoption and amendment of business, strategic and financial plans for the Company, as well as the periodic monitoring of their implementation.

Moreover, in compliance with the Corporate Bodies and Committees Regulation, the Board shall have the exclusive competence for:

determining general operational guidelines for the Group's growth policies preparatory to drafting strategic, industrial and financial multi-year plans and operating budgets for the Company and the Group, in addition to periodically reviewing whether these guidelines match corporate activities and external circumstances, adopting and amending such plans and checking that they are appropriately implemented;
establishing guidelines for the internal controls system consistently with the strategic guidelines and risk appetite established by the Board itself, according to the instructions given by the Supervisory Authorities and the applicable law. On a yearly basis, the Board sets out and approves the Group Risk Appetite Framework, consistently with the timeline of the Budget process and the definition of the financial plan and establishes

Board of Directors

policies to govern the risks to which the Group may be exposed, as well as the risk targets and tolerance thresholds. Furthermore, with regard to the credit risk, the Board approves general guidelines for the management system of the risk mitigation techniques;

approving the UniCredit organizational structure and corporate governance, in order to ensure a clear distinction of responsibilities and functions, as well as preventing conflict of interest, concerning the corporate structure and Group governance models and guidelines;
examining and approving transactions undertaken by the Company and the companies belonging to the Group which are significant from a strategic, economic, balance-sheet and financial perspective.

The Board, for the purpose of informing on such topics the Board of Statutory Auditors of the Company pursuant to the applicable regulatory provisions, has defined the criteria for identifying the transactions of strategic, economic, equity-related and financial relevance for UniCredit S.p.A., with specific reference to situations in which one or more Directors hold an interest directly or on behalf of third parties and, more in general, transactions with related parties. In detail, all the transactions of a critical or relevant nature must be reported to the Board of Statutory Auditors and in any case those concerning:

entry/consolidation of the position in a strategic sector/market;
definition/modification of shareholding structures with third party partners with whom governance-related agreements are executed;
decisions impacting strategic equity holdings;
decisions significantly impacting the organisational structure of the company or the Group;
situations in which economic/equity-related/financial thresholds (as defined by the Board) are exceeded in relation to the type of transactions involved;
modifications to the company's share capital structure;
new legal proceedings and developments in existing ones determining potential liabilities in excess of a certain threshold defined as per the decision of the Board, or potentially at risk of becoming relevant for the company's sector ("pilot proceedings").

Pursuant to Section 136 of the TUB, the resolutions concerning the obligations of any kind or the purchase or sale agreements implemented by the UniCredit corporate officers, directly or indirectly, with the same bank fall within the exclusive responsibility of the Board of Directors.

* * *

The Board of Directors:

continuously monitors the general management performance with special reference to the conflict of interest management - also by analysing the information received from the delegated bodies and the Board committees and periodically comparing results achieved versus targets – as well as assessing the adequacy of the organisational, administrative and accounting structure of UniCredit and, also by issuing policies and guidelines, of all its strategically relevant subsidiaries, with particular regard to the internal control system and the conflicts of interest management;
ensures that the main corporate risks are correctly identified and measured, managed and monitored adequately, taking into account how they evolve and interact, and, furthermore, establishing criteria for the compatibility of such risks with a sound and prudent management of the Company.

In particular, the Board identified the following controlled companies as having strategic relevance: UniCredit Bank AG (former HVB), UniCredit Bank Austria and FinecoBank.

The role played by the Chairman of the Board

The Chairman is responsible for ensuring that the corporate governance system functions effectively, also with regard to any aspects related to internal and external communications, serving as an interlocutor for the Board of Statutory Auditors and the Board Committees; while remaining neutral, the Chairman promotes dialogue among

executive and non-executive positions, seeking the active participation of non-executive members in the Board's proceedings so that the resolutions it reaches are the result of adequate debate and an informed and effective contribution from all of its members.

In particular, the Chairman ensures that:

i) in good time, Directors are sent supporting documentation on the Board's deliberations or, at the very least, initial information on the issues under debate;
ii) supporting documentation and information on resolutions, in particular documents distributed to non-executive members, are adequate in terms of quantity and quality in regard to the items on the Agenda;
iii) when preparing the Agenda and chairing Board discussions, issues of strategic relevance are given priority, and that all necessary time is set aside for them;
iv) the Heads of the corporate control functions have direct access to the Board of Directors when necessary. To this end, meetings between the Chairman and the Heads of the corporate control functions are organized on a regular basis;
v) as a rule on a quarterly basis, opportunities are arranged for all Directors to meet, also apart from Board meetings, in order to investigate and discuss strategic issues;
vi) the self-assessment process is undertaken effectively, its terms and conditions comply with the degree of complexity of the Board's work, and envisaged corrective measures are adopted to tackle any detected shortcomings;
vii) inclusion programs and training schemes are prepared and implemented for members of the Board of Directors and Board of Statutory Auditors, along with succession plans for senior management positions.

Moreover, the Chairman manages relations with shareholders and the Supervisory Authorities with regard to matters falling within his/her purview and activities as a liaison to the Board of Directors and Shareholders' Meeting, in agreement with the CEO.

In order to effectively carry out his/her duties, the Chairman, who has a non-executive role and does not undertake operational functions, even in a de facto manner, maintains necessary and advisable relations with the CEO, has access to all company functions, may attend Board Committee and managerial Committee meetings, receives information, including on specific topics, regarding the management of the Company and the Group as well as on the general current and expected performance of the management itself.

Where absent or impeded, the Chairman is replaced by the Vice Chairman. Where both the Chairman and Vice Chairman are absent or impeded, the meeting is chaired by the oldest Director.

Self-assessment

On March 5, 2019, the Board of Directors closed the recurring self-assessment process focused on the adequacy of the Board itself and its Committees in terms of composition and functioning. The self-assessment process, focused on the first year of the 2018-2020 mandate, has been performed in accordance with the provisions of the Corporate Bodies and Committees Regulation, adopted in compliance with the Supervisory Regulations on banks' corporate governance and in line with the recommendations of the Italian Corporate Governance Code.

For the performance of the self-assessment process, UniCredit engaged the Korn Ferry company as an independent external consultant. Korn Ferry was selected by the Chairman of the Board, upon proposal of the Corporate Governance, Nomination and Sustainability Committee, and entrusted with providing consultancy during each stage of the process. Said company, chosen in view of its competence and expertise in corporate governance, is acknowledged as possessing the neutrality, impartiality and independence of judgment required by the Corporate Bodies and Committees Regulation.

As far as independence is concerned, please note that in 2018 UniCredit assigned some other projects and activities to Korn Ferry, that do not affect the independent and unbiased position of the latter.

Board of Directors

In compliance with the provisions of the Corporate Bodies and Committees Regulation the process also concerned:

qualitative and quantitative composition, size, degree of diversity, professional training, experience (including managerial), seniority in the present post, a guaranteed balance of non-executive and independent members, adequacy of the appointment processes and selection criteria, and ongoing professional development;
meeting sessions, frequency, duration, the degree and form of attendance, sufficient time available to dedicate to the assignment, the relationship of trust, cooperation and interaction among members, awareness of the role covered and the quality of debate on the Board.

With the assistance of the Korn Ferry company, the process broke down into the following stages:

examination: carried out in accordance with the provisions of the Corporate Bodies and Committees Regulation, through questionnaires and individual interviews;
assessment of the outcome of the self-assessment process, with the support of the consultant, in order to identify strengths and weaknesses that emerged and to draw up a proposal for actions deemed appropriate;
drawing up of the process outcome summary document: results from the analysis were set out in an ad-hoc document which illustrates, inter alia, the methodologies made use of, the individuals involved and the results achieved, highlighting strengths and weaknesses, as well as any necessary corrective actions proposed.

The questionnaires and interviews were focused on different topics concerning the composition and functioning of the Board of Directors and its Committees, with the aim of supporting Directors in identifying further areas of improvement for the Board of Directors' performance.

The results of the Board Review on 2018 activities define a positive aggregated picture of the effectiveness of the Board and its Committees. All components operate in a transparent and effective way, meeting national and international corporate governance best practices.

With the intent of continuous improvement, Directors identified some insights with which to build further the significant level of effectiveness already achieved by the Board in its first year of mandate.

The results of 2018 Board Review highlight the following strengths:

Directors recognise how the current Board is built on the right mix of gender, age and seniority. Among competence areas there is a stronger coverage of risk management, control and financial regulation.
Board dynamics have grown rapidly, building a solid base to be developed further. All members appreciate the open discussion and interaction among Directors and with the management.
The Board recognises and appreciates the role and the effort of the Chairman in facilitating discussion and contribution, as well as organizing Agenda and building team spirit and work.
Board Committees are considered very capable of preparing the analysis and the discussion of specific subjects. They are also very effective in presenting at Board level the summary of the analysis avoiding the duplication of the debate, leveraging the application of the recently issued Corporate Bodies and Committees Regulation.

Some improvement insights have been brought up and specifically:

The Board would expect to be more engaged on strategic issues and decisions rather than technical issues.
Some Board members have shown an interest in having greater visibility and understanding of local geographies and business.
The Board has identified digital technology and banking business as the two major competence areas to be developed among Directors, in order to effectively engage and support the management in implementing business strategy.
Several Directors appreciate that succession strategy can be further considered at Board level, working on the base of what has been developed and shared so far, taking into account the recent exposure to the application of succession planning implemented in the re-organization of CEO first level report positions.
Pre-meeting documents, to be shared more in advance in order to allow Directors to carry out a deeper analysis.

Competitive business

At the Shareholders' Meeting held on April, 12, 2018, in occasion of the Board of Directors' renewal, has not been submitted any proposal of general and preventive authorization to the exercise of competitive business for Board Directors' members, pursuant to Article 2390 of the Italian Civil Code.

In occasion of the Board's assessment of all the requirements envisaged by laws for the Directors appointed by the abovementioned Shareholders' Meeting, no relevant cases pursuant to said Article have emerged.

Furthermore, while it is up to each Director to report any such situation arising pursuant to Article 2390 of the Italian Civil Code, the Board of Directors was not required to assess the merits of any situations during the Period.

4.4 Delegated Bodies

Chief Executive Officers

The awarding (and revoking) of the authorities to the Directors is up to the Board, that sets out their subject matter, their limits and the ways according to which they made be done.

The only Board member with management powers is Mr. Jean Pierre Mustier, Chief Executive Officer of the Company, to whom the Board of Directors has granted powers, within pre-defined limits, and also the authority to sub-delegate powers, across all sectors of the Bank's business. For information on the granted powers reference is made to the Annex "Managerial powers" to this Report.

The Chief Executive Officer is responsible for the management of the Company and, as far as he is concerned, the interlocking directorates situation envisaged by the Corporate Governance Code does not occur.

Chairman of the Board of Directors

The Chairman has not been granted managerial authorities, does not undertake operational functions, even in a de facto manner, and therefore does not have any executive role. The Chairman does not hold a relevant share of the Company equity.

Other executive Directors

None of the Directors sitting on the UniCredit Board of Directors – besides the Chief Executive Officer – can be defined as executive pursuant to the Criterion 2.C.1. of the Corporate Governance Code.

Reporting to the Board

Information flows among and within the corporate bodies is a prerequisite for the achievement of management efficiency and effective control objectives.

UniCredit has procedures to ensure adequate information flows among its corporate bodies. As far as concerns in particular the internal controls system, these flows, their content and deadlines have been identified in detail by the Board of Directors in the Document of corporate bodies and control functions, that it approved. Within the Corporate Bodies and Committees Regulation, a list of the parties required to send information flows, on a regular basis, to the

Board of Directors

corporate bodies, including an illustration of the minimum content and the timing of the main flows, have been identified.

In particular, in the exercise of all of his proposal and decision-making powers and/or power to submit information to the Board of Directors, the Chief Executive Officer was the recipient of the information flows that the Bank structures earmark for the body with supervisory functions in compliance with the legal and regulatory provisions in force at the time.

Furthermore, the Chief Executive Officer - empowered by the Board with the faculties and mandate necessary to execute all the operations the Company may undertake pursuant to Clause 4 of the Articles of Association - supplied the Board of Directors with a report on the sub-delegate powers granted and on the activities carried out also by the management in the exercise of the delegated powers according to the terms, conditions and deadlines defined by the Board itself. Detailed information on such powers is contained in the Annex "Managerial powers" to this Report.

4.5 Independent Directors

In compliance with the criteria established by Section 3 of the Corporate Governance Code (which coincide with those envisaged by the UniCredit Articles of Association) and the provisions set out by Section 148 of the TUF, the Directors' independence shall be assessed by the Board of Directors every time the Board is renewed, as well as on an annual basis and whenever a person is appointed as Director, on the basis of the information provided by the Director him/herself or, however, available to the Company. The outcome of the assessments of the Board shall be notified after the appointment, through a press release disclosed to the market and, subsequently, within the Corporate Governance Report.

With reference to the Board of Directors' members in office as of the approval date of this Report, the Corporate Governance, Nomination and Sustainability Committee and the Board of Directors, the latter at the verification at the time of the Board renewal carried out during its meeting held on May 9, 2018, as well as at the verification of an individual Director made on March 5, 2019 meeting, carried out the assessment of the Directors' independence requirements based on the statements made by the parties concerned and on the information available to the Company.

With specific reference to the independence requirements laid down by the Corporate Governance Code and the Articles of Association, information relating to the existence of direct or indirect relationships (credit relationships, business / professional relationships and employee relationships, as well as significant offices held) that the Directors and their other connected subjects may have with UniCredit and Group Companies was taken into account.

In order to assess the potential significance of the abovementioned relationships, the Board of Directors has decided not to proceed with merely identifying predefined economic targets, which if simply exceeded could automatically indicate that independence has been compromised, as such check requires an overall assessment of both objective and subjective aspects. Therefore, for this purpose, the following criteria should be taken into account: (i) the nature and characteristics of the relationship; (ii) the amount in absolute and relative terms of the transactions; and (iii) the subjective profile of the relationship.

More specifically, when assessing the significance of the relationship, the following information, where available, is considered by the Board:

as far as credit relations are concerned, the amount in absolute value of the credit granted, its weighting in relation to the system and, where appropriate, the economic and financial situation of the borrower;
as far as professional/commercial relations are concerned, the characteristics of the transaction / relationship, the amount of the consideration and, where appropriate, the economic and financial situation of the counterparty;
as far as offices held in Group companies are concerned, the total amount of any additional remunerations.

In all the above cases, all the parties involved (Director or family member; UniCredit or Group Company) and, for relationships with companies/entities, the related kind of "connection" (post held/control participation) with the Director or the family member were taken into account.

In view of the above, in its abovementioned May 9, 2018 and March 5, 2019, meetings, the Board ascertained that the independence requirements were met as declared by the Directors themselves. In particular, with regard to the Directors concerning whom the information acquired has highlighted the existence of relationships of the above type, the Board came to the conclusion that they were not such as to affect the Directors' independence .

On that regard, credit relations with UniCredit and/or Group companies have been identified – and evaluated on the basis of the abovementioned adopted criteria – for Directors Mr. Bisoni, Ms. Carletti, Mr.Wolfgring and Ms. Zambon and relations of a professional/commercial nature with UniCredit and/or Group companies for Directors Ms. Boeckenfeld, Mr. Wolfgring and Ms. Zambon. In detail:

Director Mr. Cesare Bisoni has credit relations: (i) direct, of a personal nature; (ii) indirect, via close family members;
Director Ms. Martha Dagmar Boeckenfeld has no significant relations of a professional/commercial nature with a Company in which she is a prominent representative;
Director Ms. Elena Carletti has no significant direct credit relations, of a personal nature;
Director Mr. Alexander Wolfgring has credit relations: (i) direct, of a personal nature; (ii) indirect via close family members; (iii) indirect, via companies in which he is a prominent representative;
Director Ms. Elena Zambon has indirect credit relations via companies in which she or a close family member is a prominent representative. In addition, Director Ms. Zambon is a prominent representative in a company that received payments of low amount from UniCredit as well as in two non-profit organizations that received economic contributions for training initiative linked to their own institutional activities.

As a result of such assessments, the number of the independent Directors according to the provisions of the Corporate Governance Code is equal to 12. The outcome was the following:

"Independent" Directors pursuant to the Articles of Association and of the criteria envisaged by the Code: Mr. Bisoni, Mr. Al Mehairi, Mr. Andreotti, Ms. Boeckenfeld, Mr. Cariello, Ms. Carletti, Ms. de Wismes, Mr. Micossi, Ms. Pierdicchi, Ms. Tondi, Mr. Wolfgring and Ms. Zambon.

Moreover, the Board of Directors in the aforesaid meetings held on May 9, 2018 and March 5, 2019, also ascertained - pursuant to the rules and regulations on listed issuers contained in the TUF - that the independence requirements in accordance with Section 148 of the TUF too were met. The outcome of such evaluations was the following:

* * *

"Independent" Directors pursuant to Section 148 of the TUF: Mr. Saccomanni, Mr. Bisoni, Mr. Al Mehairi, Mr. Balbinot, Ms. Boeckenfeld, Mr. Cariello, Ms. Carletti, Ms. de Wismes, Mr. Micossi, Ms. Pierdicchi, Ms. Tondi, Mr. Wolfgring and Ms. Zambon.

According to the Corporate Governance Code, the Board of Statutory Auditors, in its May 22, 2018 meeting, ascertained, with a positive outcome, the proper application of the criteria and procedures adopted by the Board of Directors to assess the independence of its own members at the time of the Board renewal. The proper application of the criteria and procedures adopted by the Board of Directors at its March 5, 2019 meeting, to assess the independence of an individual Director, will be ascertained by the Board of Statutory Auditors at a future meeting following the approval date of this Report.

Board of Directors

Independent Directors' meeting

The meeting of the independent Directors pursuant to criterion 3.C.6 of the Corporate Governance Code scheduled for the 2018 financial year was held, for organizational reasons, on March 5, 2019.

The independent Directors met, pursuant to the Code provisions, with none of the other Directors in attendance, for an exchange of views concerning corporate governance topics.

During the meeting, remarks were made on the full report outlining the results of the 2018 self-assessment process for the Board of Directors and its Committees, drafted by the advisor firm Korn Ferry, for an analysis of the document by the independent Directors.

4.6 Lead Independent Director

The UniCredit Board of Directors has not so far designated an independent Director as Lead Independent Director, considering that the conditions set forth by the Corporate Governance Code for his/her appointment do not exist:

(i) whether the Chairman of the Board of Directors is the Chief Executive Officer of the Company;
(ii) whether the office of Chairman is held by the person controlling the issuer;

(iii) whether requested by the majority of independent Directors.

Position	Members	since	In office until	Slate (M/m)*	Executive	Non-executive	Articles of Association Independent as per and Code	Independent as per TUF	** Board meetings % attendance	Number of other positions ***
Chairman	Saccomanni Fabrizio	12-04-2018	Approval of 2020 financial statements	M		X		X	100	--
Deputy Vice Chairman	Bisoni Cesare	12-04-2018	Approval of 2020 financial statements	M		X	X	X	100	--
CEO ◊	Mustier Jean Pierre	12-04-2018	Approval of 2020 financial statements	M	X				100	--
Director	Al Mehairi Mohamed Hamad	12-04-2018	Approval of 2020 financial statements	M		X	X	X	100	7
Director	Andreotti Lamberto	12-04-2018	Approval of 2020 financial statements	M		X	X	X	100	1
Director	Balbinot Sergio	12-04-2018	Approval of 2020 financial statements	M		X		X	100	7
Director	Boeckenfeld Martha Dagmar	12-04-2018	Approval of 2020 financial statements	M		X	X	X	94.12	6
Director	Cariello Vincenzo	12-04-2018	Approval of 2020 financial statements	m		X	X	X	90.91	--
Director	Carletti Elena	07-02-2019 (1)	11-04-2019	--		X	X	X	--	--
Director	de Wismes Isabelle	12-04-2018	Approval of 2020 financial statements	M		X	X	X	100	--
Director	Micossi Stefano	12-04-2018	Approval of 2020 financial statements	M		X	X	X	100	--
Director	Pierdicchi Maria	12-04-2018	Approval of 2020 financial statements	M		X	X	X	100	3
Director	Tondi Francesca	12-04-2018	Approval of 2020 financial statements	m		X	X	X	100	1
Director	Wolfgring Alexander	12-04-2018	Approval of 2020 financial statements	M		X	X	X	100	3
Director	Zambon Elena	12-04-2018	Approval of 2020 financial statements	M		X	X	X	88.24	12
			Directors that left off during and after the end of the Period
Chairman	Vita Giuseppe	13-05-2015	12-04-2018	m		X		X	100	1
Vice Deputy Chairman	Calandra Buonaura Vincenzo	13-05-2015	12-04-2018	m		X		X	100	--

Board of Directors

Director	Bochniarz Henryka	13-05-2015	12-04-2018	m	X	X	X	100	2
Director	Caltagirone Alessandro	13-05-2015	12-04-2018	m	X	X	X	83.33	5
Director	Cordero di Montezemolo Luca (2)	13-05-2015	12-04-2018	m	X	X	X	83.33	4
Director	Reichlin Lucrezia	13-05-2015	12-04-2018	M	X	X	X	100	4
Director	Sironi Andrea (3)	12-04-2018	06-02-2019	M	X	X	X	72.73	3
Director	Streit Clara C.	13-05-2015	12-04-2018	m	X	X	X	83.33	4
Director	Vezzani Paola	13-05-2015	12-04-2018	m	X	X	X	100	--
Director	Wyand Anthony	13-05-2015	12-04-2018	m	X		X	83.33	2

Quorum required for the submission of the slates for the latest appointment: 0.5%

No. of meetings held during the Period: 17

NOTE:

* M = Member elected from the slate that obtained the majority of the Shareholders' votes

m = Member elected from the slate voted by the minority

** Number of meeting attended / number of meetings held during the concerned party's term of office with regard to the Period

*** Number of positions as Director or Auditor held in other companies listed on regulated markets (both in Italy and abroad), including financial services companies, banks, insurance companies or other large companies. There is a list of such companies for each Director attached to the Report

◊ Director in charge of the internal controls and risks management system

(1) Co-opted effective from February 7, 2019, in place of Mr. Andrea Sironi

(2) Mr. Cordero di Montezemolo stepped down from his role as Vice Chairman on April 20, 2017

(3) Resigned effective from February 7, 2019

* * *

The following chart shows the means of attendance of Directors (in office as at December 31, 2018) to the Board meetings held during the last operating year.

				2018
Board of Directors					Means of attendance
	Meetings	Attendance	%	physical	by teleconference	via phone
Saccomanni Fabrizio (Chairman)	17	17	100%	16		1
Bisoni Cesare (Deputy Vice Chairman)	17	17	100%	14	2	1
Mustier Jean Pierre (CEO)	17	17	100%	17
Al Mehairi Mohamed Hamad	17	17	100%	10		7
Andreotti Lamberto (1)	11	11	100%	6	5
Balbinot Sergio	17	17	100%	10	2	5
Boeckenfeld Martha Dagmar	17	16	94.12%	13		3
Cariello Vincenzo (1)	11	10	90.91%	10
de Wismes Isabelle (1)	11	11	100%	9	2
Micossi Stefano (1)	11	11	100%	9	2
Pierdicchi Maria (1)	11	11	100%	11
Sironi Andrea (1) (2)	11	8	72.73%	8
Tondi Francesca (1)	11	11	100%	9	1	1
Wolfgring Alexander	17	17	100%	12	3	2
Zambon Elena	17	15	88.24%	10		5
average attendance	213	206	96.71%	164	17	25

(1) Office held until April 12, 2018

(2) Resigned effective from February 7, 2019

Board of Directors internal Committees

In order to foster an efficient information and advisory system to enable the Board of Directors better to assess the topics for which it is responsible, also in accordance with the provisions of the Code, the Board has established four Committees, vested with research, advisory and proposal-making powers diversified by sector of competence: the Internal Controls & Risks Committee, the Corporate Governance, Nomination and Sustainability Committee, the Remuneration Committee and the Related-Parties Committee (already named Related-Parties and Equity Investments, until October 18, 2018). Their duties are undertaken based on terms of reference and procedures set forth by the Board,

The Committees consist, as a rule, of a number of members from 3 up to 5. More specifically, the Internal Controls & Risks Committee, the Corporate Governance, Nomination and Sustainability Committee and the Remuneration Committee, set up in compliance with the provisions contained in the Banca d'Italia Supervisory Regulations on banks' corporate governance envisaging 3 specialist committees – one on appointments, one on risks and one on remuneration – are composed of non-executives Directors, mostly independent pursuant to the Articles of Association. Such Committees must be differentiated from each other by at least one member and, if a Director elected by the minorities is present, that Director is a member of at least one Committee. The Chairman of each Committee shall be chosen from among the independent members. The Related-Parties Committee, set up for overseeing issues concerning transactions with related-parties and with associated parties, in compliance with the CONSOB regulatory provisions and the Banca d'Italia Supervisory Regulations, consists only of independent Directors pursuant to the Italian Corporate Governance Code.

None of the functions of one or more specialist Committees on appointments, risks and remuneration envisaged by the Code has been reserved to the Board of Directors. Moreover, none of such Committees, per se, performs the multiple functions of two or more committees as envisaged by the Code. The Committee functions have not been allocated amongst the various Committees in a manner different vis-à-vis the provisions of the Code.

The Committee's tasks are coordinated by the Chairman, who exercises all necessary powers for its proper functioning. Each Committee draws up an annual plan of activities to ensure the fulfillment of its tasks. Committee meetings are convened by the Chairman with frequency adequate to the fulfillment of its tasks and plan of activities or when needed or requested in writing, with proper motivation, by at least two members of the Committee. With reference to the Related-Parties Committee's meetings, only for reasons of urgency, in specific cases dealing with transactions falling into the decision-making powers of the Board of Directors, a meeting may be convened at least twelve hours in advance.

Committee meetings are valid if attended by the majority of their members and their resolutions are taken with a majority of votes cast. In case of absence or impediment of the Chairman, the meeting is chaired by the oldest Committee member. Should the Chairman of each Committee consider it appropriate, the meetings may be held via conference call or video conference.

All meetings of each Committee have been minuted by its Secretary, who is not a member of the Committee, appointed on proposal of its Chairman.

With reference to the composition of the Board Committees, on April 13, 2018, the Board of Directors, appointed by the Shareholders' Meeting on April 12, 2018, has set the number of each Committee members and appointed the relevant members taking into account, inter alia, the expertise and experiences gained by each Director. More specifically, the Board:

has set at five the number of the members of the Corporate Governance, Nomination and Sustainability Committee an of the Internal Controls & Risks Committee, appointing the following Directors as their respective members:
Mr. Stefano Micossi (Chairman), Mr. Cesare Bisoni, Ms. Francesca Tondi, Mr. Alexander Wolfgring and Ms. Elena Zambon;
Mr. Alexander Wolfgring (Chairman), Ms. Martha Dagmar Boeckenfeld, Ms. Isabelle de Wismes, Ms. Maria Pierdicchi and Mr. Andrea Sironi;
has set at three five the number of the members of the Remuneration Committee and of the Related-Parties Committee, appointing the following Directors as their respective members:
Mr. Lamberto Andreotti (Chairman), Mr. Andrea Sironi and Ms. Elena Zambon;
Mr. Cesare Bisoni (Chairman), Mr. Vincenzo Cariello and Mr. Stefano Micossi.

Further to the resignation handed in by the Director Mr. Andrea Sironi, the Board of Directors has appointed Ms. Elena Carletti as member of the Remuneration Committee and of the Internal Controls & Risks Committee effective from February 7, 2019.

Committee members have the necessary knowledge, skills and experience to perform the duties assigned to them and ensure that any other corporate positions they hold in other companies or entities (including non- Italian ones) are compatible with their availability and commitment to serve as a Committee member.

The following chart shows Committees' composition as at the date of the Report's approval as well as the changes occurred during and after the end of the 2018 financial year.

			Risks	Corporate Internal Governance, Controls & Nomination and Committee Sustainability Committee		Remuneration Committee		Related-Parties Committee
Members	Exec.	Non exec	Indep. as per Articles of Association and Code	*	**	*	**	*	**	*	**
Saccomanni Fabrizio		X		M (1)	100%	M (1)	100%
Bisoni Cesare		X	X	M (1)	100%	M (2)	100%			C	100%
Mustier Jean Pierre	X
Al Mehairi Mohamed Hamad		X	X
Andreotti Lamberto		X	X					C (2)	100%
Balbinot Sergio		X
Boeckenfeld Martha Dagmar		X	X	M (2)	100%
Cariello Vincenzo		X	X							M (2)	100%
Carletti Elena		X	X	M (3)	--			(3) M	--
de Wismes Isabelle		X	X	M (2)	100%
Micossi Stefano		X	X			C (2)	100%			M (2)	100%
Pierdicchi Maria		X	X	M (2)	100%
Tondi Francesca		X	X			M (2)	90.91%
Wolfgring Alexander		X	X	C	100%	M (2)	100%	M (1)	100%
Zambon Elena		X	X			M	80%	M (2)	100%
			----- Members that left off during and after the end of the Period -----
Vita Giuseppe		X		M (1)	100%	M (1)	100%	M (1)	100%
Calandra Buonaura Vincenzo		X		M (1)	100%	M (1)	100%
Bochniarz Henryka		X	X					M (1)	66.67%
Caltagirone Alessandro		X	X			M (1)	50%	C (1)	100%

Board of Directors internal Committees

Note:
No. of meetings held during the Period	IC&RC: 13		CGN&SC: 15		RC: 8		RPC: 15
Wyand Anthony	X		M (1)	100%			(1) M	100%
Vezzani Paola	X	X	M (1)	100%					M (1)	100%
Streit Clara C.	X	X	M (1)	100%	M (1)	75%
Sironi Andrea	X	X	M (4)	88.89%			M (4)	80%
Reichlin Lucrezia	X	X	M (1)	100%					M (1)	75%
Cordero di Montezemolo Luca	X	X			C (1)	100%

* A "C" (Chairman) or an "M" (Member) in this column shows that the member of the Board of Directors belongs to the Committee and also indicates his/her position

** Meetings' attendance percentage (number of meetings attended / number of meetings held during the concerned party's term of office with regard to the Period)

(1) Office held until April 12, 2018

(2) Office held since April 13, 2018

(3) Office held since February 7, 2019

(4) Office held from April 13, 2018 up to February 6, 2019

At the invitation of each Committee Chairman, the CEO, other Directors, the General Manager (when appointed), the Manager in charge of drafting the company financial reports, as well as personnel belonging to the Company and the Group, may attend Committee meetings on specific Agenda items. Without prejudice to the possibility for the Statutory Auditors to attend the meetings, at the invitation of each Committee Chairman, the Chairman of the Board of Statutory Auditors, or other Auditors designated by the latter, may be called upon to attend Committee meetings. Always at the invitation of each Committee Chairman, personnel or externals appointed in the corporate bodies of the Group's subsidiaries may be called upon to attend Committee meetings.

During the Period, the spending requirements of the Board Committees were met by an ad hoc budget. In fact, in order to perform their duties, Board Committees have access to the financial resources necessary to guarantee their operational independence and, within the limitations of the budget approved by the Board of Directors, may consult independent external experts and invite them to attend meetings; in the event of specific requirements, the relevant budget may be supplemented.

Furthermore, Committees are assured the necessary tools and information flows from the competent functions to enable them to conduct their evaluations.

Each Committee's Chairman has reported to the Board of Directors, during the first available meeting, on the activity carried out by the Committee, with the support of specific reports.

The Board Committees' functions and competencies are set forth in the UniCredit Corporate Bodies and Committees Regulation resolved by the Board¹³. For information regarding the Board Committees composition reference is made to that available on the UniCredit website¹⁴ .

¹³ The address of the UniCredit website where the Corporate Bodies and Committees Regulation is available is the following: https://www.unicreditgroup.eu/en/governance/governance-system-and-policies.html

¹⁴ The address of the UniCredit website where information regarding the Directors is available is the following: https://www.unicreditgroup.eu/en/governance/board-of-directors.html

* * *

The following charts show the means of attendance of the Board Committees members (in office as at December 31, 2018) to the meetings held in 2018.

	2018
Internal Controls & Risks Committee				Means of attendance
	Meetings	Attendance	%	physical	by teleconference	via phone
Wolfgring Alexander (Chairman)	13	13	100%	13
Boeckenfeld Martha Dagmar(1)	9	9	100%	8		1
de Wismes Isabelle (1)	9	9	100%	9
Pierdicchi Maria (1)	9	9	100%	9
Sironi Andrea (1) (2)	9	8	88.89%	7	1
average attendance	49	48	97.96%	46	1	1

(1) Office held since April 13, 2018

(2) Office held until February 6, 2019

	2018
Corporate Governance, Nomination and			%	Means of attendance
Sustainability Committee	Meetings	Attendance		physical	by teleconference	via phone
Micossi Stefano (Chairman) (1)	11	11	100%	10	1
Bisoni Cesare (1)	11	11	100%	11
Tondi Francesca (1)	11	10	90.91%	9		1
Wolfgring Alexander (1)	11	11	100%	8	2	1
Zambon Elena	15	12	80%	9		3
average attendance	59	55	93.22%	47	3	5

(1) Office held since April 13, 2018

	2018
Remuneration Committee			%	Means of attendance
	Meetings	Attendance		physical	by teleconference	via phone
Andreotti Lamberto (Chairman) (1)	5	5	100%	4	1
Sironi Andrea (1) (2)	5	4	80%	3		1
Zambon Elena (1)	5	5	100%	4		1
average attendance	15	14	93.33%	11	1	2

(1) Office held since April 13, 2018

(2) Office held until February 6, 2019

	2018
Related-Parties Committee				Means of attendance
	Meetings	Attendance	%	physical	by teleconference	via phone
Bisoni Cesare (Chairman)	15	15	100%	14	1
Cariello Vincenzo (1)	11	11	100%	11
Micossi Stefano (1)	11	11	100%	8	1	2
average attendance	37	37	100%	33	2	2

(1) Office held since April 13, 2018

Board of Directors internal Committees

5.1 Internal Controls & Risks Committee

The current "Internal Controls & Risks Committee" was established in June 2000 under the name of "Audit Committee". Its name, structure and tasks have changed over the years, in line with the evolution of the regulatory and supervisory framework as well as with the industry best practices.

Since October 18, 2018, the Board of Directors has assigned to the Internal Controls & Risks Committee also the competences on equities investments hold by banks and banking groups that the Circular no. 285/2013 issued by Banca d'Italia entrust to independent directors and that the Board of Directors

Composition

The Internal Controls & Risks Committee consists of 5 non-executive Directors.

The composition of the Internal Controls & Risks Committee as of March 5, 2019 is the following: Mr. Alexander Wolfgring (Chairman), Ms. Martha DagmarBoeckenfeld, Ms. Elena Carletti, Ms. Isabelle de Wismes and Ms. Maria Pierdicchi.

All members of the Internal Controls & Risks Committee, in its composition at such date, meet the independence requirements prescribed by the Corporate Governance Code, which coincide with those envisaged by the UniCredit Articles of Association, and are independent pursuant to Section 148, sub-section 3, of the Legislative Decree no. 58 dated February 24, 1998.

All members of the Committee meet the experience required by the applicable provisions, in particular concerning risk and control and the majority in accounting and audit.

Operations

Committee meetings are attended by the Chairman of the Board of Statutory Auditors, the Head of Internal Audit, the Chief Compliance Officer and the Group Chief Risk Officer. Staff from the external audit firm may also be invited. Said structure was progressively reached following the Board of Directors' renewal in April 2018 and the subsequent change in the number and composition, inter alia, of the Internal Controls & Risks Committee, as well as the approval of the new Corporate Bodies and Committees Regulation in October 2018. At the invitation of the Committee Chairman, The Chief Executive Officer, other Directors, the Manager in charge of drafting the Company financial reports, as well as personnel belonging to the Company and the Group, may attend Committee meetings. Furthermore, staff from external audit firm may also be invited.

During the different phases of 2018, the following were involved in the Committee activities:

The Chairman of the Board of Statutory Auditors in all the cases and the other Statutory Auditors until the renewal of the Committee's composition in April 2018;
the Heads of the corporate control functions Internal Audit, Risk Management and Compliance in all the 2018 meetings;
the Chief Executive Officer and the General Manager as permanent guests until the update of the Corporate Bodies and Committees Regulation in October 2018 and then at the invitation of the Committees' Chairman;
the Manager in charge of drafting the Company financial reports as permanent guest until the update of the Regulation in October 2018 and then upon invitation in occasion of discussions dealing with accounting topics and linked ones;
staff from the external audit firm in 6 meetings upon invitation for topics concerning its tasks.

In 2018, the Committee was not supported by external consultants.

Roles and Responsibilities

The Internal Controls & Risks Committee supports the Board of Directors on risk management and control-related issues. Hereinafter, the main roles assigned according to the current Corporate Bodies and Committees Regulation.

With a special focus on risk management and control-related issues, the Committee supports the Board of Directors in:

defining and approving strategic guidelines and risk management policies with specific reference to risk appetite and risk tolerance. For this purpose, it also examines the annual budget drafting guidelines;
verifying that risk strategies, management policies and the Risk Appetite Framework (RAF) have been correctly implemented;
defining policies and processes for evaluating corporate activities, including verification that the price and conditions of client transactions comply with the risk-related business model and strategies.

Furthermore, the Committee:

a) with the support of the Corporate Governance, Nomination and Sustainability Committee, identifies and proposes to the Board who should be appointed as Head of the corporate control functions or assesses the evaluation of their dismissal; for the Head of Internal Audit function, issues its opinion on setting the remuneration and the performance goals associated with its variable portion in line with the company policies;
b) pre-examines activity programmes (including audit plans) and annual reports from corporate control functions to be sent to the Board, as well as periodical reports prepared by these functions above and beyond legal or regulatory requirements;
c) evaluates and issues opinions to the Board on the compliance of the internal control system and corporate organization with the applicable rules and regulations, and on the requirements that must be complied with by the corporate control functions, drawing the Board's attention to any weaknesses and consequent corrective actions to be implemented; for this purpose, it assesses proposals put forward by the CEO;
d) through evaluations and opinions, contributes to defining company policy on the outsourcing of corporate control functions;
e) verifies that the corporate control functions correctly comply with the Board's recommendations and guidelines, assisting the Board in drafting the coordination documents envisaged under Banca d'Italia Circular no. 285;
f) examines and assesses the correct use of accounting principles and their uniformity with regard to drafting the main accounting documents (such as, by way of example, operating and consolidated financial statements, interim operating reports, etc.), for this purpose coordinating with the Manager in charge of drafting the company financial reports and with the Board of Statutory Auditors;
g) examines the work carried out by the Group's external auditors and the results stated in their reports or any letters and suggestions;
h) assesses any findings reported by Internal Audit and Group Compliance, or that may arise from enquiries and/or investigations carried out by third parties;
i) may seek specific audit interventions, at such time informing the Chairman of the Board of Statutory Auditors;
j) analyses Group guidelines for the Group Compliance function that fall within its remit, monitoring that they have been adopted and implemented;
k) requests that the Head of Internal Audit draft any proposals for the qualitative and quantitative improvement of the function itself;
l) is involved, within its specific remit, in the process of identifying material risk takers on an on-going basis.

Without prejudice to the competencies of the Remuneration Committee, the Committee checks that the incentives underlying the remuneration and incentive system comply with the RAF, particularly taking into account risks, capital and liquidity.

Moreover, the Committee reports to the Board of Directors on the status of the Group's internal controls system.

Furthermore, as regards investments in non-financial equities, – following the assignment of the responsibility previously performed by the Related-Parties Committee - the Committee assesses, supports and puts forward proposals with regard to organizing and enacting internal controls on the making and managing of equity

Board of Directors internal Committees

investments in non-financial companies, in addition to verifying compliance within the framework of such equity investments in terms of strategic and operational guidelines.

Activities performed

In 2018, the Internal Controls & Risks Committee held 13 meetings. On average, the Committee meetings lasted approx. 4 hours each.

In 2018, the Committee has performed information-gathering, consultative and proposition-making functions with regard to the duties assigned to it by the Board of Directors. During 5 meetings, focus sessions have been dedicated to the deepening of topics falling within the areas of competence of the Committee. More specifically, the July and October meetings were almost fully focused on deepening for training purposes.

With reference to the investments in non-financial equities- activities performed since October 2018 in occasion of the update of the Corporate Bodies and Committees Regulation - in the month of December the Internal Controls & Risks Committee has required and taken advantage of a specific in-depth training session focused on such topics, as well as on the other relevant aspects linked to the same, such as the strategic and accounting/financial ones.

Furthermore, in 2018, the Committee has setting up the necessary functional links with the Board of Statutory Auditors, so as to carrying out the activities deemed common to the two bodies, and to exchanging information of mutual interest, within the purview of their respective competencies.

For 2019, 14 Committee meetings have been planned. As at March 5, 2019, 4 meetings have been held.

5.2 Corporate Governance, Nomination and Sustainability Committee

Since June 2000, the Board of Directors has established the Nomination Committee, subsequently renamed Corporate Governance, HR and Nomination Committee. Starting from the end of the 2016 financial year, among its activities there has been included the supervision on the sustainability issues and the Committee has been renamed Corporate Governance, Nomination and Sustainability Committee.

Composition

The Corporate Governance, Nomination and Sustainability Committee consists of 5 non-executive Directors.

The composition of the Corporate Governance, Nomination and Sustainability Committee as of March 5, 2019, is the following: Mr. Stefano Micossi (Chairman), Mr. Cesare Bisoni, Ms. Francesca Tondi, Mr. Alexander Wolfgring and Ms. Elena Zambon.

All members of the Corporate Governance, Nomination and Sustainability Committee, in its composition at such date, meet the independence requirements prescribed by the Corporate Governance Code, which coincide with those envisaged by the UniCredit Articles of Association and are independent pursuant to Section 148, sub-section 3, of the Legislative Decree no. 58 dated February 24, 1998.

Working

In 2018, no. 15 meetings of the Corporate Governance, Nomination and Sustainability Committee were held, each one with an average length of 1 hour and 30 minutes. 13 meetings of the Committee are planned for 2019. As at March 5, 2019, no. 4 meetings of the Committee have been held.

During the Period, the Chairman of the Board of Directors, the Chief Executive Officer and the Secretary of the Board have always attended the meetings; Managers of the Company and external consultants were invited to attend the Corporate Governance, Nomination and Sustainability Committee meetings to discuss specific items on the Agenda.

Roles and Responsibilities

The Corporate Governance, Nomination and Sustainability Committee provides opinions and support to the Board regarding the definition of the UniCredit corporate governance system, corporate structure and Group governance models and guidelines.

Furthermore, the Committee;

a) drafts proposals to be submitted to the Board regarding the optimal qualitative and quantitative composition of the Board, and the maximum number of posts held by Directors in other companies considered compatible with effectively fulfilling these roles at UniCredit;
b) provides opinions and support regarding the Board self-assessment process, as directed by the Chairman of the Board of Directors;
c) sets targets for the least well represented gender in corporate bodies as well as for management and staff belonging to the Group, and prepares a plan to bring this proportion up to set targets;
d) drafts proposals to be submitted to the Chairman of the Board of Directors regarding the selection of staff appointed to conduct the Board's self-assessment process.

Moreover, the Committee provides opinions and support to the Board also regarding:

a) the verification that UniCredit Directors comply with the requirements provided by applicable laws and the Articles of Association (including the ban on interlocking directorships laid down by applicable laws), and that they collectively and individually ensure abidance with the qualitative and quantitative composition of the Board deemed to be optimal;
b) the selection of candidates for the post of Chairman, Chief Executive Officer and Director of UniCredit, in the event of co-optation, and, should the Board present its own list of candidates for the position of independent Director for approval by the UniCredit Shareholders' Meeting, taking into due account any recommendations from shareholders, as per the process for selecting candidates for the posts of Board of Directors' members (including the Chairman and the Chief Executive Officer), approved by the Board itself;
c) the appointment of the CEO, General Manager, Deputy General Managers and other executives with strategic responsibilities, as well as Senior Executive Vice Presidents;
d) the verification that the General Manager and the Manager in charge of drafting the company financial reports comply with the requirements provided by applicable laws and the Articles of Association, if applicable;
e) the definition of appointment and succession plan policies for the CEO, General Manager, Deputy General Managers and other executives with strategic responsibilities, Senior Executive Vice Presidents, the Group Management Team (Executive Vice Presidents) and Leadership Team (Senior Vice Presidents);
f) the definition of the policy for the appointment of corporate officers (members of the Board of Directors, Board of Statutory Auditors and Supervisory Board) at Group companies;
g) the designation of corporate officers (members of the Board of Directors, Board of Statutory Auditors and Supervisory Board) at the main companies.

Moreover, the Committee:

provides support, coordinating with the Internal Controls & Risks Committee, in proposing candidates or assessing dismissal for the roles of Heads of corporate control functions to the Board of Directors;
undertakes research to help the Board of Directors drafting a succession plan for executive Directors.

Starting from the end of the 2016 financial year, the Committee oversees sustainability issues linked to the activity carried out by UniCredit and the dynamics underpinning interactions between UniCredit and all of its stakeholders. Within this framework, in particular, the Committee: -

pre-examines the yearly Integrated Report, which constitutes a non-financial declaration pursuant to the provisions of Sections 3 and 4 of Legislative Decree no. 254/2016, to be submitted for approval to the Board of Directors;

Board of Directors internal Committees

drafts proposals with regard to the Group environmental and social strategy, annual objectives and targets, monitoring over time that they have been implemented;
oversees sustainability-related developments also in the light of the international guidelines and principles, monitoring the Group's performance.

Activities performed

During the Period, the Corporate Governance, Nomination and Sustainability Committee has expressed its views on the designation of members of the corporate bodies of the companies belonging to the Group and the appointments and movements of Group Top Management members.

Within the issues concerning corporate governance, the Committee has continued to examine and discuss the actions aimed to strengthen the Bank's governance and to align it with the best national and international practices, as well as with the investors' expectations.

More specifically, the Committee - according to the process for selecting candidates for the post of Board of Directors' member, with the support of a Head Hunting firm - has presented to the Board of Directors proposals on the submission of:

an its own list of candidates in view of the renewal of the body that had occurred in April 2018;
a candidate for the post of Director in order to integrate the Board of Directors, further to the resignation handed in by the Director Mr. Sironi, effective from February 7, 2019.

Furthermore, within such issues, the Committee has supported the Board in identifying an ideal qualitative and quantitative profile for the Board of Directors and in resolving on a specific Global Policy on the fit & proper assessment of the corporate officers and key function holders.

In order to ensure a better implementation of the recommendations of the Corporate Governance Code, some topics have been furtherly examined by the Committee such as the timeliness of pre-meetings information, the role of the Chairman of the Board of Directors, la setting of the succession plans, the organization of the supervisory body, the extension of the self-evaluation process to cover the effectiveness of the Board and Board Committees with respect to fulfilling their core tasks, as well as more in general the provisions dealing with the functioning of the Board Committees in order to improve their efficacy, and the engagement of the Board with the institutional investors.

Then, the Committee has supported the Board of Directors in defining a set of amendments to the Corporate Bodies and Committees Regulation, among them the following are underlined:

the provisions concerning the call of both Board's and Committees' meetings, as well as the put at disposal of the relevant documentation relating to proposals and of the information necessary for Directors to express their opinions in an informed manner on the topics under deliberation, have been amended to ensure respectively that the notice of the call is sent out, via proper means, as a rule, at least 3 working days prior to the Board meeting, unless the situation is an emergency, and that the relevant documentation and information are made available to the Directors and the Board of Statutory Auditors within the same timescale, that may be reduced due to justified reasons. With specific reference to the Related-Parties Committee the possibility, in the event of emergencies involving transactions falling within the decision-making duties of the Board of Directors, of convening a meeting at least 12 hours in advance, has been introduced;
within the role of the Chairman of the Board of Directors, a specific provision has been introduced to highlight the ability of heads of corporate control functions to direct access the Board of Directors, when necessary, even through individual meetings with the Chairman of the Board;
the rules dealing with the functioning and the attendance in the Committees meetings of persons who are nonmembers, including inter alia the Board of Directors' members and any independent external expert have been reviewed. For the Remuneration Committee, the cases requiring for a necessary attendance of an external expert were clearly provided. A general rule according to which each Committee, if necessary, may submit proposals to amend or add to the provisions of the Regulation governing Committees has been introduced;
the provisions concerning the Related-Parties Committee and the Internal Controls & Risks Committee have been amended also following the decision to assign the latter the task of supporting the Board on matters pertaining to investments in non-financial equity, which previously fell within the scope of Related-Parties and Equity Investments Committee, whose name was updated accordingly.

Furthermore, in view of the renewal of the Board of Statutory Auditors for the 2019 – 2021 financial years, the Committee has supported the Board in resolving on the assignment to the Board of Statutory Auditors of the Supervisory Body functions pursuant to the Legislative Decree no. 231/2001, and, in light of the complexity of the current Italian and European regulations concerning the corporate officers' requirements, in defining in advance a theoretical profile for the Board of Statutory Auditors, that - although there is no specific provision on that regard could facilitate the best choice of candidates to be presented at the April 2019 Shareholders' Meeting.

Moreover the Committee has also overseen events / processes regarding internal governance such as the selfevaluation process of the Board of Directors, the checking of the correspondence between the composition of the Board as resulting from the appointment process and the theoretical profile approved by the Board itself, the checking of the meeting of the requirements envisaged by the national and European provisions for the corporate officers and, in particular, of the independence requirements, the abidance by the current provisions regarding interlocking directorates, as well as the HR strategies with a special focus on the Leadership Pipeline.

Within the issues concerning sustainability, the Committee has overseen the activities aimed to ensure a proper procedure for the data collection for the drafting of the Integrated Report, against both the internal and external controls envisaged by current provisions, as well as those focused on the increasing of the integration of sustainability issues and on the field of business ethics.

The Committee has been able, through its Chairman, to access all the information and corporate functions as required for performing its duties, and for this purpose relied on the support of the Company's head office structures as well as, when deemed, of outside consultants.

5.3 Remuneration Committee

For the information requested with regards to the set-up, tasks and functioning of the Remuneration Committee, please refer to the paragraph "Remuneration Committee" of the "Annual Compensation Report" published, within the "2019 Group Compensation Policy", according to Section 123/ter of the TUF, to Section 84/quater of the CONSOB Issuers Rules (lastly modified by resolution no. 18214 of May 9, 2012) and to the provisions set forth at Title IV, Chapter 1, Table 15 of Banca d'Italia Circular no. 263.

5.4 Related-Parties Committee

The Related-Parties Committee ("Related-Parties and Equity Investments Committee until October 18, 2018), set up according to the CONSOB Regulation no. 17221/2010 and the Banca d'Italia Circular no. 263/2006 (Title V, Chapter 5), oversees issues concerning transactions with related parties as well as risk activities and conflicts of interest involving associated parties, carrying out the specific role attributed to independent directors by the aforementioned provisions. Furthermore, it carries out any other duties assigned to it within the Global Policy on transactions with related and associated parties, applicable from time to time.. ¹⁵

¹⁵ The address of the UniCredit website where the Global Policy Transactions with related parties, associated persons and corporate officers ex section 136 of the TUB is available is the following:

https://www.unicreditgroup.eu/en/governance/related-parties-and-associated-persons.html

Board of Directors internal Committees

Until October 18, 2018, the Committee has also carried out the competences on equities investments hold by banks and banking groups that the Circular no. 285/2013 issued by Banca d'Italia entrust to independent directors and that the Board of Directors has then assigned to the Internal Controls & Risk Committee.

Composition

The Related-Parties Committee consists of 3 Directors, who qualify as independent pursuant to the Corporate Governance Code.

The composition of the Related-Parties Committee as of March 5, 2019, is the following: Mr. Cesare Bisoni (Chairman), Mr. Vincenzo Cariello e Mr. Stefano Micossi.

Roles and Responsibilities

The Related-Parties Committee operates on a consultative and proposition-making basis. Pursuant to the current provisions, the Committee, in particular, is in charge of:

formulating prior, motivated and binding opinions for the purposes of the Board of Directors' resolution on the suitability of the internal procedures and their subsequent updates to achieve the objectives established by the external regulatory environment;
formulating prior and motivated opinions, when expressly required, in the event of transactions with members of the Perimeter of the persons in conflict of interest (so-called "Perimetro Unico")¹⁶ carried out either directly or indirectly by UniCredit, concerning the Company's interest in the performance of such transactions, as well as the profitability and substantial correctness of the conditions of said transactions;
becoming involved in the event of transactions of "greater significance", if deemed necessary by the Committee, through one or more delegated members - in the negotiation phase and in the preliminary phase through the reception of a complete and timely information flow with the right to request information and issue observations to the delegated bodies and the persons in charge of carrying out the negotiations or the preliminary phase.

The Company's competent offices ensure a constant monitoring of transactions envisaged by the procedures for the identification and management of transactions with related and/or associated parties, also in view of enabling the Committee to propose corrective actions.

Operations

For each individual transaction, Committee members must be different from the counterparty, its associated parties and/or any entities related to it.

If a Committee member is a counterparty to the transaction under examination (or is related/associated with the counterparty), he/she must promptly inform the Chairman of the Board of Directors and the Committee Chairman (provided he/she is not in a conflict of interest situation), and abstain from attending further Committee proceedings with regard to the transaction in which the relationship exists. Having consulted with the Committee Chairman (provided he/she is not in a conflict of interest situation), the Chairman of the Board of Directors shall immediately take steps to replace the member who has this conflict of interest with another member from the Board of Directors who qualifies as independent pursuant to the Italian Corporate Governance Code for listed companies, after contacting them beforehand, in order to restore the Committee to three non-related and non-associated independent Directors.

¹⁶ The subjects at Group level to whom are applied, as a whole, the procedures envisaged by the Global Policy Transactions with related parties, associated persons and corporate officers ex section 136 of the TUB, pursuant to both the CONSOB resolution no . 17221/2010 and the Banca dì'Italia Circular no. 263/2006 (Title V, Chapter 5).

For transactions that need to be finalised urgently and require the intervention of the Related-Parties Committee during negotiations and due diligence and/or during the issue of opinions, having acknowledged the urgency and noted that the majority or all members are unable to meet or carry out the required activities in time to conclude the transaction, the Committee Chairman shall promptly inform the Chairman of the Board of Directors of this situation. In any event, these circumstances must be communicated no later than the day after the Committee Chairman was informed that the majority or all Committee members were not available. Having consulted with the CEO and determined that the transaction cannot be delayed, the Chairman of the Board of Directors immediately takes steps to find three Directors to sit on the Committee and follow the process for temporary substitutions in the event of conflicts of interest.

Activities performed

In 2018, the Related-Parties Committee held 15 meetings (on average, each Committee meeting lasted 63 minutes).

In 2018, at the invitation of the Committees' Chairman, managers and personnel belonging to the Company and the Group attended the Committee meetings for the discussion of the Agenda items that concerned matters within their competence.

The Board of Statutory Auditors attended to the Committee's meeting of February 27, 2018, in order to give an indepth analysis and a mutual exchange on the updating proposal of the "Global Policy for the management of transactions with persons in conflict of interest".

In 2018, the Committee was supported by external independent consultants in two occasions.

In 2018, the Committee issued three opinions with regard to transactions with related parties and/or associated parties managed in UniCredit and/or Group Companies. Furthermore, the Committee examined, with the same frequency as the Board of Directors, the reports on transactions with related and/or associated parties on the coverage level of the "Perimetro Unico" and the actions taken in order to guarantee a complete recording, as well as the quarterly reports drawn up by the Group Risk Management and the Group Lending functions on matters falling within their areas of competence.

On February 27, 2018, the Committee also expressed its favourable opinion on the proposed yearly amendments to the "Global Policy for the management of transactions with persons in conflict of interest", and, on July 31, 2018, on the proposal of not reviewing the "Global Policy for the internal controls on risks activities with persons in conflict of interests". It also should be noted that, in second half of the 2018 year, the competent structures have carried out an activity finalized to review and systemize the internal regulation on related parties and risk activities and conflict of interest to associated parties in a unique framework. Such activity ended on February 6, 2019, with the approval by the Board of Directors of the new Global Policy Transactions with related parties, associated persons and corporate officers ex section 136 of the TUB, following the required opinions from the Related-Parties Committee and the Board of Statutory Auditors.

With regard to equity investments, until October 18, 2018, the Committee examined the results of the quarterly monitoring of prudential supervisory limits and of the half-year monitoring of the risk/profitability profile of investments in non-financial equities, in terms of appropriateness and consistency with the Group strategies. Starting from October 18, 2018, the above-mentioned activities have been assigned to the Internal Controls & Risks Committee.

In 2018, the Committee's members met with the Board of Statutory Auditors' members in order to exchange information, in view of integrated governance.

For 2019, 12 meetings have been planned for the Related-Parties Committee. As at March 5, 2019, 2 meetings have been held.

Directors' remuneration

For the information requested with regards to the compensation for the Executive Directors, the Non-Executive Directors and the Executives with Strategic Responsibilities and for those concerning the Indemnities to Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (as per Section 123/bis, sub-section 1, letter i), of the TUF), please refer to the Chapter "Compensation to Directors, Statutory Auditors and Executives with Strategic Responsibilities" of the "Annual Compensation Report" published - within the "2019 Group Compensation Policy" - according to Section 123/ter of the TUF, to Section 84/quater of the CONSOB Issuers Rules (lastly modified by resolution no. 18214 of May 9, 2012) and to the provisions set forth at Title IV, Chapter 1, Table 15 of Banca d'Italia Circular no. 263.

Directos' interest and related-parties transactions

Risks arising from the transactions with persons in potential conflict of interest are governed, inter alia, by the Regulation adopted by CONSOB through its resolution no. 17221 dated March 12, 2010 (and subsequent updates), by the regulations on "Risk activities and conflicts of interest with associated parties" provided for by Title V, Chapter 5 of Banca d'Italia Circular no. 263 dated December 27, 2006, the "New Supervisory Regulations for the prudential supervision of banks" and following amendments as well as by the regulations for the obligations of Banks' corporate officers pursuant to Section 136 of the Legislative Decree no. 385 dated September 1, 1993.

In that regulatory framework, the UniCredit Board of Directors – with the unanimous favourable opinions of the Related Party Committee and of the Board of Statutory Auditors– on February 6, 2019 adopted the Global Policy Transactions with related parties, associated persons and corporate officers ex section 136 of the TUB - available on the UniCredit website -with the aim to define principles and set rules for the control of risks arising from possible conflicts of interest caused by the close ties certain parties have with bank decision makers.

The Global Policy – intended as an organic abridgement aimed at unifying the governance aspects and the areas of enforcement, as well as the procedural and organizational aspects (due to the significant similarities between the regulations concerning the CONSOB related parties and those concerning the associated parties) – details the provisions to be complied with in the management of transactions with persons in potential conflict of interest as defined by the above mentioned regulations.

Here below is the list of the enforcement areas taken into consideration by the mentioned provisions which have been jointly dealt with in the Policy:

governance issues and connected roles of the Board of Directors, the Related-Parties Committee and the Board of Statutory Auditors;
organizational structures for overseeing and managing the transactions with CONSOB related parties and with the associated parties;
perimeter of the CONSOB Related Parties and of the Banca d'Italia associated parties;
criteria for identifying and detecting the transactions with related parties and with associated parties, including those of Greater Relevance;
cases of exemption set out by the CONSOB Regulation and by the Banca d'Italia provisions and those set out by UniCredit according to the powers provided for by the mentioned provisions;
procedures for the arranging and approving of transactions with related parties and with associated parties;
checks and rules for the adoption of the Policy within the Group.

Taking into consideration the peculiarities which characterize the mentioned provisions, references are also provided on the following as well:

disclosure and transparency obligations provided for by CONSOB with reference to transactions with related parties;
risk activities with associated parties pursuant to the Banca d'Italia in terms of supervisory reporting;
monitoring of the prudential limits and risk appetite levels on associated persons.

The Global Policy, in the version at the time in force, is available on the UniCredit website¹⁷ .

* * *

The compliance with the legal requirements concerning the interests of company Directors and related-parties transactions being unaffected, the Company, through the Global Policy, also has to comply with Section 136 of the Legislative Decree no. 385/93 concerning obligations of banks' corporate officers, according to which such officers

¹⁷ The address of the UniCredit website where the single Global Policy Transactions with related parties, associated persons and corporate officers ex section 136 of the TUB is available is the following:

https://www.unicreditgroup.eu/en/governance/related-parties-and-associated-persons.html

cannot take on any obligation, directly or indirectly, with the bank they manage, direct or control, unless it is approved unanimously by the supervisory body, without the person concerned voting, and with the favourable vote of the members of the controlling body. Accordingly, corporate officers are required to report the names of individuals or companies with whom their entering into relations might constitute an indirect obligation substantially referable to the corporate officers.

In the event of a transaction with a related party, being also a bank's corporate officer or a party related to such, the same falls under the provisions of the above Section 136 and the respective procedure. In such an event, the Related Parties Committee must be assured a preventive, timely and complete flow of information, according to the specific methods envisaged for transactions of greater or lesser relevance.

Internal controls and risks management system

The internal controls system is an essential element of the overall governance system of banks. It plays a central role in their organization and can ensure an effective management of risks and of their interrelations, in order to ensure that the activities carried out will be in line with the corporate strategies and policies as well as founded on sound and prudent management principles.

An effective and efficient internal controls system is, in fact, a prerequisite for the creation of value in the mediumlong term, for safeguarding the quality of the activities, for a correct risk perception and for an appropriate allocation of capital.

The UniCredit Group internal controls system is based on:

control bodies and functions, involving, in particular, each one within its respective competence, the Board of Directors, the Internal Controls & Risks Committee, the Chief Executive Officer as Director in charge of the internal controls and risks management system, the Board of Statutory Auditors, as well as the corporate functions with specific tasks to that regard;
information flows and coordination procedures among the parties involved in the internal controls and risks management system;
Group Governance mechanisms.

8.1 Bodies and functions

The Board of Directors and the Internal Controls & Risks Committee

The guidelines of the internal controls and risks management system are defined by the Board of Directors verifying its consistency with the strategic orientation and risk appetite established by the same. In that way, the Board can guarantee that the main risks are properly identified, as well as measured, managed and monitored in the appropriate manner, taking into account how they evolve and interact, and, furthermore, establishing criteria for the compatibility of such risks with a sound and prudent management.

In that context, on a yearly basis the Board of Directors defines and approves the Group Risk Appetite Framework, consistently with the timeline of the Budget process and the definition of the financial plan, in order to guarantee that the business develops within the desired risk profile and in accordance with national and international regulations.

The Risk Appetite Framework for 2018 summarizes the Group's desired risk profile with the identification of the significant risks to which the Group is exposed through the definition of the reference thresholds for the following indicators:

First Pillar indicators in order to ensure at any time compliance with the requirements of the Supervisory Authority (for example, the Common Equity Tier 1 Ratio, Liquidity Coverage Ratio);
Management indicators, to monitor the evolution of key variables from a both strategic and Risk Appetite point of view (for example, Exposure to Stressed Loans, Profitability);
Specific indicators to ensure control of certain risks (e.g. Market, Operating, Liquidity, Interest Rate).

In 2018, the Board approved the new Group Risk Appetite Framework for 2019, enhanced in order to strengthen the control over the Group risk profile vis-à-vis external commitments, in continuity with the new Multi Year Group Plan. The Risk Appetite for 2019 has been defined with the aim to support the sound growth embedded in the Multi Year Plan, while keeping a prudent risk management strategy for the Group.

The Group Risk Appetite Framework has to be consistently implemented in the relevant Group Legal Entities. The Risk Appetite Framework includes not only the list of the relevant metrics but also the relevant targets, triggers and limits: i) the targets represent the amount of risk the Group is willing to take on in normal conditions and are the

reference thresholds for the development of the business, ii) the triggers represent the maximum acceptable level of deviation from the defined target thresholds. They are set so as to assure that the Group can operate, even under stress conditions, within the maximum level of acceptable risk; trigger breaches will be notified to the Group Risk & Internal Control managerial committee and the Board of Directors; iii) the limits are hard points that represent the maximum level of risk acceptable for the Group; in case of limit breaches, the Board of Directors has to be involved in the evaluation of, and decision on, possible corrective measures.

The Board of Directors is supported by the Internal Controls & Risks Committee in its assessment and decisionmaking activities relating to the internal controls and risks management system.

The UniCredit Board of Directors, within its jurisdiction, approves the establishment of the corporate control functions, defining the relevant roles and responsibilities, forms of coordination and collaboration, and the information flows between them and the corporate bodies. Additionally, through the support of the Internal Controls & Risks Committee, it draws up the coordination documents envisaged on the subject by Circular no. 285 issued by Banca d'Italia, and has given mandate to the CEO to execute the directions of the same Board through the design, management and monitoring of the internal controls and risks management system. Within that scope, the Board of Directors makes sure that the corporate control functions are stable and independent, and that they have access to all Bank and Group companies' activities and any data relevant to performing their respective duties.

At least once in a year, based on the opinion of the Board of Statutory Auditors, the Board of Directors assesses the adequacy of the organizational structure and the number and skills of the staff operating in the compliance function (Group Compliance) and in the risk management function (Group Risk Management). Furthermore, the Board resolves on any possible adjustments necessary in the organization and staffing of the internal audit function (Internal Audit).

Moreover, the Board of Directors approves the definition of the following strategies.

Credit Strategies

Within the Basel Second Pillar, the Group Credit Risk Strategies represent an advanced credit risk management instrument, aiming at the consistency between budget targets and the Risk Appetite Framework. Considering the macroeconomic and credit scenario, the managerial initiatives and the industry expert view, the Credit Strategies provide a set of guidelines and operative targets by Countries and business segments in which the Group operates, aiming to identify the desired risk profile and the business lines positioning, in order to allow a growth consistent with the Group Risk Appetite Framework and to minimize the overall credit risk impact without precluding profitable business opportunities.

Market Risk Strategies

The UniCredit "Group Financial Risk" function manages, at a Group level, the overall setting of limits concerning the Group's financial risks (i.e. liquidity, interest rate, market, counterparty and trading credit risks).

To that end, the Holding Company's "Group Financial Risk" function acts in strict coordination with:

the Legal Entities' Market Risk functions, entitled, in accordance with the Group business model, to take on exposures to market risks either in the trading or in the banking book and liquidity. The relationship among the Market Risk functions within the overall process of negotiating operational limits together with the business functions, is aimed at ensuring consistency of the mentioned limits with the assigned budget, with regard to the dynamics related to risk indicators, based on historically observed realizations, to expected market developments and proposed business initiatives, within the defined overall business model;
the Risk Management function "Risk Appetite & Integrated Risk Analysis" in charge of the Group Risk Appetite, with the aim of verifying the limits impact on Regulatory and Economic Capital within an iterative process finalized to ensure the limits consistency with the capital allocation approved at Group level, taking into consideration the income goals defined in the annual and strategic plans.

Internal controls and risks management system

The UniCredit Board defines the guidelines for the internal controls system verifying its consistency with the established strategic orientations and risk appetite as well as its capacity to detect the evolution of the corporate risks and their mutual interaction, ensuring that the main risks are properly identified, as well as measured, managed and monitored in the appropriate manner, through the Internal Controls & Risks Committee activities, in particular, on the basis of:

the reports by the corporate control functions' Heads: the compliance function (Group Compliance), the risk management function (Group Risk Management), the internal audit function (Internal Audit), the anti-money laundering function (Group & Italy Anti-Money Laundering) and the validation function(Group Internal Validation);
the information by the Manager charged with preparing the company financial reports in compliance with the International Accounting Standards and with the relevant regulations for the purposes of preparing the consolidated financial statements;
any useful information related to the monitoring of the overall corporate risks provided by the relevant Company structures and / or the by the firm charged with the statutory accounting supervision;
a structured annual process of internal controls system evaluation, carried out by the Chief Executive Officer with the Management support (Group ICS Management Evaluation) and coordinated, at Group level, by the Group Processes Methodology & ICS Initiatives (evaluation further to the one already performed on the internal controls system by the Internal Audit function and by the other control bodies and functions).

Within that scope, the Board approves the guidelines for audit activities, providing oversight to ensure that the Internal Audit function implements the orientations concerning the undertaking of third-level controls. Furthermore, on at least an annual basis, approves the activity programme including the yearly audit plan prepared by the Internal Audit function and examines the annual reports prepared by the corporate control functions. Moreover, it approves the multi-year audit plan.

Moreover, the Board ensures that the internal controls system and corporate organization are constantly harmonized with the principles enshrined in laws and regulations as applicable at that time, verifying at least yearly the adequacy, effectiveness and proper functioning of the internal controls and risks management system; should shortcomings or discrepancies emerge, promptly fostering the adoption of appropriate corrective measures, whose efficacy should subsequently be assessed.

Director in charge of the internal controls and risks management system

The Board of Directors' authority regarding the establishment of the corporate control functions and the definition of the related roles and responsibilities remaining firm, the Chief Executive Officer, as Director appointed by the Board, manages the internal controls and risks management system, with the support of the competent functions:

(i) identifying the Company's risks and submitting them to the Board of Directors. To that end, he must have a deep knowledge of all the corporate risks and, within the perspective of an integrated management, of their reciprocal relationships taking into account the evolution of the external context (including the macro-economic risk);
(ii) putting into practice the strategic guidelines, the RAF and the risk management policies defined by the Board by planning, managing and monitoring the internal controls and risks management system. When supervising those activities, the Chief Executive Officer is formally supported by the Group Risk & Internal Control managerial committee (which he chairs): in the session focused on "the management and supervision of the internal controls system", whose Deputy Chairman is attributed to the Co-Chief Operating Officer responsible for IT & Operations, Security and Internal Control, are addressed the topics related to the internal controls system as well as the remediation plans linked to them; in the session focused on "risks", whose Deputy Chairman is the Group Chief Risk Officer, are discussed topics related to the management and monitoring of risks.

The Chief Executive Officer is responsible for taking all necessary steps to ensure the compliance of the organization and internal controls system with the principles and requirements envisaged by current legal provisions.

Furthermore, on a continuous basis, with the assistance of the competent functions (as well as taking directly part in specific Managerial committees aimed at overseeing and/or controlling risks), he supervises the proper management of the overall corporate risks and the adequacy, effectiveness and efficiency of the related protective structures, also by means of the definition of proper policies for the management of such risks. To that end, he facilitates the dissemination at all levels of an integrated risk culture in relation to the different types of risks.

With specific reference to the risk of non-compliance, the Chief Executive Officer ensures, with the support of the Compliance function, the effective management of the mentioned risk, also providing appropriate policies and procedures for compliance with local regulations to be abided by the Bank, ensuring, in the case of violations, that the necessary remedies have been put in place and outlining information flows to ensure the competent corporate bodies of the Bank a full awareness on how to manage the risk of non-compliance. With the support of the Compliance function, the Chief Executive Officer identifies and evaluates, at least once a year, the main compliance risks to which the Bank is exposed and plans the associated management measures, as well as reports, at least once a year, to the Board of Directors and the Statutory Auditors on the adequacy of the non-compliance risk management.

The Chief Executive Officer takes part, as a permanent guest, in the Internal Controls & Risks Committee meetings. As part of these meetings, the Chief Executive Officer reports to the Committee on issues pertaining to items on the Agenda, including clarifications when necessary and following up on any requests for close examination by the Committee itself.

As for the third-level controls carried out by the Internal Audit function, the Chief Executive Officer is informed of the guidelines of auditing activities, may make suggestions in order to integrate the annual control plan and may request specific auditing actions not foreseen by the annual plan.

Within such field, the Chief Executive Officer makes sure that the Board of Directors has an effective and permanent dialectic exchange, also with the support of the corporate functions which refer to him as Head of the internal structure, in order to allow him to review the choices and decisions adopted by them during the course of time. To that end, the Chief Executive Officer receives from the corporate functions the information necessary to ensure the supervision required by his role, mainly during the managerial committees which he attends as Chairman or for those which he is not a member of, through specific and systematic information flows.

Moreover, he promotes the initiatives and actions necessary in order to ensure the continuing completeness, adequacy, working and reliability of the internal controls system and reports the outcome of the checks carried out to the Board of Directors, arranging and carrying out the necessary corrective and implementing actions should there emerge deficiencies or anomalies, or in case new relevant products, activities, services and processes are introduced.

Board of Statutory Auditors

The UniCredit Board of Statutory Auditors is responsible for overseeing the completeness, adequacy, working and reliability of the internal controls system and the RAF as well as the risks management and control process. With regard to the variety of corporate functions and structures having, within the Company, control roles and responsibilities, the Board of Statutory Auditors shall verify the efficacy of all structures and functions involved in the controls system, the proper performance of the duties and the proper coordination of the same, promoting the corrective actions aimed at remedy any shortcoming and irregularities detected.

The Board of Statutory Auditors, making use of the contribution of the corporate control functions, supervises – within the more general review activity of the risks management process – the abidance with the provisions concerning the ICAAP process as well as the completeness, adequacy, working and reliability of the advanced internal risks measurement systems for the determination of the capital requirements as well as their consistency with the requirements envisaged by the provisions on the subject.

Internal controls and risks management system

The Board of Statutory Auditors supervises the financial disclosure process and the compliance with the provisions on the disclosure of non-financial information, the external auditing of the annual individual and consolidated accounts, the independence of the external audit firm, in particular as far as regards the carrying out of non-auditing activities, periodically meeting the external audit firm for the reciprocal exchange of information.

With specific regard to the assignment to the Board of Statutory Auditors also of the Supervisory Body functions pursuant to the Legislative Decree no. 231/2001, it should be noted that, on its February 6, 2019 meeting, the UniCredit Board of Directors has resolved on entrusting said tasks to the control body starting from its renewal for the 2019-2021 financial years. Until the Board of Statutory Auditors' next renewal, it is maintained the previous setup, providing that these functions have been entrusted to a specially constituted independent body, made up by external members and executives in "apical" positions with guidance, support and control functions (see following paragraph 8.5 Organization Model as per Legislative Decree no. 231/2001).

The Board of Statutory Auditors takes care of the establishment of appropriate functional links with the Internal Controls & Risks Committee for the conduct of joint activities of the two bodies, in accordance with their specific skills. The Board of Statutory Auditors also exchanges information in view of an integrated governance with the Members of the Related-Parties Committee.

Control functions

The types of controls in UniCredit - in compliance with current law and drawing inspiration from the international best practices - are structured on three levels:

line controls (so-called first-level controls), in charge of the corporate functions responsible for business / operational activities, as well as by a dedicated structure (Internal Controls Italy), which supports the Co-Heads Italy as head of the first level operational controls system, including those under "special laws" regime, with regard to the related structures / activities;
risk and compliance controls (so-called second-level controls), in charge of the Group Compliance and Group Risk Management functions, each one for matters of their respective competence;
internal audit (so-called third-level controls), in charge of the Internal Audit function.

As per Banca d'Italia Circular no. 285, the corporate control functions also include the anti-money laundering function and the validation function, that are set up within the Group Compliance and the Group Risk Management respectively.

The Compliance, Risk Management and Internal Audit functions are separated and hierarchically independent from the corporate functions that carry out the activities subject to their controls.

For the 2018 year, according to the Circular no. 285 issued by Banca d'Italia, the HR function also has been qualified as a corporate control function only with regard to remuneration and incentive policies and practices issues. On the basis of the 25th update in October 23, 2018 of the same Circular, the above mentioned provision is amended not considering HR¹⁸ any longer as a corporate control function, starting from 2019.

¹⁸ Human Resources function provides its own support to the compliance function, ensuring, inter alia, the coherence between human resources management policies and procedures and bank remuneration and incentive systems

The Compliance function

The mission of the Holding Company Compliance function is to govern the management of the Compliance risk as well as to assist the Group, its Management, the corporate bodies and employees in carrying out their activities in compliance with mandatory rules, internal procedures, best practices as well as ethical standards and to help safeguard the Group's franchise, reputation as well as upholding its values.

The Compliance function of the Bank and of the Group's companies is independent, with human and technological resources qualitatively and quantitatively adequate to the task, who directly relates with the Senior Management and the corporate bodies, who has access to each corporate information and that participates in decisional processes, and when necessary, is able to submit any problem directly to the higher hierarchical levels.

The UniCredit Compliance function in relation to the assigned responsibilities:

defines and develops (monitoring both the implementation of, and abidance by) the Group Compliance Rules, the procedures, methodologies, training and, in particular, minimum compliance standards to be followed and implemented within the Group;
analyses and interprets the Italian, EU and international regulations and issues, when needed, interpretative notes / proactive advice notes and issues opinions and pre-emptive evaluations, for topics in scope;
defines and develops the Compliance yearly plan as well as monitors and periodically reports its progress to Group corporate bodies;
identifies the risk of non-compliance for the regulations falling within the scope of its competence, monitors and assesses the above risk, identifies the mitigation actions and monitors their implementation;
together with other relevant functions, relates to the Authority (e.g., takes part in consultations, provides assistance in preparing comments on proposed legislation, is the link between the Authority and the structures of the bank as a result of specific requests and inspections);
provides the UniCredit Senior Management with a general overview on the trend of non-compliance risks within the Group.

With reference to the Banca d'Italia provisions, within UniCredit S.p.A. the Compliance model for the supervision of the non-compliance risk with reference to all company activities (except for regulatory areas within the perimeter of the Group Risk Management Department) is applied directly ("Presidio Diretto") by the structures belonging to the Compliance function on most relevant regulations with regards to non-compliance risk like the ones concerning banking and financial activities, conflicts of interests management, transparency to customers and consumer safeguard regulation; as far as other regulations are concerned and with reference to only UniCredit S.p.A., Compliance monitors indirectly ("Indirect Model")¹⁹ by providing/validating the methodology and procedures for the assessment of the non-compliance risk to the so-called "Specialized Structures", set up within other company functions and working on specific regulatory areas²⁰. The Compliance function verifies over the time, on the basis of the outcome related to their activities, that such "Specialized Structures" work following the methodology and the procedures provided and draws up the summary reports for corporate and controlling bodies of UniCredit S.p.A..

The Compliance model at group level is structured in the following levels:

• Compliance of UniCredit, has a direct role, support, management of the local compliance, and has monitoring and controlling authority in relation to the overall Compliance Plan in order to ensure the consistent application of Compliance standards across the Group.

Within this structure, have been identified the following roles:

Chief Compliance Officer, who performs general oversight activities on all Group Companies both through a connection with Country Compliance Heads, where appointed, and with Local Compliance Heads, with the Group Compliance Coordinators' support moreover, also through a managerial management of Local Compliance Heads. The Chief Compliance Officer of UniCredit is Mr. Carlo Appetiti who has been appointed

¹⁹ In force only for the Group's Italian banks including UniCredit starting from July 8, 2014.

²⁰ For an example, please refer to the tax provisions.

Internal controls and risks management system

by the UniCredit Board of Directors, after the opinion of the Board of Statutory Auditors, and is endowed with the necessary autonomy, independence from the operating structures, as required by current regulations;

Group Compliance Coordinators who, also through a managerial management of Local counterparts, are in charge of ensuring a group consistent approach in their areas of competence, providing services across the Group and dealing with cross-border issues;
Country Compliance Heads ensure that all companies which are active in a certain Country (jurisdiction) are overseen by Compliance in the most effective way, in compliance with local laws and on the basis of a consistent approach. The decision to implement the model of Country Compliance has to be previously agreed between the Chief Compliance Officer and the local Compliance Heads who can decide that the presence of a compliance function at country level is necessary as per the type and complexity of activities performed or services provided by the Company and on its size;
Local Compliance has the responsibility to locally oversee, at a single company level, the non-compliance risk in accordance with relevant Group standards.

The Risk Management function

On September 21, 2017, the Board of Directors has approved a proposal to change the organisational structure of the Group's risk management and lending activities to further strengthen the effectiveness of risk controls, improving the focus of the risk organisation and enforcing the independence of control vis-a-vis the operating businesses. In line with the evolving regulatory requirements and to create a better risk organisation, UniCredit has separated the risk management and the credit related operational function, named Lending.

In particular, the mission of the Risk Management function, i.e. the Group Risk Management structure, is to:

optimise the quality of the Group's assets, minimizing the cost of risk in accordance with the risk/profitability goals set for the business areas;
ensure the strategic steering and definition of the Group's risk management policies;
define and supply Heads of the Divisions, Business Units and Legal Entities with the criteria for assessing, managing, measuring, monitoring and communicating risks. It also ensures that the procedures and systems designed to control risks at Group and at individual Entity level are consistent;
help build a risk culture across the Group by training and developing highly qualified staff, in conjunction with the competent Chief Operating Officer functions;
help find ways to rectify asset imbalances, where needed in conjunction with Planning, Finance, Shareholding and Investor Relations;
help the Divisions / Business Units to achieve their goals, inter alia, by assisting in the development of products and businesses (e.g., innovation of credit products, competitive opportunities linked to Basel accords);
support the CEO in defining the Group Risk Appetite proposal, to be shared in the Group Risk & Internal Control Committee and submitted for approval to the Board of Directors, as preliminary and preparatory step for the yearly and multi-yearly budget plan pertaining to Planning, Finance, Shareholding and Investor Relations. The Group Risk Appetite includes a series of parameters defined by the Chief Risk Officer, with the contribution of the Group Chief Financial Officer and other relevant Group functions, within the scope of their competence; each parameter can be complemented by limits and triggers proposed by the Chief Risk Officer²¹ and targets proposed by Planning, Finance, Shareholding and Investor Relations and/or by the relevant Group functions, each respecting their mission and internal regulations. The Group Chief Risk Officer is responsible for ensuring the overall coherence of the proposed parameters and values. Furthermore, the Group Chief Risk Officer is responsible for ensuring the CEO and the Board of Directors the coherence of the Group Risk Appetite with the Group strategic guidelines, as well as the coherence of the budget goals with the Group Risk Appetite setting and the periodical monitoring of the RAF. Planning, Finance, Shareholding and Investor Relations remain responsible for monitoring the performances of the Group and of the business functions, in order to identify possible underperforming areas and the related corrective measures.

²¹ Possible triggers and limits on profitability parameters must be agreed between Chief Risk Officer and Chief Financial Officer.

The Risk Management function drafts specific information flows in order to ensure the full knowledge of the Group's risks exposure and the underlying factors, as well as the trend of significant variables included in the Risk Appetite Framework. Such information, conveyed to the CEO also through his participation to the managerial committee Group Risk & Internal Control that the CEO chairs (also in view of the drafting of the proposals / reports by the Chief Executive Officer for the Board of Directors), mainly relates to the topics summarized below:

Information regarding the Group Risk Appetite, Strategies and governance of various risks, liquidity adequacy (ILAAP) and capital adequacy (ICAAP);
Periodic reports concerning different risks types and related limits;
The risks control framework, including the initial approval and the approval of substantial changes in the risks measurement and control systems and the annual evaluation of the functionality, adequacy and compliance with the regulatory requirements concerning the risks measurement and control systems on the basis of the reports of the internal validation function;
Guidelines for the management of distressed assets and the economic effects arising from potential asset disposals.

The UniCredit Group Chief Risk Officer is Mr. Thiam Joo Lim.

The Internal Audit function

The UniCredit Internal Audit function, which reports to the Board of Directors, steers, coordinates and monitors the Group's Internal Audit activities, and performs third level control activities as well as on-site inspections on the Parent Company and on the Group's Legal Entities which outsourced the internal audit activities to UniCredit ("inservice company"). In addition, it can conduct on-site visits on any Legal Entity, as Group Internal Audit function.

The Internal Audit function acts in compliance with the Internal Audit Group Charter which defines its mission, responsibility, organisational structure, tasks and powers.

The Internal Audit is also an independent function and is an integral part of the internal controls system and carries out an assurance and consulting activity in order to evaluate, add value and improve the internal controls system of UniCredit and the Group.

Internal Audit complies with the International Professional Practices Framework (Definition of Internal Audit, Core Principles for the Professional Practice of Internal Auditing, Code of Ethics and International Standards).

The Officer in charge of the Internal Audit function

The Board of Directors has exclusive competence – based on the proposal made by the Internal Controls & Risks Committee, as well as after hearing the Board of Statutory Auditors – for the appointment and the revocation of the officer in charge of Internal Audit.

The Head of Internal Audit is Ms. Serenella De Candia, who reports, directly or through the Internal Controls & Risks Committee, to the Board of Directors at least once a year, and, in particularly important cases, at the next available meeting, with regard to the adequacy, effectiveness and efficient functioning of the internal control system.

The Head of the Internal Audit function is charged with no operational areas and reports hierarchically to the Board of Directors.

In addition, the Board of Directors has exclusive competence, after the opinion expressed by the Internal Controls & Risks Committee, for determining the variable part of the remuneration of the Head of the Internal Audit function, based on criteria and parameters not connected to the performance of the Bank.

Internal controls and risks management system

In compliance with the Internal Audit Group Charter, the Head of the Internal Audit function performs the following activities:

develops and executes an annual audit plan and a multi-year audit plan using an appropriate risk-based methodology, taking into account emerging risks. In this context, it considers relevant organizational changes and projects identified by Senior Management and/or governing bodies. Both plans are submitted for approval to the Board of Directors after the examination by the Internal Controls & Risks Committee;
ensures an adequate Audit coverage, with a reasonable overview on expenses;
issues periodic reports to the Board of Directors, also through the Internal Controls & Risks Committee, summarizing the main results of audit activities;
performs special investigations, also on its own initiative, in UniCredit S.p.A. and within the Group, reporting the results to the Senior Management and to the governing bodies;
maintains a professional audit staff with sufficient knowledge, skills, experience and professional certifications to meet the requirements of the Internal Audit Group Charter;
reports to the Board of Directors the elements aimed at evaluating the Internal Audit performance including emerging trends and best practices in internal auditing;
ensures a fair and transparent communication with Regulators with reference to audit activities;
establishes a quality assurance and improvement program through which it could be possible to assess internal audit activities and promote professional development.

In particular, in order to provide the corporate bodies and the Senior Management with an overall assessment of the internal controls system, the Head of the Internal Audit function arranges a quarterly report. Such report includes not only an assessment of the internal controls system, but also summary information on the activities performed, on the main risks arisen and on the implementation status of Management action plans. An update on the progress status of the annual plan is also provided on a regular basis.

The detail of information flows sent by the Head of Internal Audit to the governing bodies is included in a dedicated Internal Regulation of the Bank.

The Head of the Internal Audit function arranges the Group Audit Plans, based on the Risk Assessment results, in compliance with the Group Audit guidelines. Group Audit Plans also takes into consideration the requests made by Regulators and corporate bodies.

The Internal Audit function is allowed unlimited access to all the corporate functions, records, minutes of all consultative and decision-making committees, ownership and staff of the Company by the Board of Directors.

The Head of the Internal Audit function has at its disposal also an appropriate annual budget submitted to the competent governing bodies for its approval.

In 2018 the Head of the Internal Audit function, pursuant to the guidelines approved by the Board of Directors, performed controls both on the central structure of the Parent Company and on its Subsidiaries, in line with the methodology provided by the Group Audit Regulation. In all cases deemed as particularly significant, in addition to the above mentioned periodic report, appropriate and timely information was sent to the corporate bodies. The Head of the Internal Audit function also played his steering, coordination and control role, ruling, coordinating and monitoring the audit activities carried out by the Group's Legal Entities Audit functions and continued updating the existing internal regulation framework in order to better support the audit process in the carrying out, reporting and monitoring phases.

In 2018 UniCredit had no total or partial outsourcing agreement of the Internal Audit function.

The Manager charged with preparing the company financial reports and other company roles and positions

The Manager charged with preparing the company financial reports is Mr. Stefano Porro, Head of the Group Administrative & Analytics Office Area of UniCredit.

In compliance with Clause 34 of the UniCredit Articles of Association, the Manager charged with preparing the company financial reports is appointed by the Board of Directors - subject to the mandatory favourable opinion of the Board of Statutory Auditors, and for a maximum term of three years - to carry out the tasks attributed to such role as per laws and regulations in force, establishing his/her powers, resources and remuneration; this person is chosen from among company executives possessing all of the following professional qualifications:

a) degree (or equivalent) in economics, business administration or finance, earned in Italy or abroad;
b) at least three years' experience as head of an internal structure devoted to the preparation of the financial statements, or as the Chief Financial Officer (or equivalent) of a listed Italian or overseas joint stock company (including UniCredit and its subsidiaries);
c) employment rank at the time of appointment as an executive or higher.

In performing his duties, the Manager charged with preparing the company financial reports may rely on the cooperation of all the UniCredit Group structures.

The Board of Directors ensures that the Manager charged with preparing the company financial reports is granted the powers and resources required to perform the duties attributed as per laws and regulations in force, and respects all the relevant administrative and accounting procedures.

The Manager charged with preparing the company financial reports issues the certifications and declarations, also jointly with the bodies delegated thereto, as per laws and regulations in force.

8.2 Financial reporting process, also on a consolidated basis

As regards to the main features of the internal control system in relation to the financial reporting process of consolidated and non-consolidated information, in accordance with the provisions of Section 154/bis of the Italian Legislative Decree no. 58/1998 ("TUF"), the Manager charged with preparing the company financial reports (in short the "Manager in Charge") of UniCredit draws up, and ensures the effective application, of adequate administrative and accounting procedures for the preparation of the UniCredit S.p.A. individual and consolidated financial statements.

The Manager in Charge, jointly with the CEO, through a relevant certification on the annual and consolidated financial statements and on the consolidated first half financial report, is required to certify:

the adequacy and effective implementation of the administrative and accounting procedures;
the compliance with the applicable international accounting standards recognized in the European Community under Regulation (EC) no. 1606/2002 of the European Parliament and of the Council dated July 19, 2012;
the correspondence with the content of accounting books and records;
the suitability to provide a true and fair view of the earnings and financial position of both the company and all the consolidated companies;
the inclusion in the management report of a reliable analysis of the results of operations, as well as the situation of the company and the undertakings included in the consolidation, together with a description of the main risks and uncertainties they are exposed to.

In order to fully comply with the regulatory requirements, the Board of Directors has approved a specific Global Policy - "Internal control system on financial reporting (Law no. 262/05– Manager in Charge)", in which general rules and a description of responsibilities and relationships between the Holding Company, the Sub-Holdings/CEE

Internal controls and risks management system

Reference Banks and the Companies belonging to the Group in the assessment of the status of the internal controls system over the Financial Reporting were provided , in compliance with the Italian Law on savings (Law no. 262/05).

Furthermore, both a Global Process Regulation - "Management of the certification process according to the Italian Law no. 262/05" and a Global Operational Regulation - "Management of the internal control system on Financial Reporting (Italian Law no. 262/05 – Manager in Charge)", governing the process and procedures for the application of the abovementioned general criteria, were approved and sent to the companies included in the consolidation scope and subject to certification according to the Italian Law no. 262/05, on the basis of the criteria from time to time resolved upon.

The Global Policy aims at ensuring the correct and complete Financial Reporting through:

the reinforcement and enhancement of the Corporate Governance in relation to risks, by ensuring:
the spread of the responsibilities on risk monitoring at the executive level;
- a set of rules and behaviours established and implemented by the Top Management;
the achievement of the awareness at the operational level of the risks associated with the Financial Reporting production;
the systematic monitoring of significant risks by the relevant functions for the compliance with the abovementioned Law.

The internal controls system over the Financial Reporting adopted by the company involves the application of a common methodological framework, based on:

the use of a consistent internal controls system model, centrally developed, based on methodological standards internationally acknowledged;
its updating and broadcasting within the Group on the basis of parameters centrally established.

The methodological approach adopted by the UniCredit Group in order to comply with the Italian Law on the protection of savings (Law no. 262/05) has been shared with the Internal Audit and has been inspired by the "Internal Control - Integrated Framework" (COSO Framework), issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), that represents a generally accepted standard for the internal control system and in particular for the Financial Reporting and whose adoption is generally accepted by the Supervisory Authorities.

The Global Policy also defines parameters for the identification of the subsidiaries that are required to implement the internal controls system over the Financial Reporting, in accordance with the provisions of Italian Law no. 262/05.

The operational implementation of the Global Policy provides for the identification, both for the Holding Company and the subsidiaries involved in the activities envisaged by Law no. 262/05, of administrative and accounting, business, managerial and support processes that have a significant impact on financial statement items, based on predefined quantitative parameters.

In that regard, criteria have been identified for setting minimum materiality thresholds for the identification of accounting items to be considered significant, both for the Holding Company and the subsidiaries, and the related underlying macro processes.

For the processes so identified, the existing controls and the owners in charge of their execution are detected; the owners are required to ensure, first of all, the assessment of the effectiveness of the controls, by pointing out any possible action to be taken to reduce the level of associated risk; in addition, the implementation of the controls must be periodically confirmed.

For the Sub-Holding/CEE Reference Banks and the subsidiaries, a flow of internal certifications has been established for the internal controls system on Financial Reporting put in place, according to the approach adopted by the Holding Company, by:

giving the governing bodies of the Companies and Sub-Holding/CEE Reference Banks the responsibility for the certification to the Holding Company on the adequacy and effective application of both the administrative and accounting procedures as well as the controls on the Information System; in particular, the Sub-Holding/CEE Reference Banks bodies/corporate officers are responsible for issuing the certification for their respective scopes of consolidation;
setting the roles of the Manager in Charge and the CEO within the Companies and the Sub-Holding/CEE Reference Banks involved, assigning them the responsibility of systematically reporting to their respective governing bodies on the status of the internal controls system on Financial Reporting and the improvement action plan;
validating the documentation and confirming the implementation of the controls by the relevant managers in charge of first level controls of the individual companies and support units, including Back-office and Information Technology (IT). To this aim, each procedure and each control have to be documented, assessed, tested and validated, and a single managerial responsibility must be defined for carrying out the enclosed activities;
sharing of a data repository in order to:
facilitate the consolidation of the risk and control values at Subsidiary, Sub-Holding/CEE Reference Banks and Holding Company level.
support the spread of a common language and approach in describing, assessing, testing and monitoring the adequacy of the internal control system.

Moreover, the Global Policy provides the involvement of the Holding Company governing bodies, in particular:

at the Board of Directors meeting, in which the individual and consolidated annual financial statements and the consolidated first half financial report are presented, the CEO and the Manager in charge with preparing the company financial reports provide a report regarding both the internal control system on Financial Reporting and the text to be signed to ensure compliance with the requirements laid down by the regulations;
at the Internal Controls & Risks Committee and at the Group Risk & Internal Control Committee (GR&ICC), in which the individual and consolidated annual financial statements and the consolidated first half financial report are presented, the Manager in charge with preparing the company financial reports provides a report on the results of the analysis of the internal control system on Financial Reporting of the Companies and the Sub-Holding/CEE Reference Banks Companies that have put in place that system; in addition, with reference to the 1st and the 3rd quarter consolidated interim reports, the Manager in charge with preparing the company financial reports provides an update on the status of any remediation actions identified.

The Holding Company, for its operations, is also required to validate the documentation and confirm the implementation of the controls by relevant staff in charge of the first-level controls. To that end, each procedure and each control have to be documented, assessed, tested and validated, and a single managerial owner must be identified for the activities involved.

It should be pointed out that any internal control system, even when aligned with the international best practices, such as the aforementioned CoSO Framework, cannot completely avoid the risk of frauds, errors, malfunctions or need for further improvements, that may ultimately affect the produced financial disclosure.

8.3 Coordination procedures among the parties involved in the Internal Controls and Risks Management System

According to the Banca d'Italia provisions, the "Document of corporate bodies and control functions" of UniCredit S.p.A. has been drafted and it defines in detail the tasks and responsibilities of the control bodies and functions, the information flows among different functions/bodies and between the latter and the corporate bodies, and their coordination and cooperation procedures when the sectors to be controlled have potentially overlapping areas or allow the development of synergies.

In UniCredit there are means of cooperation and coordination among control functions, through both the mutual information flow exchange – properly governed in the internal regulations - and the participation in managerial committees dedicated to control-related topics.

Internal controls and risks management system

In addition, the interactions between 2nd and 3rd level corporate control functions are part of the overall steady and active cooperation framework, mostly formalized in specific internal regulations and are performed through the functions:

participation in the definition and/or update of the internal regulations on risk and control matters;
mutual exchange of information flows, documents or data, e.g. relating to the planning of controls and the monitoring of the results thereof, and the control functions access to any internal resource or corporate information in line with their specific control needs;
participation to Board and Management Committees (systematically or on demand);
participation on an ad-hoc basis to Working Groups set up on risk and control topics.

The improvement of the interactions among control functions and their constant update to the governing bodies about the activities carried out have the ultimate goal of building over time a corporate governance able to guarantee the safe and sound corporate management also through a more efficient supervision of the risks at all Company's levels.

8.4 Group Governance Mechanisms

An effective internal controls system is also based on appropriate governance mechanisms through which UniCredit, as Holding Company, carries out the management and the coordination of the Group Companies, in accordance with law and the regulations in force²² .

In particular, UniCredit acts through:

the indication of "trusted persons" in the corporate bodies (the Board of Directors members of companies with traditional system or the Supervisory Boards members) and in the key management positions of the Group Companies;
a management / functional system (the "Group Managerial Golden Rules", so-called "GMGR") that defines the mechanisms for the coordination of the Group management, assigning to the heads of the UniCredit functions specific responsibilities for the corresponding functions of the Group Companies as described below;
the definition, the enactment and the monitoring of the Group rules adoption ( the "Global Rules") by the Companies;
the spreading of best practices, methodologies, procedures and the development of IT systems in order to standardize the operating procedures within the Group and reach the most effective risk management plus a wider operational efficiency.

In particular, the Group managerial and functional system operates crosswise with respect to the existing corporate structures: such as, by way of example, the Competence Lines²³ that create a strong functional link between the structures of the Holding Company and the corresponding structures of the Companies, in accordance with the responsibilities assigned by local law and regulations to the members of the corporate bodies and to the employees, as well as any hierarchical relationship within each company.

On the basis of the abovementioned managerial and functional system, the heads of the Competence Lines (as well as the heads of the business / service functions for the respective areas of expertise) have specific powers in relation to budget issues, definition of policies as well as guidelines / competence models definition, ensuring the monitoring of the Global Rules adoption by the Group Companies.

²² Specifically, Section 61 of the TUB and the Supervisory Regulations for banks issued by Banca d'Italia.

²³ The Competence Lines are represented by structures / functions, operating crosswise between the Holding Company and the Group, are aimed at directing, coordinating and controlling the activities and the risks of the Group overall and of individual companies (Planning, Finance & Administration, Risk Management, Legal, Lending, Compliance, Internal Audit and Human Capital, Group Identity & Communications).

More specifically, the Global Rules are issued by UniCredit - in accordance with the guidelines established by the GMGR – in order to regulate, inter alia, relevant activities for the compliance with law and / or for the risk management, in respect of the Group stability and in order to ensure a unique approach to the corporate plan and the overall efficiency.

8.5 Organization Model as per Legislative Decree no. 231/2001

On July 11, 2018, the UniCredit Board of Directors approved the latest version of the "Organization Model", adopted by the bank on May 2014, that includes the new provisions on whistleblowing introduced by the Italian Law 179/2017 (Protection for those who report crimes or irregularities that they have come to know in their work activity, in a public or private employment relationship).

At the approval date of this Report, the Model consists of:

a document the "UniCredit S.p.A. Organization and Management Model General Part" divided into seven chapters describing its purpose and perimeter, the regulatory framework, its features, the Supervisory Body working principles, the disciplinary and sanctioning system, dissemination and training, the keeping up to date of the Model;
an attachment containing a description of the "offences" referred to in Legislative Decree no. 231/01 and those regarding banking activity in general;
the Code of Ethics pursuant to the Legislative Decree no. 231/01 that contains the rules with which all employees have to comply in order to ensure that their conduct is always guided by criteria of fairness, collaboration, loyalty, transparency and mutual respect, as well as to avoid conducts that could constitute the offences and crimes set the above mentioned decree;
the "decision-making protocols" containing the principles of conduct and control to be complied with in performing activities at risk, that is activities where the risk of committing crimes was detected.

The "UniCredit S.p.A. Organisation and Management Model" addresses all members of UniCredit bodies, employees and, as far as concerns the activities performed fulfilling a contract/agreement with UniCredit, the external parties.

All employees are therefore required to abide by the principles contained in the organisation model and to report to the Supervisory Body²⁴ any information concerning a breach of the rules of the model or relating to criminal activities.

8.6 Whistleblowing

In July 2015 Banca d'Italia, within an updating of its Supervisory Regulations for banks (Circular no. 285), established specific requirements on whistleblowing by employees on illegal actions or breaches of laws and internal processes, some of which are additional compared to those currently implemented in UniCredit.

Therefore said additional requirements (amongst which the identification of the head of the whistleblowing system, the obligation to inform the whistle-blower and the reported persons about the development of the investigation set up following the whistleblowing, the formalization of the time frame of the investigation) were set out and the whole whistleblowing system was submitted to the Board of Directors' approval.

²⁴ Supervisory Body of UniCredit S.p.A.: a collective body whose duty is to supervise the functioning of and compliance with the Model and to ensure its updating; it is made up by five members, including three external members among whom the Chairman is chosen, and two executives in "apical" positions with guidance, support and control functions.

Internal controls and risks management system

Law no. 179 was published on December 14, 2017, which introduced new provisions to protect the whistle-blower of reports of crimes or irregularities that have come to their attention in the context of a public or private employment relationship. In particular for the private sector, Section 2 of the Law intervenes on the organizational and management models of entities pursuant to Italian Legislative Decree no. 231/01.

The Law also establishes the nullity of retaliatory or discriminatory dismissal of the whistle-blower (whose identity cannot be disclosed) as well as the change of duties or other retaliatory or discriminatory measure taken against the whistle-blower.

The internal whistleblowing process of UniCredit is already compliant with the new law and the Organizational Model 231/01 has been updated in 2018.

8.7 Auditing firm

The UniCredit Shareholders' Meeting held on May 11, 2012, on proposal of the Board of Statutory Auditors, resolved to assign to the audit firm Deloitte & Touche S.p.A., for the financial years 2013-2021, the statutory accounting supervision of the UniCredit separate and consolidated financial statements and the limited review of the condensed interim separate and consolidated financial statements as well as the assignment for verifying that the Company's accounting records are properly maintained and that the operations are correctly reflected in the accounting records , pursuant to Section 13, sub-section 1, and Section 16 of the Legislative Decree no. 39/2010.

Within the report of the external auditing firm are expressed the opinions on consistency of the report on operations and of certain information included in the report on corporate governance and ownership structure with the financial statements as well as their compliance with the legal provisions, pursuant to Section 14, sub-section 2, letter e), of the Legislative Decree no. 39/2010 (as last amended by the Legislative Decree no 135/2016) and Section 123-bis, sub-section 4, of the Legislative Decree no. 58/1998.

Following a separate engagement Deloitte & Touche S.p.A. issued separately the independent auditor's report on the consolidated non-financial statements drafted by UniCredit in accordance with the Legislative Decree no 254/2016.

Treatment of corporate information

The Corporate Bodies Regulations assign responsibility to the body with supervisory functions for defining procedures for the internal management and the public disclosure of documents and information concerning the Company, also including inside information.

In particular, following the entry into force of Regulation (EU) no. 596/2014 on market abuse ("Market Abuse Regulation"), and the issuance of CONSOB Guidelines on the management of Inside Information, the Bank adopted in June 2018 a dedicated-procedure for the evaluation, management and disclosure of inside information to the market.

In detail, the procedure:

a) assigns to the Co-COO (Head of Finance & Cost Management, hereinafter the "Co-COO"), also with the support of Group Compliance and the other relevant functions, if requested and according to their respective perimeters, the assessment of the inside nature of the information, the decision to disclose the inside information and, in case, the decision to delay the communication to the public of inside information.

The procedure requires to any employee who believes to be in possession of specific relevant information regarding UniCredit Group, whose disclosure could affect the price of UniCredit S.p.A. share or other financial instruments issued by UniCredit, to promptly report it to the Co-COO in order to allow him/her to carry out the assessment of the inside nature of the information transmitted and to take all steps necessary for the proper management of said information, including its possible timely disclosure to the market or the delay of such communications in accordance with the conditions provided by law;

b) foresees appropriate and effective measures, in order to ensure confidentiality of relevant/inside information as long as they are not disclosed to the public.

To that end, the Co-COO, after receiving the notification, starts the evaluation of the specific relevant information, which, if needed, could require the opening of a Relevant Information List in accordance with CONSOB Guidelines.

At the same time, a process, which includes the support of dedicated IT tools, has been designed to feed, upgrade and maintain the above mentioned lists;

c) describes the monitoring of the origination and evolution of the specific relevant information until the same takes the features of the inside information. Once the inside information is detected, the Co-COO activates the process for the preparation of the draft press release informing the competent department and Media Relations that will take care of the drafting and subsequent public disclosure. Alternatively, the Co-COO, after a preliminary evaluation of Group Compliance regarding the presence of the regulatory requirements, may decide to delay the disclosure of inside information to the public. In this case, the Co-COO informs the relevant function about their confidentiality duties and requests to timely open an insider list in order to properly monitor the circulation of the information and ensure its confidentiality. Once the conditions for delaying the communication of the information to the public are no longer present, the Co-COO activates the above mentioned process for the preparation of the draft press release and formally informs CONSOB of the intervened delay in the disclosure to the public of the inside information in accordance the provision of the law.
d) assigns to Media Relations, the duty to publish the press release to the market through the "S.D.I.R.-N.I.S." system, to Borsa Italiana and CONSOB. Press agencies will have access to the system directly.

The procedure provides that if the press release relates to events of major importance, the Head of Media Relations, with the support of Group Compliance, announces to CONSOB and Borsa Italiana its submission in advance.

Press releases are published on the Company's website within the opening time of the market on the day after their disclosure.

Press releases are available on the UniCredit website for at least five years after their disclosure.

Since UniCredit is a company listed also on the Frankfurt and Warsaw Stock Exchanges, in order to ensure harmonized information, public disclosure of inside information is made – according to the procedure – in a synchronized manner to all categories of investors and in all Member States where UniCredit shares have been admitted to trading;

e) introduces a specific escalation process to UniCredit, for the Group Legal Entities, with respect to this information which regarding directly said companies but might also have an impact on the price of financial instruments issued by UniCredit. Also in this case rules are provided for the evaluation and management of possible inside information.

All Directors and Statutory Auditors are duty-bound to maintain the confidentiality of documents and information obtained while performing their duties and to comply with the procedures UniCredit has adopted for its internal management and external disclosure of such documents and information.

In particular, for monitoring and ensuring the proper internal management of the documentation sent to Board members and Statutory Auditors prior to Board meetings, it is specifically envisaged that they acquire such documentation exclusively via an IT platform protected by a two-level access keys.

The procedure ensures not only greater speed in sharing both documents and information, but also a faster delivery, the traceability of individuals participating in the drafting of proposals submitted to the Board's approval, and confidential document delivery via a system of personal, protected passwords awarded to each Director and Auditor.

Appointment of the Statutory Auditors

Pursuant to current laws and regulatory provisions, the permanent and substitute members of the UniCredit Board of Statutory Auditors are appointed on the basis of slates submitted by legitimate parties in abidance by the composition criteria regarding, inter alia, the appointment of the Chairman of the Board by the minority shareholders and according to the rules on the balance of genders envisaged by Law no. 120/2011 (in that regard, please refer to Clause 30 of the Articles of the Association available on the UniCredit website)²⁵. At least two candidates for the seat as permanent Auditor and at least one candidate for the seat as substitute Auditor must be listed in the Rolls of Auditors and must have undertaken the legal auditing of accounts for a period of no less than three years.

Furthermore, UniCredit has established that the slates of candidates to the position as Statutory Auditor, containing the names of the candidates listed with a progressive number, should be filed at the Registered Office in Milan pursuant to the provisions of Section 147/ter of the TUF, no later than the twenty-fifth day prior to the date of the Shareholders' Meeting called to resolve upon the appointment of the members of the Board of Statutory Auditors. The slates must be made available to the public at the Registered Office, on the Company's website and through other channels provided for under prevailing laws, at least twenty-one days prior to the date of the Shareholders' Meeting. Instead, as far as concerns the percentage of share capital needed to submit the slate, Clause 30 of the Articles of Association specifies that the amount is 0.5% of the share capital bearing voting rights at the Ordinary Shareholders' Meeting, consistently with the minimum shareholding percentage established by CONSOB on the basis of the provisions of said Section 147/ter of the TUF (Section 144/quater of the CONSOB Issuers Rules).

Pursuant to the current provisions, at least one permanent Statutory Auditor must be appointed by the minority shareholders not connected, not even indirectly, with the shareholders filing or voting for the majority slate. The UniCredit Articles of Association provide that 2 permanent Statutory Auditors and 2 substitute Statutory Auditors must be appointed by the minorities.

²⁵ The address of the UniCredit website where the Articles of Association are available is the following:

http://www.unicreditgroup.eu/en/governance/governance-system-and-policies.html

Composition and functioning of the Board of Statutory Auditors

Pursuant to Clause 30 of the UniCredit Articles of Association the Ordinary Shareholders' Meeting appoints five permanent Statutory Auditors, among whom the Chairman, and 4 substitute Statutory Auditors.

The Board of Statutory Auditors' members in office as at the approval date of this Report were appointed by the Ordinary Shareholders' Meeting of April 14, 2016, for the financial years 2016 - 2018 and their office expires on the date of the Shareholders' Meeting called to approve the 2018 financial statements, convened on April 11, 2019.

Their appointment took place according to Clause 30 of the Articles of Association and pursuant to the current law and regulatory provisions.

In that regard, two slates were submitted, filed and published according to the deadline and in the terms provided for by the current provisions and the Articles of Association, i.e.:

• List no. 1 jointly submitted by Fondazione Cassa di Risparmio di Torino, Cofimar S.r.l. e Allianz, with a shareholding equal to 3.587% of the ordinary share capital: permanent Statutory Auditors (1) Mr. Angelo Rocco Bonissoni, (2) Mr. Enrico Laghi, (3) Ms. Benedetta Navarra, (4) Mr. Alessandro Trotter and (5) Ms. Raffaella Pagani substitute Statutory Auditors (1) Ms. Guido Paolucci, (2) Ms. Paola Manes, (3) Mr. Franco Luciano Tutino and (4) Ms. Maria Rosaria De Simone • List no. 2 jointly submitted by several Funds, with an overall shareholding equal to 1.818% of the ordinary share

capital: permanent Statutory Auditors (1) Mr. Pierpaolo Singer, (2) Ms. Maria Enrica Spinardi and (3) Ms. Myriam Amato substitute Statutory Auditors (1) Ms. Antonella Bientinesi and (2) Ms. Maria Francesca Talamonti.

Along with the two lists, also the following documentation has been filed and published, according to the envisaged terms and conditions:

a statement of the shareholders other than those holding, even jointly, a control or relative majority shareholding – attesting the inexistence of any connection, also indirect, with the latter, or of significant relationships crucial for the existence of the above connections;
exhaustive information on the personal and professional characteristics of the candidates included in the slate (curriculum vitae) and the list of the supervisory and controlling offices held in other companies pursuant to Article 2400 of the Italian Civil Code;
the statements of each candidate irrevocably accepting his/her office (subject to his/her appointment) and also attesting that there was no reason for his/her ineligibility, forfeiture and incompatibility, as well as his/her fulfilment of the professional experience, integrity and independence requirements envisaged by current laws and regulatory provisions.

Information on the personal and professional characteristics of each candidate, shown in their curricula, the list of supervisory and controlling offices held in other companies, as well as the statements required by current provisions, also of a regulatory nature, have been made available on the UniCredit website (https://www.unicreditgroup.eu/en/governance/shareholders-meeting.html).

The Shareholders' Meeting held on April 14, 2016, appointed the new Board of Statutory Auditors, comprised of five permanent Statutory Auditors, and four substitute Statutory Auditors, as follows:

from List no. 1, which obtained the relative majority of the Shareholders' votes, Mr. Angelo Rocco Bonissoni, Mr. Enrico Laghi e Ms. Benedetta Navarra were appointed as permanent Statutory Auditors, while Mr. Guido Paolucci and Ms. Paola Manes were appointed as substitute Statutory Auditors;
from List no. 2, which obtained the minority of the Shareholders' votes, Mr. Pierpaolo Singer (Chairman) and Ms. Maria Enrica Spinardi were appointed as permanent Statutory Auditors, while Ms. Antonella Bientinesi and Ms. Maria Francesca Talamonti were appointed as substitute Statutory Auditors.

Moreover, the Shareholders' Meeting also resolved to confirm the yearly remuneration already approved by the same for the former term in office of the Board of Statutory Auditors, also on the basis of the information given by the outgoing Board of Statutory Auditors in order to allow both the shareholders and the candidates to evaluate the remuneration adequacy.

Following the resignations handed in by permanent Statutory Auditors Mr. Enrico Laghi on May 2, 2017, and Ms. Maria Enrica Spinardi on October 26, 2017 - replaced, pursuant to Article 2401 of the Italian Civil Code, respectively by Mr. Guido Paolucci and Ms. Antonella Bientinesi, both already substitute Statutory Auditors chosen in the same lists as the outgoing Auditors - the Shareholders' Meeting convened on December 4, 2017, was required to resolve also on the integration of the Board of Statutory Auditors.

With regard to the integration of the Board of Statutory Auditors, the following proposals of candidacies were filed:

on October 30, 2017, from Shareholder Allianz Finance II Luxembourg S.a.r.l. the candidacies of Mr. Guido Paolucci as permanent Statutory Auditor and of Ms. Raffaella Pagani as substitute Statutory Auditors;
on November 6, 2017, from shareholders Aletti Gestielle SGR, Anima SGR, Anthilia Capital Partners SGR, Arca Fondi SGR, Eurizon Capital SGR, Eurizon Capital SA, Fideuram Asset Management (Ireland), Fideuram Investimenti SGR, Interfund Sicav, Generali Investments Europe SGR, Generali Investments Luxembourg SA, Kairos Partners SGR, Mediolanum Gestione Fondi SGR, Mediolanum International Funds, Ubi Pramerica SGR e Ubi Sicav the candidacies of Ms. Antonella Bientinesi as permanent Statutory Auditor and of Ms. Myriam Amato as substitute Statutory Auditors;
on November 13, 2017, from shareholder Mr. Pierluigi Carollo his own candidacy as permanent Statutory Auditor.

The abovementioned shareholders submitted the declarations regarding the candidacies and the statements concerning the possession of the requirements, according to both current provisions and the Articles of Association, to take on the office, as well as the exhaustive information on the personal and professional characteristics of the candidates (curriculum vitae) and list of the supervisory and controlling offices held in other companies pursuant to Article 2400 of the Italian Civil Code, which have been filed together with the relevant proposals and made available to the public.

Therefore, the Shareholders' Meeting held on December 4, 2017, resolved on the integration of the Board of Statutory Auditors by appointing as permanent Auditors Mr. Paolucci and Ms. Bientinesi and as substitute Auditors Ms. Pagani and Ms. Amato, who shall remain in office until the end of term of the current Board of Statutory Auditors and, thus, until the Shareholders' Meeting called for the approval of the 2018 financial statements. Their appointments were resolved with the majority required by law, without applying the list vote system and, in any case, abiding by the principles of the minority representation and gender balance required by current provisions, also of a regulatory nature.

As at March 5, 2019, the Board of Statutory Auditors has the following composition.

Composition and functioning of the Board of Statutory Auditors

		In office		Slate	Independent		Number of others
Position	Members			(M/m)	as per Code	%	positions
		since	until	*		**	***
Chairman	Singer Pierpaolo	14-4-2016	11-04-2019	m	X	100%	--
Permanent Statutory Auditor	Bonissoni Angelo Rocco	14-4-2016	11-04-2019	M	X	97.37%	--
Permanent Statutory Auditor	Navarra Benedetta	14-4-2016	11-04-2019	M	X	97.37%	3
Permanent Statutory Auditor	Paolucci Guido (1)	4-12-2017	11-04-2019	M	X	100%	--
Permanent Statutory Auditor	Bientinesi Antonella (2)	4-12-2017	11-04-2019	m	X	97.37%	1
Substitute Statutory Auditor	Manes Paola	14-4-2016	11-04-2019	M	X		--
Substitute Statutory Auditor	Talamonti Maria Francesca	14-4-2016	11-04-2019	m	X		2
Substitute Statutory Auditor	Pagani Raffaella (3)	04-12-2017	11-04-2019	--	X		3
Substitute Statutory Auditor	Amato Myriam (3)	04-12-2017	11-04-2019	--	X		1
	----- Statutory Auditors who terminated their office during the Period ----
--
	Quorum required for the submission of the slates for the latest appointment: 0.5%
No. of meetings held in the Period: 38
NOTE
*	M = Member elected from the slate obtaining the majority of the Shareholders' votes
	m = Member elected from the slate voted by a minority
the Period)	** Meetings' attendance percentage (number of meetings attended / number of meetings held during the concerned party's term of office with regard to
***	Number of positions as Director or Auditor held by the concerned party pursuant to Section 148/bis of the TUF. A complete list of such positions is
published by the CONSOB on its website pursuant to Section 144/quinquiesdecies of the CONSOB Issuers Rules
(1)	He took office under Article 2401 of the Italian Civil Code in replacement of Mr. Enrico Laghi, who resigned on May 2, 2017, and was appointed as
	Statutory Auditor by the Shareholders' Meeting held on December 4, 2017
(2)	She took office under Article 2401 of the Italian Civil Code in replacement of Ms. Maria Enrica Spinardi, who resigned on October 26, 2017, and was appointed as Statutory Auditor by the Shareholders' Meeting held on December 4, 2017
(3)	Appointed by the Shareholders' Meeting held on December 4,2017

The Board of Statutory Auditors members meet the requirements set forth by current provisions. For any further details regarding the composition of this corporate body, or the personal and professional characteristics of each Statutory Auditor, reference is made to the information published on the UniCredit website²⁶ .

The following chart shows the seniority in office since their first appointment of the current members of the Board of Statutory Auditors as at the approval date of this Report:

Member of the Board of Statutory Auditors		First appointment date
Singer Pierpaolo	Chairman	December 2015 (1)
Bonissoni Angelo Rocco	Permanent Statutory Auditor	May 2015
Navarra Benedetta	Permanent Statutory Auditor	April 2016
Paolucci Guido	Permanent Statutory Auditor	May 2017 (2)
Bientinesi Antonella	Permanent Statutory Auditor	October 2017 (3)

(1) Mr. Singer had been in office as Permanent Statutory Auditor pursuant to Article 2401 of the Italian Civil Code since December 9, 2015, up to April 14, 2016

(2) Mr. Paolucci had been in office as Permanent Statutory Auditor pursuant to Article 2401 of the Italian Civil Code since May 2, 2017, up to December 4, 2017
(3) Ms. Bientinesi had been in office as Permanent Statutory Auditor pursuant to Article 2401 of the Italian Civil Code since October 26, 2017, up to December 4, 2017

The apportionment of the Board of Statutory Auditors members in office according to age and gender are detailed hereinafter.

During the Period the Board of Statutory Auditors met 38 times.

The Board of Statutory Auditors meetings lasted for an average of approximately 3 hours and 50 minutes.

²⁶ The address of the UniCredit website where the information concerning the Auditors is available is the following: https://www.unicreditgroup.eu/en/governance/board-of-statutory-auditors.html https://www.unicreditgroup.eu/en/press-media/press-releases.html

Composition and functioning of the Board of Statutory Auditors

As at March 5, 2019, 9 meetings have been held.

* * *

The independence of the Statutory Auditors is checked by the Board of Statutory Auditors – in compliance with the enforcement criteria envisaged by Section 3 of the Corporate Governance Code and the provisions set out by Section 148 of the TUF – every time the Board of Statutory Auditors is renewed, as well as on an annual basis. The outcome of the assessment is submitted to the Board of Directors that, after the appointment, discloses it by means of a press release to the market and, subsequently, within the corporate governance report, according to the manner provided for with reference to the Directors.

With reference to the Statutory Auditors in office as of the date of the Report's approval, the Board of Statutory Auditors, at the annual verification lastly carried out during its meeting on July 18, 2018, checked the existence of the independence requirements of both its permanent and substitute members envisaged by the Corporate Governance Code and its relevant enforcement criteria and also evaluated the existence of the requirements set out by the TUF.

No further criteria were applied to the evaluation of the existence of the independence requirements in addition to those established by Section 148, sub-section 3, of the TUF and by the Code.

* * *

With specific reference to the renewal of the Board of Statutory Auditors for the 2019 – 2021 financial years, it should be noted that - although there is no specific provision requiring the identification of the qualitative and quantitative composition deemed to be optimal even for the control body - the UniCredit Board of Directors, in agreement with the outgoing Board of Statutory Auditors, on February 19, 2019, has made available to the Company's shareholders a theoretical profile for the Statutory Auditors in order to facilitate the best choice of candidates to be presented at the 2019 Shareholders' Meeting.

Said document takes also into due account the decision – adopted by the Company's Board of Directors in its meeting held on February 6, 2019 – to assign to the Board of Statutory Auditors, starting from this renewal, also the duties of the Supervisory Body pursuant to the Legislative Decree no. 231 dated June 8, 2001.

* * *

The Board of Statutory Auditors attends regular meetings with the Chairman of the Board of Directors and with the Chief Executive Officer for a mutual exchange of information.

In performing its duties, the Board of Statutory Auditors constantly coordinated its activity with the Internal Audit function and the External Auditing firm. Appropriate functional links were established, with regard to the respective areas of competence, with the Internal Controls & Risks Committee, through the attendance by the Board of Statutory Auditors of the meetings of the aforementioned Committee during 2018, pursuant to UniCredit Corporate Bodies and Committees Regulation, as well as through an on-going dialogue and the exchange of information between the two corporate bodies.

* * *

The special authorization procedure set out in Section 136 of the TUB applies to obligations of any kind or to purchase or sale agreements directly or indirectly executed by the Board of Statutory Auditors members with the bank for which they perform their duties.

Statutory Auditors should also comply with the provisions laid down in Section 36 of Law Decree no. 201/2011 (interlocking prohibition), as amended by Law no. 214/2011, which prohibits office-holders in management, supervisory and control bodies and top executives of companies or groups of companies operating in credit, insurance and financial markets from taking or holding similar offices in competing companies or group of companies.

During the Period, the Board of Statutory Auditors' members have benefitted of the permanent induction program active for the Board of Directors' members, based on three year cycles connected to the Board mandate and put in place with the support of an external consultant. Such program ensures an ad hoc training on a continuous basis that takes into account both the individual and collective needs of the body, with the aim also to preserve over time the background of technical skills necessary to perform the role with awareness.

* * *

Furthermore, specific meetings, open also to the members of the Board of Statutory Auditors, have been arranged, focused on the perspectives and key elements for Group strategy and of the entire European banking sector.

Relations with Shareholders

In order to foster the dialogue with the institutional and private investors, the analysts and the rating agencies, as well as maintaining a constant flow of information towards the market, UniCredit has devoted special, readily recognizable and easy to access sections of its website (Governance and Investors), in order to provide information on its governance structure and on the internal organization of the Company, in order to ensure shareholders an informed exercise of their rights, as well as economic-financial information, data and up-to-date documents of interest to the generality of shareholders.

All documents and information are supplied in both Italian and English.

Also in line with the provisions of the Corporate Governance Code, ad hoc structures have been established responsible for handling the relations with the shareholders in general and with investors in particular, in abidance by the provisions, also of internal kind, on the matter of corporate information. In detail:

within the Group Planning, Finance, Shareholding and Investor Relations Department, the Group Investor Relations, in charge with managing the dialogue with institutional investor – shareholders or not – and with the financial analysts and proxy advisors in general, providing the market with transparent, on time and coherent information in order to support a fair Group evaluation;
Corporate Law Advice and Shareholders Relations, within the Group Corporate Affairs Department, in charge with overseeing and managing the relations with Italian and foreign private shareholders (i.e., non-institutional ones), also managing their requests.

On that regard, the following dedicated channels have been established:

dedicated e-mail ([email protected]) for institutional investors;
toll free number 800 307 307 (only for calls within Italy); dedicated e-mail ([email protected]) for the noninstitutional shareholders; fax: +39 02 4953.6941.

In 2018, the Head of Group Investors Relations was Mr. Piero Munari, later on replaced by Mr. Joerg Peter Pietzner.

Shareholders can also communicate with the Company through its website, albeit not in real time.

For specific matters related to corporate governance topics and remuneration policies, Group Investor Relations has involved and coordinated itself with Group Corporate Affairs Department and Group Human Capital Department in order to strengthen a lasting and constructive dialogue with the institutional investors and their proxy advisors on such matters. In particular, within Group Human Capital Department, Reward & Benefits structure is in charge with managing the dialogue with investors on remuneration matters to enable a confrontation on mutual expectations and needs for the definition of the remuneration policies.

To that regard, please note that Group Corporate Affairs Department has, also during the course of 2018, looked after a schedule of contacts with the institutional investors, aimed at a lasting and constructive dialogue on corporate governance topics. For information on the yearly dialogue process with both the institutional investors and proxy advisors managed by Group Human Capital Department reference is made to the Group Compensation Policy.

Positions held by the UniCredit Directors in other companies listed on regulated markets (both in Italy and abroad), as well as in financial services companies, banks, insurance companies or other large companies

		Company belonging to
	POSITIONS HELD	the UniCredit Group
		YES	NO
Fabrizio Saccomanni		--	--
Chairman

Cesare Bisoni		--	--
Deputy Vice Chairman

Jean Pierre Mustier		--	--
Chief Executive Officer

Mohamed Hamad Al Mehairi	CEO of Aabar Investments PJS		X
Director	Member of the Board of Directors of Arabtec Holdings PJSC		X
	Member of the Board of Directors of Al Hilal Bank		X
	Member of the Board of Directors of Wessal Capital Asset Management S.A.		X
	Member of the Board of Directors of Palmassets S.A.		X
	Member of the Board of Directors of DEPA Limited		X
	Member of the Board of Directors of Emirates Investment Authority		X

Lamberto Andreotti	Member of the Board of Directors of DowDuPont		X
Director

Sergio Balbinot	Member of the Management Board of Allianz SE, responsible for the insurance		X
Director	business in the countries of Western and Southern Europe India and Asia Member of the Board of Directors of Allianz France S.A.		X

	Member of the Board of Directors of Allianz Sigorta A.S.		X
	Member of the Board of Directors of Allianz Yasam ve Emeklilik A.S. Member of the Board of Directors of Bajaj Allianz Life Insurance Co. Ltd		X X
	Member of the Board of Directors of Bajaj Allianz General Insurance Co. Ltd		X
	Member of the Board of Directors of Borgo San Felice S.r.l.		X

Martha Dagmar Boeckenfeld	Chairman of DFG – Deutsche Fondsgesellschaft Invest S.E.		X
Director	Member of the Board of Directors of Generali Personenversicherungen AG		X
	Member of the Board of Directors of Generali General Insurance Ltd		X
	Member of the Board of Directors of Fortuna Rechtsschutz-Versicherungs
	Gesellschaft AG		X
	Member of the Board of Directors of Fortuna Investment AG		X
	Member of the Board of Directors of BlackRock Global Funds (BGF)		X

Vincenzo Cariello
Director		--	--

	POSITIONS HELD	Company belonging to the UniCredit Group
		YES	NO

Elena Carletti
Director		--	--


Isabelle de Wismes		--	--
Director

Stefano Micossi		--	--
Director
Maria Pierdicchi	Independent Member of the Board of Directors of Autogrill Group		X
Director	Independent Member of the Board of Directors of Luxottica Group		X

	Independent Member of the Board of Directors of Aurora SA		X
Francesca Tondi
Director	Member of the Board of Directors of Angel Academe Nominee		X

Alexander Wolfgring	Member of the Supervisory Board of Österreichisches Verkehrsbüro AG		X
Director	Member of the Board of Directors of AVZ GmbH		X
	Chairman of the Supervisory Board of Verkehrsbüro Touristik GmbH		X

Elena Zambon	Chairman of Zambon S.p.A.		X
Director	Vice Chairman of GEFIM S.p.A.		X
	Vice Chairman of Zach Systems S.p.A.		X
	Chairman of ENAZ S.r.l.		X
	Member of the Board of Directors of IAVA S.r.l.		X
	Member of the Board of Directors of ITAZ S.r.l.		X
	Member of the Board of Directors of TANO S.r.l.		X
	Member of the Board of Directors of CLEOPS S.r.l.		X
	Member of the Board of Directors of Zambon Company S.p.A.		X
	Member of the Board of Directors of Zeta Cube S.r.l.		X
	Member of the Board of Directors of ANGAMA S.r.l.		X
	Member of the Board of Directors of Ferrari N.V.		X

Managerial powers

Remaining the Board of Directors competent for the authorities assigned to it by laws and by the Articles of Association, the Board has granted the Chief Executive Officer the following powers, within pre-defined limits and also with the authority to sub-delegate, across all sectors of the Bank's business:

credit activities;
equity capital markets transactions with underwriting risk;
appointment of corporate officers in the corporate bodies of the companies (also not shareholdings), entities and other bodies as well as the assignment of the related compensation;
management of shareholdings, concerning in particular (i) transactions related to shareholdings already held or to be acquired and (ii) transactions concerning firms, going concerns and/or legal relationships, (iii) instructions for the exercise of voting rights in the Shareholders' Meetings (both ordinary and extraordinary) of its directly, controlled/joint controlled or non-controlled, shareholdings; (iv) the execution and/or the amendment of shareholders' agreements related to the directly and indirectly, controlled or not controlled, companies;
principal investments and funds transactions of any kind, both sponsored by the Group and by third parties;
management activities for positions arising from liquidity exposures of UniCredit and the Group Companies managed by UniCredit itself;
management of banking and trading book positions not attributable to the debt capital markets activities on the trading book and to the equity capital markets transactions;
activities connected to the marketing of products and services, of third parties too, and to the identification of conditions;
powers to authorise expenses and investments needed for the management of the Bank, in abidance by the strategies authorised, and within the annual expense budget approved, by the Board of Directors;
powers for managing the staff in abidance by the collective responsibility principle in the investigation phase;
definition and amendments of the organizational structures and of the organizational book, remaining the Board competent for i) changing of the roles and responsibilities of the structures / subjects belonging to the first reporting line to the Board itself and to the Chief Executive Officer; ii) setting up/changing/cancellation of the Managerial Committees of which the Chief Executive Officer is an effective member;
decision-taking on the subject of "restructuring" files or "non-performing exposures";
decision-taking on the subject of expected losses and releases of capital and/or capitalized interests, disbursements and settlement offers, with regard to cases originating from operational mishaps, claims and judicial or extrajudicial litigation, including those fiscal related, active and passive (including mediation / conciliation matters);
selling/alienation and management of real-estate and other assets (movables) of the Bank;
decision-taking with regard to the activities related to the debt capital markets on the trading book, for the definition of the limits to be assigned for each counterpart (single issuer / economic group), based on the credit worthiness of the counterpart and the characteristics of the transaction;
deciding the limits with regard to the total single issuer exposure on the trading book (single counterpart / economic group), regardless of the type of instruments on the trading book, based on the creditworthiness of the counterpart and on the characteristics of the transaction;
management of transitory items accounting in profit & loss.

In order to ensure proper management of the powers granted and effective control of the same, the persons delegated have supplied the Board of Directors, according to the ways established by the Board itself, with a quarterly report, even in aggregate form, on the activities carried out in the exercise of the delegations as assigned to them, with the exception of the specific powers for which the Board established a half-yearly or yearly deadline or, alternatively, at the first possible Board meeting.

* * *

AI assistant

Unicredit — Governance Information 2019

4272_cgr_2019-03-19_f8a6861f-9ec0-4443-aa58-bae75a748e7e.pdf

Index

ANNEXES:

Glossary

Banca d'Italia

Circular no. 263/2006

Circular no. 285/2013

Compensation Report

CONSOB Issuers Rules

Consolidated Law on Finance or TUF

European Central Bank (ECB)

CONSOB Regulations on relatedparties

Corporate Governance Code or Code

Financial year to which the Report refers (also Reference Period or Period)

CONSOB

Consolidated Law on Banking or TUB

CRD IV

Italian Civil Code

Manager in Charge

Supervisory Authority

Report

Profile of the Issuer

Foreword

The Corporate Governance Code

Profile of the Issuer

The Report on corporate governance and ownership structure

Profile and structure

Shareholder structure

Profile of the Issuer

Corporate governance model

Shareholders' Meeting

Board of Directors

Profile of the Issuer

Board Committees

Board of Statutory Auditors

Diversities policies

Profile of the Issuer

Information on the ownership structure

2.1 Share capital structure

Rights and obligations

2.2 Restrictions on stock transfers

2.3 Relevant equity holdings

Information on the ownership structure

2.4 Restrictions on voting rights

2.5 Change of control clauses and by-laws provisions on public purchase offers

2.6 Delegation of power to increase share capital and authorisations to purchase own shares

Shareholders' Meeting

Legitimation, how to attend and voting rights

Shareholders' Meetings conduct

Shareholders' Meeting

Board of Directors

4.1 Appointment and replacement

Succession plans

Board of Directors

Process

Content

4.2 Composition

Board of Directors

Board of Directors

Time commitment and number of offices

Board of Directors

Initiatives of induction and recurring training

4.3 Board of Directors' role

Meetings and functioning

Duties

Board of Directors

The role played by the Chairman of the Board

Self-assessment

Board of Directors

Competitive business

4.4 Delegated Bodies

Chief Executive Officers

Chairman of the Board of Directors

Other executive Directors

Reporting to the Board

Board of Directors

4.5 Independent Directors

Board of Directors

Unicredit Governance Information 2019