Unlock your potential

Name of Issuer: UniCredit S.p.A.

Website: www.unicreditgroup.eu

Reference Period: January 1, 2021/December 31, 2021

Report approved on: March 8, 2022

2021

Report on corporate governance and ownership structure

pursuant to Section 123/bis of the TUF (so-called "traditional" management and control system)

Index

Glossary	4
1. Issuer profile	6
2. Information on the ownership structure	18
2.1 Share capital structure	18
2.2 Restrictions on stock transfers	18
2.3 Relevant equity holdings	18
2.4 Restrictions on voting rights	21
2.5 Changes to control clauses and by-laws provisions
on public purchase offers	21
2.6 Delegation of power to increase share capital and
authorisations to purchase own shares	21
3. Shareholders' Meetings	23
4. Board of Directors	26
4.1 Appointment and replacement	26
4.2 Composition	29
4.3 Board of Directors' role	38
4.4 Executive Directors	43
4.5 Independent Directors	44
4.6 Lead Independent Director	46
5. Board of Directors' internal Committees	47
5.1 Internal Controls & Risks Committee	51
5.2 Corporate Governance & Nomination Committee	53
5.3 ESG Committee	55
5.4 Remuneration Committee	57
5.5 Related-Parties Committee	57

6. Directors' remuneration	60
Indemnities to Directors in the event of resignation, dismissal or termination
of employment following a public purchase offer
7. Directors' interests and related-parties transactions	61
8. Internal controls and risks management system	63
8.1 Bodies and functions	63
8.2 Financial reporting process, including on a consolidated
basis	73
8.3 Coordination procedures among parties involved in the
internal controls and risks management system	75
8.4 Group governance mechanisms	75
8.5 Organisation Model as per Legislative Decree no. 231/2001	76
8.6 Whistleblowing	77
8.7 Auditing firm	78
9. Handling of corporate information	79
10. Appointment of Statutory Auditors	81
11. Board of Statutory Auditors' composition and functioning	82
12. Relations with Shareholders	88
13. Changes since the closing of the reference period	90

ANNEXES:

-	Positions held by UniCredit Directors at other listed companies
	or large companies	91
-	Delegations of powers	93

Glossary

Banca d'Italia	Bank (also the Holding Company or Company)	Circular no. 285/2013
The Italian Republic's central bank, it is part of the Eurosystem, comprising the European Central Bank and the national central banks of European Union States that have adopted the Euro	UniCredit S.p.A.	Circular no. 285, dated December 17, 2013, and issued by Banca d'Italia, regarding prudential Supervisory Regulations for banks and banking groups, as subsequently amended
CONSOB	CONSOB Issuers' Rules	CONSOB Regulations on transactions with related parties (also CONSOB Resolution no. 17221/2010)
Commissione Nazionale per le Società e la Borsa, the Italian Supervisory Authority that oversees transparency and correctness in conduct on Italian financial markets	Regulation implementing the Italian Consolidated Law on Finance governing issuers, adopted by CONSOB through Resolution no. 11971, dated May 14, 1999, as subsequently amended	The regulation governing transactions with related parties by companies that make use of the risk capital market directly or via subsidiaries, adopted by CONSOB through Resolution no. 17221, dated March 12, 2010, as subsequently amended
Consolidated Law on Banking (also the TUB)	Consolidated Law on Finance (also the TUF)	Corporate Governance Code, or the Code
Legislative Decree no. 385, dated	Legislative Decree no. 58, dated	The Italian "Corporate Governance
September 1, 1993, as subsequently amended	February 24, 1998, as subsequently amended	Code" for listed companies approved in January 2020 by the Italian Corporate Governance Committee, made up of ABI, Ania, Assogestioni, Assonime, Confindustria and Borsa Italiana S.p.A.
CRD V	European Central Bank (ECB)	Financial year to which the Report refers (also Reference Period)

Group Remuneration Policy and Report

The Group Remuneration Policy and Report, drawn up in accordance with Section 123-ter of the TUF, Section 84-quater of the CONSOB Issuers' Rules and with Supervisory Provisions on remuneration

Italian Civil Code

Royal Decree no. 262, dated March 16, 1942, as subsequently amended

Legislative Decree no. 231/2001

Legislative Decree no. 231, dated June 8, 2001, containing the framework that governs the administrative responsibility of legal persons, companies and associations, with or without legal liability, as subsequently amended

Manager in Charge

Ministry of Economy and Finance Decree no. 169 dated November 23, 2020 (also Decree)

The Manager charged with preparing the company's financial reports (pursuant to Section 154/bis of the Consolidated Law on Finance)

The Regulation on the requirements and suitability criteria for corporate officers of banks, financial intermediaries, "confidi", electronic money institutions, payment institutions and depositor guarantee schemes to carry out their duties

Report

This "Report on corporate governance and ownership structure", referring to the 2021 financial year, made available on the Company's website

Supervisory Authority

The European Central Bank, Banca d'Italia, CONSOB, as defined above, and/or any other independent authority and/or administration at national or EU level

Supervisory Regulations on corporate governance

Provisions on banks' corporate governance, laid down in Circular no. 285, dated December 17, 2013 (First Part, Title IV, Chapter 1)

Supervisory Regulations on remuneration

Provisions on remuneration and incentive policies and practices at banks and banking groups, as laid down in Circular no. 285, dated December 17, 2013 (First Part, Title IV, Chapter 2)

UniCredit website

The Company's website, www.unicreditgroup.eu

Issuer profile

Foreword

The overall corporate governance framework of UniCredit S.p.A. has been defined in compliance with current national and European provisions, as well as the recommendations contained in the Italian Corporate Governance Code approved by the Italian Corporate Governance Committee, made up of ABI, Ania, Assogestioni, Assonime, Confindustria and Borsa Italiana S.p.A..

Moreover, UniCredit is subject to the provisions contained in the Supervisory Regulations issued by Banca d'Italia and, specifically with regards to corporate governance issues, to regulations on banks' corporate governance (Circular no. 285/2013, First Part, Title IV, Chapter 1). In compliance with the aforementioned Supervisory Regulations, as a significant bank subject to the direct prudential supervision of the ECB as well as being a listed bank, UniCredit qualifies as a bank of large size or operational complexity, and consequently complies with provisions applicable to such banks.

As an issuer of shares that are also listed on the Frankfurt and Warsaw regulated markets, UniCredit also fulfils legal and regulatory obligations related to listings on said markets, as well as provisions on corporate governance stipulated under the Polish Corporate Governance Code issued by the Warsaw Stock Exchange.

The Italian Corporate Governance Code

In line with practice on major international markets, the Italian Corporate Governance Code identifies goals for a sound corporate governance, as well as the behaviours deemed appropriate for their achievements recommended by the Italian Corporate Governance Committee made up of ABI, Ania, Assogestioni, Assonime, Confindustria and Borsa Italiana S.p.A., to companies listed in Italy, to be applied according to the "comply or explain" principle that requires explanation in the corporate governance report of any reasons for failure to comply with one or more recommended best practices.

Since 2001, UniCredit has adopted the Italian Corporate Governance Code, which is publicly available on the Italian Corporate Governance Committee website (https://www.borsaitaliana.it/comitato-corporategovernance/homepage/homepage.en.htm).

In particular, the above Code assigns the Italian Corporate Governance Committee the task of monitoring the level of compliance with its provisions by the company with listed shares that has adopted said Code.

Any possible area of improvement for listed companies' governance is highlighted in the annual Report on compliance with the Code and disclosed to the companies concerned. This practice is intended to encourage a more effective adoption of Code recommendations, and to promote an ongoing development of corporate governance at all listed companies, regardless of whether companies have formally adopted the Code or not.

To ensure the ongoing consistency of the corporate governance code's recommendations against a backdrop of a changing market and investor expectations, in 2019 the Italian Corporate Governance Committee launched a review of the code, approved in its final version in January 2020. The adoption of this new version came into force starting from the 2021 financial year. Information on its implementation shall be included in corporate governance reports published during 2022.

The new features to be assessed when implementing the best practices of the new Code include the application of certain recommendations, proportionate on the basis of the size and of the ownership structures of the Company. UniCredit, being a large company, applies the recommendations addressed to the category of "large companies".

Considering that 2022 represents the first year in which the companies are called to disclose the means for implementing the new Code, the Italian Corporate Governance Committee deemed appropriate to draft certain recommendations in order to support the compliance process.

Specifically, the above Committee, while acknowledging the convenience of a proportionate approach in the implementing process, encouraged the boards of directors to provide a description of their choices as to the following matters and with reference to the areas subject to greater impact, as indicated in the letter of the Chair of said Committee dated December 3, 2021:

1) sustainable success
a1. integration of sustainability in strategies, in controls system and in remunerations
a2. dialogue with the generality of shareholders and initiatives to encourage the dialogue with the relevant stakeholders
2) assessment of independence
3) pre-meeting information
4) process for the appointment and succession of directors (specifically addressed
to companies qualifying as "non concentrated")
5) gender equality
6) remuneration policies.

The issued recommendations were submitted to the attention of the UniCredit Board Committees, in particular of the Corporate Governance & Nomination Committee (at its meetings held on February 14 and March 7, 2022), of the ESG Committee (at its meeting held on February 11, 2022), of the Remuneration Committee (at its meeting held on March 7, 2022), as well as of the Board of Directors (at its meetings held on February 15, and March 8, 2022) and of the Board of Statutory Auditors (at its meeting held on December 20, 2021).

On this topic, it should be noted that all of the above highlighted areas of improvement have already been subject to in-depth attention and discussion by the Board and its Committees oriented towards strengthening the Company's corporate practices and meeting the market's growing expectations.

Regarding sustainability both in a general and strategic meaning for the Company's business, in the medium-long term, the journey which started in 2020 to further integrate all ESG (Environmental, Social and Governance) factors in the Bank's strategy and business saw a significant acceleration in 2021 with the setup of a new ESG Board

Issuer profile

Committee, and the approval of a new ESG strategy, (a key component of the new Group Strategic plan). The new strategy clearly sets the Group's vision and ambitions in all three components of E, S and G and aims at making ESG an integral part of the bank's culture, and of its way of doing business and interacting with all its stakeholders. The ESG strategy is built around Group's principles and beliefs across the Environmental, Social and Governance dimensions, based on clear business goals and key strategic actions across four building blocks, ensuring deliverables through transparent enablers. Starting from Governance, UniCredit is one of the few groups in Europe to have a dedicated ESG Committee, created in April 2021, on its Board. The purpose of the new Committee, which took over the sustainability responsibilities previously assigned to the UniCredit Corporate Governance, Nomination and Sustainability Committee (now called Corporate Governance & Nomination Committee), is to supervise all the activities carried out in this field. The Bank is going in the direction of integrating all ESG factors into its governance, business, risk and credit management, metrics and operations. From an operational point of view, the ESG Strategy Roadmap encompasses more than 20 streams across the entire organisation, including national ESG plans, business approach, advisory and products, credit policies, ESG risk management and agenda, Net Zero plan and other commitments, ESG ICT and data strategy.

With reference to the dialogue with the generality of shareholders, since 2019, UniCredit has adopted an engagement policy to govern any possible request for meetings and/or for information addressed to Board of Directors' non-executive member by UniCredit Shareholders, both institutional or non-, and/or any related proxy advisor, made available on the corporate website within the UniCredit Corporate Bodies and Committees Regulation (Annex E). In particular, dialogue with Shareholders and/or any related proxy advisor is conducted by (i) the Chair of the Board of Directors, in agreement with the Chief Executive Officer, if related to strategic corporate governance topics or to the functioning of the Board of Directors; (ii) the Chief Executive Officer, in agreement with the Chair of the Board, if related to strategic business topics or to the bank's management. Committee Chairs may directly maintain the meetings only for specific requests falling under the Board Committee's competencies, and on previous agreement with the Chair of the Board. The Chair and the Chief Executive Officer ensure a timely information flows to the Board of Directors on the developments and the main aspects of the dialogue with Shareholders.

With reference to the independence assessment process, in abidance with the assessment criteria identified by the Company for an overall evaluation of both objective and subjective aspects, since several years UniCredit deploys a structured process for gathering and analysing the information on the existence of direct or indirect relationships (credit, business/professional and employee relationships, as well as significant offices held) that Directors and their other connected subjects may have with UniCredit and Group companies. The above-mentioned criteria are taken into due consideration in assessing the independence of the Chair, designated to said role and qualified as independent candidate – pursuant to the Italian Corporate Governance Code and the TUF – within the list presented by the Board of Directors. Both criteria and the result of the assessment process, also with an individual focus, are disclosed to the market, among others, via the annual corporate governance report together with the Board of Statutory Auditors' outcomes on the proper application of both assessment criteria and procedures.

Concerning the provision of pre-meetings information to the Board, it should be noted that, via an ad hoc amendment to the Corporate Bodies and Committees' Regulation, UniCredit adopted an approach in line with the best practices, for which information is provided at least three working days prior to meetings with the possibility of waiving this requirement only in the event of emergencies. Therefore, the issue of confidentiality is managed by adopting adequate procedures which allow to track the access and prevent the risk of accidental disclosure, without compromising information completeness and usability. Furthermore, in specific cases, should it not be possible to comply with the necessary information flow pursuant to the above provided terms, the Chair ensured that in-depth research was carried out during the Board meetings.

Regarding the appointment and succession process for the members of the board of directors, it should be noted that this recommendation is not specifically addressed to UniCredit, as the Company qualifies as "large company". However, according to both regulations and recommendations of the Supervisory Authority and the Italian Corporate Governance Committee, for the appointment or replacement of directors, the Board of Directors:

(i) establishes its qualitative and quantitative composition deemed to be optimal for the effective fulfilment of the duties entrusted to the body by law, by the Supervisory Provisions and by the UniCredit Articles of Association, considering the result of the recurring self-assessment process focused on the adequacy of the Board and its Committees in terms of composition and functioning;
(ii) informs Shareholders about such composition in order for them to select candidates taking into consideration the expertise required.

It goes without saying that Shareholders may carry out their own assessment of the Board's optimal composition, and file candidacies consistent with that assessment, giving their reasons for any difference vis-à-vis the analyses carried out by the Board itself.

With reference to the measures adopted to promote equal opportunities and treatment between genders, UniCredit has recently issued the Diversity, Equity, and Inclusion Global Policy to further enhance the inclusion of such key principles within the whole organisation and in every moment of its employees' journey, from recruiting and onboarding, to learning and development, performance management and compensation. Furthermore, a dedicated monitoring process including relevant metrics and KPIs in the gender diversity dashboard is in place and relevant data, commitments and initiatives are disclosed within the yearly Group Integrated Report.

Lastly, with reference to the suitability of the remuneration policies and, in particular, the consistency of the parameters used for defining the variable compensation with the strategic business objectives and the pursuit of sustainable success, as well as the prior determination of the remuneration parameters linked to social and environmental target, it should be noted that no critical elements emerged, considering that UniCredit's remuneration and incentive systems are already compliant with the recommendations from the Italian Corporate Governance Committee.

In view of the above, overall no criticalities emerged with reference to the areas of improvement highlighted in the letter of the Italian Corporate Governance Committee, considering the good quality of the UniCredit corporate governance that is already compliant with the recommendations outlined in the letter and thus in the new Code. Nonetheless, there could be still room for improvement regarding the timeliness of the information flows to Directors prior to the meetings.

Issuer profile

The Report on corporate governance and ownership structure

On an annual basis, UniCredit draws up this Report for its Shareholders, institutional and non-institutional investors, and the market. The Report conveys appropriate information about the UniCredit corporate governance system.

Consistently with applicable legal and regulatory obligations, and in line with the Code's provisions, in its version as approved as at January 2020, this UniCredit Report on corporate governance and ownership structure was drafted in accordance with Section 123-bis of the TUF.

The Report approved by the Company's Board of Directors at its March 8, 2022, meeting is disclosed at the same time as the Report on Operations via the UniCredit website ¹ and on the website of the authorised "eMarket STORAGE" storage mechanism managed by Spafid Connect S.p.A. ().

Unless expressly specified otherwise, the information contained in this Report refers to the date of December 31, 2021.

The Report was submitted to independent audit firm Deloitte & Touche S.p.A. for its audit and its issue of an opinion on the consistency of certain specific information included in the Report itself with the financial statements, as well as their compliance with the legal provisions pursuant to Section 14, sub-section 2, letter e), of Legislative Decree no. 39/2010 (as last amended by Legislative Decree no. 135/2016) and Section 123-bis, sub-section 4, of the TUF. The results of the audit firm's activities are outlined in its reports attached to the 2021UniCredit individual and consolidated financial statements.

It should be noted that the Report on Operations in the Consolidated Reports and Accounts contains a section entitled "Corporate Governance", in which the UniCredit corporate governance system is briefly described.

It should further be noted that the Company also draws up the yearly Integrated Report, which constitutes a non-financial declaration to fulfil the obligations under Sections 3 and 4 of the Legislative Decree no. 254/2016, implementing in Italy the Directive 2014/95/EU of the European Parliament and the Council dated October 22, 2014, as well as the Report TCFD (Task force on Climate-related Financial Disclosures) 2.

Profile and structure

UniCredit S.p.A. is a company whose shares are listed on the Milan, Frankfurt and Warsaw regulated markets. As a bank, parent company of the UniCredit banking Group, pursuant to the provisions of Section 61 of the TUB, in addition to banking activities, it carries out guidance and coordination as well as control functions vis-à-vis its subsidiary banking, financial and instrumental companies which compose the

¹ The UniCredit website address where the Report on corporate governance and ownership structure is available is: https://www.unicreditgroup.eu/en/governance/our-governance-system.html

²The UniCredit website address where the Company's Integrated Report and the Report TCFS are available is: https://www.unicreditgroup.eu/en/a-sustainable-bank/sustainability-reporting.html

banking Group. UniCredit also carries out governance and coordination activities pursuant to Article 2497 and following of the Italian Civil Code with reference to Italian subsidiaries belonging to the UniCredit Group, directly and indirectly controlled by the same.

The Company is not subject to guidance and coordination by other legal entities.

The UniCredit organisation³ reflects an organisational and business model which maintains a divisional structure for the governance of business/products, as well as global control over Digital and Operation area functions, while ensuring the autonomy of countries/local banks on specific activities in order to ensure increased proximity to the client and more efficient decision-making processes.

Shareholder structure

As at December 31, 2021, UniCredit share capital amounted to Euro 21,133,469,082.48, divided into 2,226,129,520 ordinary shares of no nominal value. The shares are issued in a dematerialised form, and are indivisible as well as freely transferable.

At the same date, Shareholders were about 270,000; 86.06% of its ordinary share capital was owned by legal persons, and the remaining 13.94% by physical persons. UniCredit's Shareholders' composition is the result of analyses conducted on data deriving from the contents of the Shareholders' Register.

The representation provided by the Shareholders' Register is the best estimate of the composition of UniCredit's Shareholders base; however, its updating procedures are not such as to ensure that the composition represented corresponds to the actual Shareholder base at any given time.

Corporate governance model

UniCredit has adopted a so-called "traditional" management and control system based on the existence of two corporate bodies appointed by the Shareholders' Meeting: a Board of Directors, which is in charge of the strategic supervision and management of the Company, and a Board of Statutory Auditors, which is responsible for the supervision of management. In accordance with current provisions, legal accounting supervision is entrusted by the Shareholders' Meeting to an external audit firm, on proposal of the Board of Statutory Auditors.

UniCredit believes that this governance model has proven to be suitable for managing the business efficiently, while ensuring effective controls. That is, it creates the conditions for the Company to be able to guarantee the sound and prudent management of a complex and global banking group like the UniCredit Group.

³ The UniCredit website address where the Company's organisation structure is available is: https://www.unicreditgroup.eu/en/unicredit-at-a-glance/organizational-structure.html

Traditional system

Issuer profile

Shareholders' Meeting

The Shareholders' Meeting is empowered to resolve both in ordinary and extraordinary session, albeit with different constitutive and resolving quorum depending on the specific topics on the Agenda.

In particular, in its ordinary session, the Shareholders' Meeting approves the financial statements, the resolution on allocation of net profits, the appointment of Directors and Statutory Auditors, and the assignment of the mandate for external auditing to an audit firm, resolving on the connected fees. Furthermore, it resolves on the remuneration and incentive policies and practices provided for under current provisions, and on criteria to determine compensation to be granted in the event of early termination of employment or early retirement from office.

In extraordinary session, the Shareholders' Meeting is empowered to resolve on amendments to the Articles of Association and on transactions of an extraordinary nature such as increases in share capital, mergers and de-mergers.

Those entitled to attend the Shareholders' Meeting are the holders of voting rights about whom the Company has received notification from the broker holding their accounts by the deadline stated under current provisions (i.e., the "record date", which is seven market trading days prior to the date set for the Shareholders' Meeting).

For more information on the Shareholders' Meeting, please see Section no. 3

Board of Directors

The UniCredit Board of Directors may be comprised of between a minimum of nine and to a maximum of twenty-four members. As at March 8, 2022, the number of Directors is thirteen, and their term of office will expire on the date of the Shareholders' Meeting called upon to approve the 2023 financial statements.

Ordinary Shareholders' Meeting

Extraordinary Shareholders' Meeting

Record date

Number of members

At the date of the Report's approval, 46% of the Board members are Directors from the
less-represented gender, and the 38% of them come from countries other than Italy.

Board members shall be appointed on the basis of a proportional representation mechanism ("voto di lista"). Legitimate parties entitled to submit slates are the Board of Directors and shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at an ordinary Shareholders' Meetings.

The UniCredit Articles of Association envisage that, regardless of the total number of Board members, two Directors shall be appointed from the second slate receiving the highest votes, without any connection with the Shareholders who, jointly or severally, filed or voted for the slate that came first by number of votes, to ensure that the minority Shareholders has a greater presence on the Board of Directors.

In the appointment process, Shareholders are invited to take into account the qualitative and quantitative composition that the Board has deemed to be optimal for the effective fulfilment of the duties and responsibilities entrusted to the body with supervisory functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association, according to current provisions applicable on such topics also as concerning time commitments and the limits upon the maximum number of offices UniCredit Directors may hold.

Board members comply with the professional experience, integrity and independence requirements envisaged under current provisions, also of a regulatory nature, and under the Articles of Association.

Pursuant to the provisions of the Articles of Association, the Board of Directors has appointed a Chief Executive Officer, to whom it has entrusted the management of the Company within the terms and limits set by the Board itself.

The Board of Directors' function and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation⁴.

For more information on the Board of Directors, please see Section no. 4

Board Committees

Also in line with the provisions of the Corporate Governance Code, the Board of Directors has established five Committees, vested with research, advisory and proposal-making powers diversified by sector of competence: Internal Controls & Risks Committee, Corporate Governance & Nomination Committee, ESG Committee, Remuneration Committee and Related-Parties Committee. Their duties are undertaken based on terms of reference and procedures set forth by the Board.

The Board Committees' composition, functioning and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation.

Gender diversity

Appointment process

Qualitative and quantitative composition

Requirements

CEO

⁴ The UniCredit website address where the Corporate Bodies and Committees Regulation is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies.html

Issuer profile

For more information on the Board Committees, please see Section no. 5

Board of Statutory Auditors

Pursuant to the UniCredit Articles of Association, the ordinary Shareholders' Meeting appoints five permanent Statutory Auditors, among whom the Chair, and four substitute Statutory Auditors. As at March 8, 2022, the Board of Statutory Auditors is comprised of five permanent members. Their term of office expires on the date of the Shareholders' Meeting called to approve the 2021 financial statements (convened on April 8, 2022).

At the date of the Report's approval, 40% of the Board of Statutory Auditors members are Auditors from the less-represented gender.

Board of Statutory Auditors' members shall be appointed on the basis of a proportional representation mechanism ("voto di lista"). The legitimate parties entitled to submit slates are shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at an ordinary Shareholders' Meetings.

The UniCredit Articles of Association establish that two permanent Statutory Auditors and two substitute Statutory Auditors shall be appointed by minorities. The Chair of the Board of Statutory Auditors shall be appointed by the Shareholders' Meeting among the Auditors elected by the minority.

In the appointment process, Shareholders are invited to take into account the qualitative and quantitative composition that the Board of Statutory Auditors has deemed to be optimal for the effective fulfilment of the duties entrusted to body with control functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association, according to current provisions.

The members of Board of Statutory Auditors in office are enrolled with the Italian Legal Auditors Register and meet the professional experience, integrity and independence requirements envisaged under current laws and regulatory provisions.

The Board of Statutory Auditors' functioning and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation.

For more information on the Board of Statutory Auditors, please see Sections nos. 10 and 11

Diversity Policies

The Board of Directors' composition ensures the gender balance envisaged under the applicable provisions.

In the run-up of the Board of Directors' renewal for the 2021-2023 financial years, the outgoing Board of Directors made available to Company's Shareholders a theoretical profile for the Directors in order to facilitate the best choice of candidates to be presented to the 2021 Shareholders' Meeting. More in detail, in the theoretical profile Auditors' appointment

Gender diversity

Auditors appointed by minorities

Qualitative and quantitative composition

Requirements

specific recommendations were formulated to ensure a balanced composition of knowledge, skills and experience and promoting inclusion and diversity across age, gender and geographic areas, as well as adequately reflecting UniCredit's status as Italy's only G-SIB (Global Systemically Important Bank).

When formulating its recommendations on the composition of the Board of Directors and its Committees, UniCredit recommended that its Shareholders filed slates of candidates in which at least two-fifths of candidates were drawn from the leastrepresented gender, in line with the relevant provisions.

It should be noted that UniCredit already recommended that its Shareholders abided by the above provisions on gender balance in its 2015 and 2018 qualitativequantitative profiles.

On the topic of diversity, when formulating its recommendations for the renewal of the Board of Directors for the 2021-2023 financial years, UniCredit reiterated the relevance of the following factors: (i) the international nature of the UniCredit Group, which suggests that proper consideration should be given to the presence of Directors with an international training and professional experience (regardless of nationality), (ii) the presence of members having knowledge, skills and technical experience that also allow them to understand the activities and main risks to which the UniCredit Group is exposed as well as (iii) different age of the members of the body. Furthermore, some areas of competence have been selected, with the recommendation that candidates preferably possess two or more of them.

Compliance with the diversity composition requirements identified in the 2021 qualitative-quantitative profile was checked by the Board at the end of the Directors' appointment process. Directors' personal qualities and gender diversity (the female component is above the quota established under the applicable provisions) fully comply with the principles set in the theoretical profile. Furthermore, with reference to professional expertise accrued in the areas of competence envisaged under the profile, all of the areas of competence were represented in the Board and the experience gained by all Directors is in line with the requirements provided for under the profile, considering that they possess good understanding of and experience in more than two of the required areas of competence.

The Board of Statutory Auditors' composition ensures the gender balance envisaged under the applicable provisions. Compliance with this requirement was achieved both during the appointment process of the body, and in the event of other changes to its composition.

In the run-up to the Board of Statutory Auditors' renewal for the 2019-2021 financial years, even though there was no specific provision requiring the identification of the qualitative and quantitative composition deemed to be optimal also for the control body, in accordance with the outgoing Board of Statutory Auditors, the UniCredit Board of Directors made available to Company's Shareholders a theoretical profile for the Statutory Auditors in order to facilitate the best choice of candidates to be presented to the 2019 Shareholders' Meeting.

When formulating its recommendations on the composition of the Board of Statutory Auditors, UniCredit recommended that its Shareholders filed slates of candidates made up in order to ensure the presence of the quota of its members from the leastrepresented gender established under the applicable provisions. Furthermore, on the

Directors' gender

Training, professional experience, age

Auditors' gender

Training, professional experience, age

Issuer profile

topic of diversity, when formulating the above-mentioned recommendations UniCredit, inter alia, took the following factors into account: (i) the presence of Auditors with a balanced mix of training and professional experience, (ii) the presence of members having knowledge, skills and experience to enable the control body to understand the activities and main risks to which the UniCredit Group is exposed, as well as (iii) different age of the members of the body. Furthermore, some areas of competence were selected, with the recommendation that candidates preferably possess two or more of them.

Compliance with the diversity composition requirements stated in the theoretical profile was checked by the Board of Directors and the Board of Statutory Auditors at the end of the Statutory Auditors' appointment process. The Statutory Auditors' personal qualities and gender diversity comply with the principles set in the theoretical profile. The body's composition ensures a balanced mix of profiles and experiences (legal auditing of accounts, control activities in the banking sector and/or at listed companies; professional activities in fields relating to the banking, financial and securities industries; teaching, at university level, on subjects in the field of banking operations, business economics, accountancy, and management of securities markets); all Statutory Auditors possess more than three of the areas of competence envisaged under the profile.

In the run-up to the Board of Statutory Auditors' renewal for the 2022-2024 financial years, the outgoing Board of Statutory Auditors, on February 21, 2022, made available to Company's Shareholders a new theoretical profile for the Statutory Auditors in order to facilitate the best choice of candidates to be presented to the 2022 Shareholders' Meeting. More in detail, in the theoretical profile specific recommendations were formulated to ensure a balanced composition of profiles and experiences and further promoting the diversity characteristics, in particular with regards to training, professional experience, gender diversity and age.

Moreover, it should be noted that in UniCredit there is an active and permanent induction program for the Board members, also to the benefit of the Board of Statutory Auditors members, consisting, inter alia, of recurring trainings sessions to preserve over time the expertise needed for the proper fulfilment of their duties.

With reference to the measures adopted by the Company to promote equal opportunities and treatment between genders within the whole organisation, it should be highlighted that at UniCredit, Diversity, Equity, and Inclusion (DE&I) are key tenets to be fulfilled in every key moment of its' employees' journey, from recruiting and onboarding, to learning and development, performance management and compensation. Through the Diversity, Equity, and Inclusion Global Policy, UniCredit further enhances inclusion within the whole organisation, to ensure that procedures, policies and practices promote such principles and nurture a supportive environment where individual differences are valued.

Moreover, UniCredit is committed to promote gender parity across all organisational levels and to ensure equal pay for equal work, providing equal opportunities and fair treatment.

UniCredit is accountable for the Diversity, Equity, and Inclusion progress, setting up a monitoring process that includes relevant DE&I metrics and KPIs in the gender diversity dashboard. UniCredit also makes available, both internally and externally, relevant data, commitments and initiatives leveraging on the Group Integrated Report.

Gender at UniCredit

* * *

For further information on the UniCredit corporate governance structure, in addition to the specific Sections contained in this Report, please see the Company's website where such information is available alongside information of an economic and financial nature, data, and documents of interest to Shareholders in general.

Information on the ownership structure

2.1 Share capital structure

As at December 31, 2020, the UniCredit fully subscribed and paid-in share capital amounted to Euro 21,133,469,082.48, divided into 2,226,129,520 ordinary shares of no nominal value.

UniCredit shares are listed on the Milan, Frankfurt and Warsaw regulated markets, respectively on Borsa Italiana S.p.A. (Euronext Milan), on the Frankfurt Stock Exchange and on the Warsaw Stock Exchange. The shares traded on the aforesaid markets have the same characteristics and offer the same rights.

No other types of shares, equity instruments or convertible or exchangeable bonds have been issued.

As at March 8, 2022, the UniCredit fully subscribed and paid-in share capital amounts to Euro 21,133,469,082.48, divided into 2,177,593,299 ordinary shares of no nominal value, following the cancellation of treasury shares carried out on March 2, 2022, without reduction of the share capital.

Rights and obligations

Each ordinary share entitles holders to the right to cast one vote at ordinary and extraordinary Shareholders' Meetings. Shares give holders all the administrative and economic rights and obligations envisaged by law.

No stocks granting special controlling rights or special powers have been issued.

Other financial instruments granting the right to subscribe new shares

At the approval date of this Report, there are no financial instruments granting the right to subscribe new shares linked to incentive systems.

It should further be noted that with regard to the capital increase approved by the Extraordinary Shareholders' Meeting of UniCredit S.p.A. on November 14, 2008, no. 967,564,061 ordinary shares, subscribed by Mediobanca - Banca di Credito Finanziario S.p.A. pursuant to the guarantee agreement executed with UniCredit S.p.A. were used to service the issue of and underlie Convertible and Subordinated Hybrid Equity-linked Securities ("Cashes") financial instruments. These Cashes were subscribed in full by institutional investors. Mediobanca gave the right of usufruct over such shares to UniCredit, maintaining bare ownership ("nuda proprietà") of the shares. As a result of reversesplit transactions on these shares conducted in December 2011 and January 2017, at the date of the Report's approval the number of the aforesaid ordinary shares is equal to 9,675,640.

2.2 Restrictions on stock transfers

At the date of the Report's approval, there are no restrictions on stock transfers, taking into account the 9,675,640 shares used to service the Cashes of which Mediobanca holds bare ownership (see the previous section on Share capital structure).

2.3 Relevant equity holdings

On the basis of the communications received in accordance with Section 120 of the TUF, direct and indirect relevant equity holdings as at December 31, 2021, registered on the Shareholders Register are stated below.

The Shareholders listed below hold more than 3%, and do not qualify for disclosure exemptions (as provided under Section 119/bis of CONSOB Rule no. 11971/99).

Declarant	% of ordinary Direct Shareholder		% of voting capital
Capital Research and Management Company		6.287%	6.287%
	EuroPacific Growth Fund	5.130%	5.130%
BlackRock Group		5.162%	5.162%
	BlackRock Fund Advisors	1.418%	1.418%
	BlackRock Institutional Trust Company, National Association	1.354%	1.354%
	BlackRock Advisors (UK) Ltd	0.821%	0.821%
	BlackRock Asset Management Deutschland Ag	0.677%	0.677%
	BlackRock Investment Management (UK) Ltd	0.334%	0.334%
	BlackRock Investment Management, Llc	0.246%	0.246%
	BlackRock Advisors, Llc	0.106%	0.106%
	BlackRock Asset Management Canada Ltd	0.072%	0.072%
	BlackRock Japan Co. Ltd	0.055%	0.055%
	BlackRock Investment Management (Australia) Ltd	0.043%	0.043%
	BlackRock Financial Management, Inc.	0.032%	0.032%
	BlackRock Asset Management North Asia Ltd	0.003%	0.,003%
	Aperio Group Llc	0.002%	0.002%
	Blackrock (Singapore) Ltd	0.000%	0.000%
	Blackrock International Limited	0.000%	0.000%
Allianz SE Group		3.128%	3.128%
	Allianz Finance II Luxembourg S.a.r.l.	3.023%	3.023%
	Allianz S.p.A.	0.087%	0.087%
	Allianz Lebensverischerungs Ag	0.007%	0.007%
	Investitori Società di Gestione del Risparmio Società per Azioni	0.007%	0.007%
	Allianz Life Luxembourg Sa	0.002%	0.002%
	Allianz Benelux Sa	0.001%	0.001%

Information on the ownership structure

Allianz Vie	0.000%	0.000%

Below, a table indicating the relevant equity holdings in share capital as resulting following the cancellation of treasury shares carried out on March 2, 2022, without reduction of the share capital, as a result of the conclusion of the second 2021 Buy-Back program resolved by the April 15, 2021 Shareholders' Meeting .

Declarant Direct Shareholder		% of ordinary capital	% of voting capital
Capital Research and Management Company		6.427%	6.427%
	EuroPacific Growth Fund	5.245%	5.245%
BlackRock Group		5.277%	5.277%
	BlackRock Fund Advisors	1.449%	1.449%
	BlackRock Institutional Trust Company, National Association	1.384%	1.384%
	BlackRock Advisors (UK) Ltd	0.839%	0.839%
	BlackRock Asset Management Deutschland Ag	0.692%	0.692%
	BlackRock Investment Management (UK) Ltd	0.341%	0.341%
	BlackRock Investment Management, Llc	0.251%	0.251%
	BlackRock Advisors, Llc	0.108%	0.108%
	BlackRock Asset Management Canada Ltd	0.074%	0.074%
	BlackRock Japan Co. Ltd	0.057%	0.057%
	BlackRock Investment Management (Australia) Ltd	0.044%	0.044%
	BlackRock Financial Management, Inc.	0.032%	0.032%
	BlackRock Asset Management North Asia Ltd	0.003%	0.,003%
	Aperio Group Llc	0.002%	0.002%
	Blackrock (Singapore) Ltd	0.000%	0.000%
	Blackrock International Limited	0.000%	0.000%
Allianz SE Group		3.197%	3.197%
	Allianz Finance II Luxembourg S.a.r.l.	3.090%	3.090%
	Allianz S.p.A.	0.089%	0.089%
	Investitori Società di Gestione del Risparmio Società per Azioni	0.008%	0.008%

Allianz Lebensverischerungs Ag	0.007%	0.007%
Allianz Life Luxembourg Sa	0.002%	0.002%
Allianz Benelux Sa	0.001%	0.001%
Allianz Vie	0.000%	0.000%

There is no employee equity holding system in place whereby voting rights may be exercised by employee representatives.

2.4 Restrictions on voting rights

At the date of the Report's approval, there is no limitation on the exercise of voting rights.

At the date of the Report's approval, the voting rights of the 9,675,640 UniCredit shares subscribed by Mediobanca pursuant to the guarantee agreement executed with UniCredit S.p.A. and used to service the Cashes, in relation to which the aforementioned party granted a usufruct right to UniCredit, do not have voting rights (see the previous section on Share capital structure).

The Company knows of no Shareholders' agreements among relevant Shareholders as defined by Section 122 of the TUF.

2.5 Changes to control clauses and by-laws provisions on public purchase offers

UniCredit S.p.A. is not a Company controlled by any Shareholder or subject to any Shareholder agreement, as provided for under Italian law.

No UniCredit subsidiaries executed agreements that may be considered relevant pursuant to Section 123/bis of the TUF.

* * *

The UniCredit Articles of Association do not envisage exceptions to the provisions on the passivity rule envisaged under Section 104, sub-sections 1 and 1-bis, of the TUF.

The Articles of Association do not envisage the application of the counteracting rules envisaged under Section 104/bis, sub-sections 2 and 3, of the TUF.

2.6 Delegation of power to increase share capital and authorisations to purchase own shares

The Board of Directors was empowered by the Shareholders' Meeting to execute free share capital increases, with the exclusion of option rights, in order to service incentive plans for UniCredit Group employees (see Clause 6 of the Articles of Association). The Board of Directors was not granted any authority to issue other equity instruments.

The UniCredit Shareholders' Meeting held on April 11, 2019, resolved an authorisation to purchase and dispose of treasury shares so that, also taking into account market trends and the strategy the Company intends to pursue, the

Information on the ownership structure

Board could start the procedure aimed at achieving a revocation from trading of the UniCredit shares acquired on the Warsaw Stock Exchange and registered with the Polish National Depository of Securities, in accordance with the resolution taken on September 2017 concerning a strengthening of corporate governance. On October 11, 2020, such authorisation lapsed. UniCredit confirmed its intention to delist from Warsaw Stock Exchange. The timing of the procedure will be defined also based on macro-economic and market conditions and a new authorisation in favour of the Board of Directors to purchase and dispose of treasury shares was resolved by the Shareholders' Meeting convened on April 15, 2021.

The UniCredit Shareholders' Meeting held on April 15, 2021, also resolved (i) two authorisations to purchase treasury shares, subject to the ECB's authorisation, aimed at increasing remuneration in favour of Company's Shareholders (i.e., the 2021 Buy-Back programmes) and (ii) the cancellation of the treasury shares that will be purchased under the above authorisation as well as the additional ones already held in the portfolio by UniCredit with no reduction in the share capital. As at December 31, 2021, only the first 2021 Buy-Back programme was concluded; as of the approval date of this Report, the second 2021 Buy-Back programme has also been concluded.

At the end of the financial year to which this Report refers, the number of treasury shares held was equal to 15,048,642, as a consequence of the execution of the second 2021 Buy-Back programme. As of the approval date of this Report, UniCredit does not hold treasury shares as, on March 2, 2022, in execution of the resolution passed by the April 15, 2021 Shareholders' Meeting, the Company cancelled all the shares purchased in execution of the second 2021 Buy-Back programme.

Shareholders' Meetings

In compliance with the current provisions, the UniCredit Articles of Association envisage that the ordinary Shareholders' Meeting is convened at least once a year, within 180 days of the end of the financial year, in order to resolve upon the issues for which it is responsible pursuant to current laws and the Articles of Association. An extraordinary Shareholders' Meeting is convened, instead, whenever it is necessary to resolve upon any of the matters that are exclusively attributed to its jurisdiction by current laws.

Shareholders' Meetings are held on single call, in accordance with the provisions of law. However, in order to maintain adequate organisational flexibility, the Articles of Association retain the option for the Board to issue more than one call for single meetings.

In accordance with legal and regulatory requirements, Shareholders' Meetings are convened via a notice published on the Company's website, as well as through other channels provided for under prevailing laws and regulatory provisions, including publication in daily newspapers in extract form. The Agenda of the Shareholders' Meeting is established in accordance with legal requirements and the Articles of Association by whomever exercises the power to call a Meeting.

By the deadline for publication of the Shareholders' Meeting call of notice provided for each item on the Agenda – or by any other deadlines envisaged under other legal provisions – the Board of Directors shall make publicly available a report on each of the items on the Agenda.

The right to ask for the integration of the Agenda may, according to the cases, methods and terms outlined in the current provisions, be exercised by Shareholders who individually or jointly represent at least 0.50% of share capital. Shareholders requesting additions to the Agenda shall prepare a report stating the reason for their resolution proposals on the new matters they propose for discussion. Shareholders may also submit further resolution proposals on items already on the Agenda, stating the reasons thereof.

The Shareholders' Meeting shall take place at the Company's Registered Office in Milan or at another location in Italy, as indicated in the Meeting call notice. The Meeting resolves with the majorities envisaged under current laws.

The Articles of Association do not provide for particular quorum. Relevant legal and regulatory provisions must be complied with in order for a Shareholders' Meeting and the resolutions it takes, to be valid.

In compliance with the provisions set forth in Article 2365 of the Italian Civil Code, Clause 23 of the Articles of Association grants the Board of Directors authority over resolutions on the following:

changes made to the Articles of Association to comply with legal requirements;
merger through incorporation of companies in situations envisaged under Articles 2505 and 2505-bis of the Italian Civil Code;
de-merger of companies in situations envisaged under Article 2506-ter of the Italian Civil Code;
the reduction of share capital in the event of a Shareholder withdrawing;
decisions on which Directors, in addition to those indicated in the Articles of Association, may represent the Company.

In compliance with the Articles of Association and pursuant to current provisions issued by Banca d'Italia concerning the remuneration and incentive policies and practices for banks and banking groups, in addition to establishing the compensation payable to the corporate bodies appointed by the Shareholders' Meeting, in its ordinary session the Shareholders' Meeting approves: (i) remuneration and incentive policies for members of the supervisory, management and controlling bodies, as well as for remaining employees; (ii) equity-based compensation schemes; (iii) the criteria for determining the compensation to be granted in the event of early termination of employment or early retirement from office including the limits set for said compensation in terms of number of years of fixed remuneration as well as the maximum amount deriving from their application. Furthermore, during approval of remuneration and incentive policies, the ordinary Shareholders' Meeting may exercise the faculty to determine a ratio of variable-to-fixed remuneration for employees higher than 1:1, but in any case not exceeding a ratio of 2:1. In

accordance with Section 123-ter of the TUF, the Shareholders' Meeting resolves on the Group Remuneration Policy and Report, explaining, inter alia, the Company's policy on the remuneration of Board of Directors members, the General Manager (when appointed), Executives with strategic responsibilities and, without prejudice to the provisions set forth by Article 2402 of the Italian Civil Code, Board of Statutory Auditors members, as well as the procedures used to adopt and implement this policy.

The Shareholders' Meeting is informed about the ways in which the Remuneration Committee may exercise its functions and on the activities it has carried out via the "Group Remuneration Policy and Report".

Legitimation, how to attend and voting rights

Pursuant to current provisions, the holders of voting rights from whom the Company has received notification through the broker holding their accounts by the deadline established by law are entitled to attend the Shareholders' Meeting. Shareholders who hold voting rights may arrange to be represented at the Shareholders' Meeting via proxy. Since 2011 UniCredit identifies for each Shareholders' Meeting a "Designated Proxy-Holder" to whom the holders of voting rights may grant a proxy inclusive of voting instructions regarding all, or some of, the items on the Agenda free of charge.

The UniCredit Articles of Association provide an option for voting rights holders to participate remotely at Shareholder's Meetings via means of telecommunications, and to exercise their voting rights using electronic methods, referring the decision to activate such instruments to the Board of Directors on a single meeting basis.

As a rule, all Directors attend the Shareholders' Meeting.

The Board reports to the Shareholders' Meeting on the activities performed and planned within the framework of the management report. Furthermore, it makes every effort to ensure adequate information on all relevant items so as to enable Shareholders to take informed decisions on matters within their sphere of competence, in particular by ensuring that Directors' Reports and any additional information has been made available within the time frame established by law and by regulatory provisions in force.

In order to minimize the risks associated with the ongoing Covid-19 emergency, UniCredit decided to make use of the right envisaged by the Decree-Law no. 18/2020 to provide that until the emergency situation continues to exist the Shareholders' attendance at the Shareholders' Meeting shall be made exclusively through the Company Designated Proxy Holder.

Information on the functioning of the Shareholders' Meeting and on the exercise of Shareholders' rights is available on the Company's website (https://www.unicreditgroup.eu/en/governance/shareholders.html).

Shareholders' Meetings conduct

Since 1998 the Shareholders' Meeting has adopted rules oriented towards ensuring the orderly and effective conduct of ordinary and extraordinary meetings. The Regulations governing general meetings, most recently approved in April 2018, are available online at the UniCredit S.p.A. website under the Governance/Shareholder Section⁵.

Clause 7 of the Regulations on general meetings states that those entitled to attend the Shareholders' Meeting are entitled to take the floor in respect of each of items presented for discussion. Shareholders intending to exercise this right must ask the Chair for permission, via the Notary or the Secretary, providing the Chair with a written request

⁵ The UniCredit website address where the Regulations governing general meetings are available is: http://www.unicreditgroup.eu/en/governance/shareholders.html

Shareholders' Meetings

containing details of the issue or the issues to which the request refers to, up until he declares discussions regarding the issue or the issues the request to take the floor refers to are closed. The Chair usually allows persons to take the floor as per the chronological order in which they have submitted their requests. The Chair may moreover authorise the submission of requests to take the floor by a show of hands.

* * *

In 2021, UniCredit's market capitalisation increased by ca. 10 billion, reaching 30.1 billion. In a positive trend for the European banking sector, UniCredit's stock price performance was +78.61%, overperforming (+43.27%) the sector benchmark (the performance of SX7P index, comprising the 600 largest banks in Europe, was +35.34% over the reference period).

As to changes that affected the Shareholder structure, during 2021, taking into account the threshold of market disclosure obligations that qualify as relevant shareholdings according to the TUF, Capital Research and Management Company and BlackRock Inc. stayed above the 5% threshold.

No proposals were put to the Shareholders' Meeting to amend the Articles of Association with regard to the percentages set for exercising rights and prerogatives to safeguard minorities.

Board of Directors

4.1 Appointment and replacement

In accordance with current legal and regulatory provisions, UniCredit Directors are appointed on the basis of a proportional representation mechanism ("voto di lista") in compliance with composition criteria concerning, among others, minority and independent Directors, and gender balance (for more on this, please see Clause 20 of the Articles of Association, available for consultation on the UniCredit website⁶).

The legitimate parties who are entitled to submit slates are the Board of Directors and Shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at the ordinary Shareholders' Meetings. Each party entitled to file a slate of candidates may submit or contribute to the submission of just one slate (including via proxies or trustee companies). Shareholders belonging to the same group or Shareholders who are parties to a Shareholders' agreement concerning UniCredit shares may not submit more than one slate (including via proxies or trustee companies). Candidates must be included in one slate only, under penalty of ineligibility.

The UniCredit Articles of Association envisage that, regardless of the total number of the Board members, two Directors shall be appointed from the second slate receiving the highest votes, without any connection with the Shareholders who, even jointly, filed, or voted for, the slate first by number of votes, to ensure to the minority Shareholders a greater presence on the Board of Directors.

In compliance with the provisions of Section 147-ter of the TUF, UniCredit established that slates of candidates for the position of Director should be filed at the Registered Office in Milan no later than the twenty-fifth day prior to the date of the Shareholders' Meeting called to resolve the appointment of members to the Board. Slates must be made publicly available at the Registered Office, on the Company's website and via other channels provided for under prevailing laws, at least twenty-one days prior to the date of the Shareholders' Meeting. As regards the minimum percentage of share capital needed to submit a slate, Clause 20, sub-section 6, of the Articles of Association specifies that the percentage must be equal to 0.5% of the share capital in the form of shares with voting rights at an ordinary Shareholders' Meetings, consistent with the minimum shareholding percentage established by CONSOB on the basis of the provisions of Section 147-ter of the TUF (Section 144-quater of the CONSOB Issuers' Rules). Ownership of the minimum number of shares required to file a slate is calculated with regard to the shares registered for each individual Shareholder, or for several Shareholders together, on the day on which the slates are filed with the Company.

Other than those set out under law, no particular rules apply to amending the Articles of Association.

In compliance with current provisions, the Board of Directors establishes its qualitative and quantitative composition deemed to be optimal for the effective fulfilment of the duties and responsibilities entrusted to the body with supervisory functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association. The Board also establishes requirements for UniCredit Directors to meet, in addition to the possession of requirements envisaged under current provisions.

⁶ The UniCredit website address where the Articles of Association are available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/articles-association-code-ethics.html

Before appointing new members, the Board shall inform Shareholders about the composition deemed to be optimal in order for choosing candidates, taking the expertise required into consideration. It goes without saying that Shareholders may carry out their own assessment of the optimal composition of the body with supervisory functions, and file candidacies consistent with that assessment, giving their reasons for any difference vis-à-vis the analyses carried out by the Board. The outcomes of the check on the matching between the qualitative and quantitative composition deemed to be optimal and the one resulting from the appointment process are disclosed to Shareholders, to allow them to take the proper measures, in due time before the first Shareholders' Meeting called for the approval of the financial statements following the renewal of the body or of the majority of its members.

With regard to the qualitative and quantitative composition of the Board of Directors and the profile necessary for candidates to the position of Director, and in particular the time commitment and limits upon the maximum number of offices Directors may hold, as well as the diversity composition criteria for the body with supervisory functions, reference is made to the document⁷ "Qualitative and Quantitative Composition of the UniCredit S.p.A. Board of Directors" - as most recently approved on March 3, 2021 - published on the Company's website, and in the information provided in Section 4.2 "Composition".

* * *

Based on the discussions that took place in the Corporate Governance, Nomination and Sustainability Committee (now called Corporate Governance & Nomination Committee), the Board of Directors approved over time some actions to improve UniCredit governance and to align it with best national and international practices, including, inter alia, significant changes to the Board's composition recommended to Shareholders, who decided on the composition of the Board. Such actions, in view of the 2021 renewal, included in particular:

a reduction in number from fifteen to thirteen Directors;
a maximum number of three mandates for Board members.

Furthermore, the Articles of Association was amended in order to:

also empower the outgoing Board of Directors, in the event of its renewal, with the faculty to file its own slate of candidates;
increase from one to two the number of Directors selected from the second slate having received the highest number of votes, without any connection with the Shareholders who, jointly or severally, filed, or voted for the slate first by number of votes, regardless of body composition.

On the topic, the procedure for identifying candidates for the posts on the Board of Directors, including the posts of Chair and the Chief Executive Officer, was approved by the Board⁸.

Succession plans

With reference to the recommendations in CONSOB Resolution no. DEM/11012984 dated February 24, 2011, and to the provisions of Article 4, recommendation 24, of the Italian Corporate Governance Code, please be informed that, since 2006, UniCredit has in place a structured process, aimed at managing and developing the leadership pipeline across the Group, called Executive Development Plan (EDP) and Succession Planning related to all Group Executives (approximately 2,400), including the Chief Executive Officer position.

⁷ The UniCredit website address where the "Qualitative and Quantitative Composition of the UniCredit S.p.A. Board of Directors" is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies/selection-and-composition.html

⁸ The UniCredit website address where the "Process for selecting candidates" approved by the Board of Directors is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies/selection-and-composition.html

Board of Directors

Process

Executive Development Plan and Succession Planning are integrated processes starting with individual appraisal and managerial appraisal, the latter followed by a number of calibrations at local and Group level, ultimately aiming at having a consistent Group view of each Executive.

Consolidated outcomes are presented in a plenary session with Group Executive Committee and the Head of the Group People & Culture function to the Chief Executive Officer to define career/succession plans for Executives holding top positions at Group level, as well as for key players in the positions below.

Timing wise, the update of the succession plans occurs on a yearly basis. At the end of each cycle, a results summary is discussed by the Committee specifically devoted to corporate governance (the Corporate Governance & Nomination Committee) and the Board of Directors, which looks more specifically at succession planning for the Group Management Team, which represents the key managerial positions.

During the year, the Corporate Governance & Nomination Committee regularly analyses the evolution of the succession planning, for Group Executives positions, and for the Chief Executive Officer and his first reporting line.

Moreover, Chief Executive Officer succession planning is reviewed on a periodical basis, with regular processes of internal and external scouting for potential successors identification. Outcomes of this processes are shared with the Corporate Governance & Nomination Committee and/or with the Chair of the Board of Directors.

Content

The Executive Development Plan and Succession Planning is based on the Group values and fosters Group Leaders growth, ensuring business continuity and sustainability through an identification of short- and medium-term successors for all key managerial positions.

In the event of early or unforeseen replacement of Executives, including the CEO, the Executive Development Plan and Succession Planning's results serve as the reference point for decisions on new appointments and evaluation of possible candidates.

4.2 Composition

Pursuant to the Articles of Association, the UniCredit Board of Directors may be comprised of between a minimum of nine up to a maximum of twenty-four members. As at March 8, 2022, the number of Directors is thirteen.

Directors' term in office is three financial years, unless a shorter term is established at such time as they are appointed, and ends on the date of the Shareholders' Meeting called to approve the financial statements relating to the last year in which they are in office.

The ordinary Shareholders' Meeting held on April 15, 2021, appointed Directors for financial years 2021-2023, whose term runs until the date of the Shareholders' Meeting called to approve the 2023 financial statements.

According to Clause 20 of the Articles of Association and pursuant to applicable laws and regulations, the Board submitted a proposal to the April 2021 ordinary Shareholders' Meeting to establish the number of Directors and appoint them. In such circumstance, the Board recommended that when submitting slates of candidates Shareholders should take into account the document on the Board of Directors' qualitative and quantitative composition deemed to be optimal for the effective fulfilment of its duties and responsibilities, as approved by the Board in March 2021.

As expressly provided for in the Articles of Association, with reference to the faculty held by the Board of Directors to submit its own slate of candidates, on March 3, 2021, the outgoing Board unanimously approved its own slate of candidates to the post of Director. In execution of its March 2021 resolutions, the Board submitted a proposal to the Shareholders' Meeting to set the number of the Board of Directors' members at thirteen, including one Chair and one Deputy Vice Chair. Slate candidates were chosen via the procedure for identifying candidates approved by the Board. The criteria adopted for issuing this slate complied with the requirements highlighted in the qualitative and quantitative profile approved by the Board.

Board of Directors

Two slates were submitted, filed and published according to the deadline and in the terms provided for under current provisions and the Articles of Association, specifically:

Slate no. 1 was submitted by the outgoing Board of Directors:
Mr. Pietro Carlo Padoan (designated as Chairman), Mr. Andrea Orcel (designated as Chief Executive Officer), Mr. Lamberto Andreotti, Ms. Elena Carletti, Ms. Jayne-Anne Gadhia, Mr. Jeffrey Alan Hedberg, Ms. Beatriz Ángela Lara Bartolomé, Mr. Luca Molinari, Ms. Maria Pierdicchi, Ms. Renate Wagner and Mr. Alexander Wolfgring;
Slate no. 2 was submitted by several Funds, with an overall shareholding equal to 1.55% of the share capital: Ms. Francesca Tondi and Mr. Vincenzo Cariello.

In addition to the above slates, the following documentation was submitted and published in accordance with prescribed deadlines and procedures:

the statement of Shareholders, others than those who, also jointly, hold a controlling or relative majority shareholding, stating that there is no connection with the latter, even indirectly, pursuant to Section 144 quinquies of CONSOB Issuers' Rules, taking into account the recommendations issued by CONSOB in Communication no. DEM/9017893, dated February 26, 2009;
an exhaustive information on the personal and professional characteristics of the candidates indicated on the slate (such as: curriculum vitae and a list of the supervisory, managerial and controlling offices held in banks and other commercial companies);
the statements where each candidate accepting the position (subject to their appointment) and attesting, under their own responsibility, that for no reason is their candidacy liable to ineligibility, forfeiture or incompatibility, and that they meet the requirements established under the current provisions, also of a regulatory nature;
the statements by each candidate concerning their fulfilment or not of the independence requirements pursuant to Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020, Section 148 of the TUF, the UniCredit Articles of Association and the Italian Corporate Governance Code as well as information on knowledges and expertise gained in the areas covered by the theoretical profile.

Information on the personal and professional characteristics of each candidate, as shown in their curriculum vitae, statements envisaged under current law and the UniCredit Articles of Association as well as those provided for in the theoretical profile, and, more specifically, statements certifying their compliance or otherwise with the independence requirements prescribed by law and in the Italian Corporate Governance Code, may be found on the UniCredit website (https://www.unicreditgroup.eu/en/governance/shareholders.html). In particular, when submitting their candidacies Mr. Andreotti, Mr. Cariello, Ms. Carletti, Ms. Gadhia, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Ms. Pierdicchi, Ms. Tondi and Mr. Wolfgring declared their independence pursuant to the Decree, the TUF, the Articles of Association and the Italian Corporate Governance Code. Mr. Padoan declared his independence pursuant to the TUF, the Articles of Association and the Italian Corporate Governance Code and Ms. Wagner declared her independence pursuant to the Decree and the TUF.

The Shareholders' Meeting held on April 15, 2021, after resolving that the members of the Board of Directors should in total be thirteen as proposed by the outgoing Board, appointed the following Directors for the financial years 2021 – 2023:

Mr. Pietro Carlo Padoan, Mr. Andrea Orcel, Mr. Lamberto Andreotti, Ms. Elena Carletti, Ms. Jayne-Anne Gadhia, Mr. Jeffrey Alan Hedberg, Ms. Beatriz Ángela Lara Bartolomé, Mr. Luca Molinari, Ms. Maria Pierdicchi, Ms. Renate Wagner and Mr. Alexander Wolfgring were appointed from Slate no. 1, obtaining the relative majority of the Shareholders' votes;
Ms. Francesca Tondi and Mr. Vincenzo Cariello were appointed from Slate no. 2, voted for by the minority of the Shareholders.

In April 2021, Mr. Gianpaolo Alessandro, General Counsel of the UniCredit Group, was confirmed as Board Secretary.

The Board composition resulting from the appointment process was:

quantitatively corresponding to that identified as optimal by the Board itself. The Board had determined in thirteen, the quantitative composition deemed to be optimal and the Shareholders, who are in charge to decide on the matter, agreed on such proposal, which was consequently approved by the Shareholders' Meeting;
qualitatively corresponding to the theoretical profile established by the Board, as well as suitable pursuant to the ECB "Guide to fit & proper assessment".

More specifically, also taking into consideration information provided by the person concerned, compliance was achieved vis-à-vis requirements concerning experience, competence, integrity, fairness and independence, the requirements of independence of mind, also considering the specific mitigation measures identified, as well as the adequate time to perform their duties (the time commitment recommended for an effective attendance at the Board and Committees meetings and limits upon the maximum number of offices a Director may hold⁹ established under the applicable provisions).

With reference to the time commitment recommended for effective attendance at Board and Committees meetings, all Directors, inter alia, declared their ability to commit sufficient time to duly perform their functions. The commitments Directors declared were deemed to be compatible with the commitment required to conduct their duties at UniCredit, including sitting on Board Committees, where applicable.

Furthermore, with reference to professional expertise accrued in areas of competence envisaged under the theoretical profile [i.e., banking business, banking governance, risk and control, legal and regulatory, strategic planning, accounting & audit, financial and international markets, digital and technology and sustainability (ESG)], all of these areas were represented on the Board. Considering that, in addition to their international experience, they possess a good understanding of and experience in more than two areas of competence envisaged in the qualitative and quantitative profile, the experience gained by all Directors is in line with the requirements identified in the profile.

Regarding the "collective suitability", the personal qualities of Directors, as well as age and gender diversity, fully comply with the applicable provisions and the indications of the Board theoretical profile. In particular:

the gender diversity fully complies with the applicable provisions (the female component is equal to 46%, above the composition criterion for the less represented gender set forth by the provisions equal to at least two-fifths of the appointed Directors);
all Directors have international experience and almost all Directors have competencies in financial and international markets;
85% of the Directors has expertise in strategic planning;
77% of the Directors has expertise in sustainability (ESG);
69% of the Directors has expertise in banking business and in legal and regulatory;
more than 60% of the Directors has expertise in banking governance, risk and control, accounting and audit, while 38% of the Directors covers the digital and technological area;
on average, the Directors possess seven of the areas of competence identified by the Board.

The outcomes of the check on the matching between the qualitative and quantitative composition deemed to be optimal and the one resulting from the appointment process were disclosed to Shareholders via a press release (on February 15, 2022), to allow them to take the proper measures, in due time before the April 8, 2022, Shareholders' Meeting, the first Shareholders' Meeting called for the approval of the financial statements following the renewal of the body.

The following chart shows the Board of Directors' composition as at the date of the Report's approval, and any changes that occurred during the 2021 financial year.

⁹ See the following section on the "Maximum number of offices held at other companies"

Board of Directors

Position	Members		In office	Slate (M/m) *	Executive	Non-executive	Independent as per Code	Independent as per TUB	Independent as per TUF	attendance % ** Board meetings	Number of other positions
		since	until								***
Chairman	Padoan Pietro Carlo	15-04-2021	Approval of 2023 financial statements	M		X	X		X	100	--
Deputy Vice Chairman	Andreotti Lamberto	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	95.65	1
CEO ◊	Orcel Andrea	15-04-2021	Approval of 2023 financial statements	M	X					100	1
Director	Cariello Vincenzo	15-04-2021	Approval of 2023 financial statements	m		X	X	X	X	95.65	1
Director	Carletti Elena	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	100	--
Director	Gadhia Jane-Anne	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	100	1
Director	Hedberg Jeffrey Alan	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	100	1
Director	Lara Bartolomé Beatriz Ángela	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	100	1
Director	Molinari Luca	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	100	1
Director	Pierdicchi Maria	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	100	2
Director	Tondi Francesca	15-04-2021	Approval of 2023 financial statements	m		X	X	X	X	100	1
Director	Wagner Renate	15-04-2021	Approval of 2023 financial statements	M		X		X	X	93.75	2
Director	Wolfgring Alexander	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	100	2
			Directors who left during the Reference Period
Presidente	Bisoni Cesare (1)	12-04-2018	15-04-2021	M		X		--	X	100	--
CEO ◊	Mustier Jean Pierre (2)	12-04-2018	10-02-2021	M	X			--		66.67	--
Director	Al Mehairi Mohamed Hamad	12-04-2018	15-04-2021	M		X	X	--	X	71.43	6
Director	Balbinot Sergio	12-04-2018	15-04-2021	M		X		--	X	85.71	9
Director	De Giorgi Diego (3)	05-02-2020	15-04-2021	--		X	X	--	X	100	--
Director	Micossi Stefano	12-04-2018	15-04-2021	M		X	X	--	X	100	--

Quorum required for submission of slates for the latest appointment: 0.5%

No. of meetings held during the Reference Period: 23

NOTE:

* M = Member elected from the slate that obtained the majority of the Shareholders' votes
m = Member elected from the slate voted for by the minority
** Number of meetings attended/number of meetings held during the concerned party's term of office with regard to the Reference Period
*** Number of positions as Director or Auditor held at other listed companies or large companies. A list of such companies for each Director is attached to the Report
◊ Director in charge of the internal controls and risks management system
(1) Appointed as Chair on September 20, 2019. As Deputy Vice Chairman, Mr. Bisoni acted as pro-tempore Chair from August 8 to September 20, 2019
(2) Termination following the anticipated ending from the position of Chief Executive Officer and General Manager (effective from February 11, 2021). In order to ensure full managerial continuity, the Board appointed a General Manager in accordance with Clause 21 (5) of the Articles of Association, who remained in office until the appointment of the new Chief Executive Officer.
(3) Co-opted on February 5, 2020, and confirmed by the Shareholders' Meeting on April 9, 2020

The Board of Directors members comply with the requirements envisaged under current provisions. Directors' personal qualities comply with the indications of the theoretical profile approved by the Board of Directors in March 2021 and meet the suitable requirements called for by the ECB's "Guide to fit and proper assessments".

For more details on the composition of this corporate body and on personal and professional characteristics of each Director and of the Board Secretary, please consult the information published on the UniCredit website¹⁰. With regard to the requirements UniCredit Directors must meet, in addition to those envisaged under current laws and regulatory provisions, please consult the "Qualitative and Quantitative Profile of UniCredit S.p.A. Board of Directors" document, which is published on the Company's website.

The following charts shows the composition of the Board of Directors at the approval date of this Report.

Directors	First appointment date	Directors	First appointment date
Andreotti Lamberto	April 2018	Orcel Andrea	April 2021
Cariello Vincenzo	April 2018	Padoan Pietro Carlo	October 2020
Carletti Elena	February 2019	Pierdicchi Maria	April 2018
Gadhia Jane-Anne	April 2021	Tondi Francesca	April 2018
Hedberg Jeffrey Alan	April 2021	Wagner Renate	April 2021
Lara Bartolomé Beatriz Ángela	February 2020	Wolfgring Alexander	May 2013
Molinari Luca	April 2021

Directors' seniority in office since their first appointment date

¹⁰ The UniCredit website address where the information on Directors is available is:

https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-directors.html

Board of Directors

Executive and non-executive Directors Renewal rate

Core competencies

Each Director with his/her theoretical and practical experience allows the Board to understand the Company's activities and main risks. The skills matrix reflects the core competencies, envisaged in the March 2021 theoretical profile, that the Board of Directors deemed to be significant in assessing both the personal qualities and the collective suitability of its own members.

* * *

The following chart highlights the means of attendance of Directors (in office as at December 31, 2021) at Board meetings held in 2021. According to the precautionary health and safety measures adopted by UniCredit within the Covid-19 emergency, in 2021 the attendance to the meetings was allowed both in person and remotely. For the purposes of reporting on their attendance, the presence to the Board meetings was counted as physical one.

	2021
Board of Directors				Means of attendance
	Meetings	Attendance	%	physical	by teleconference	via phone
Padoan Pietro Carlo (Chairman)	23	23	100%	23
Andreotti Lamberto (Deputy Vice Chairman)	23	22	95.65%	22
Orcel Andrea (Chief Executive Officer)(1)	16	16	100%	16
Cariello Vincenzo	23	22	95.65%	22
Carletti Elena	23	23	100%	23
Gadhia Jane-Anne (1)	16	16	100%	16
Hedberg Jeffrey Alan (1)	16	16	100%	16
Lara Bartolomé Beatriz Ángela	23	23	100%	23
Molinari Luca (1)	16	16	100%	16
Pierdicchi Maria	23	23	100%	23
Tondi Francesca	23	23	100%	23
Wagner Renate (1)	16	15	93.75%	15
Wolfgring Alexander	23	23	100%	23
average attendance	264	261	98.86%	261

(1) Office held since April 15, 2021

Board of Directors

Time commitment and number of offices

Based upon the nature, quality and complexity of the office, and given the provisions contained in the relevant regulations, having sufficient time to fulfil the role is an essential requirement that Directors must guarantee, including in relation to activities arising from taking part in Board Committee proceedings.

According to its qualitative and quantitative profile, the UniCredit Board recommends that candidates accept the office only if they believe they are able to dedicate the necessary time to that position, considering the following factors: their other professional or personal commitments and circumstances, as well as performing roles at other companies; the nature, scale and complexity of the activities performed, the size and the situation of the entities where such positions are held, and the place or country where such entities are based.

Also in line with the ECB guidelines, the Board carried out an estimate to be intended as a reference for assessing the minimum time needed for appropriate meeting attendance, which is summarised in the following chart.

Chair of the Board of Directors	2/3 days per week
Chief Executive Officer	full time
Chair of a Board Committee	2 days for each Committee's meeting
Non-executive Director	21 days per year
Member of the Corporate Governance & Nomination Committee	15 days per year
Member of the Internal Controls & Risks Committee	15 days per year
Member of the Remuneration Committee	10 days per year
Member of the Related-Parties Committee	13 days per year

With specific reference to the ESG Committee established in April 2021, the minimum time needed for appropriate meeting attendance was estimated in 12 days per year.

With specific reference to Board of Directors and Committee meeting attendance percentages, this should not fall any lower than 75% per annum; attendance should preferably be physical, save for extraordinary meetings.

Finally, with reference to limits upon the maximum number of offices that UniCredit Directors may hold, it should be noted that since December 2008, in its Regulations and in the qualitative-quantitative profiles approved in 2012, 2015 and 2018, the Board has expressed an opinion on the maximum number of offices that may be held at the same time by the Company's Directors.

In the document dealing with the qualitative and quantitative profile as most recently approved in March 2021, the Board recalled the specific limits envisaged under the Decree issued by the Ministry of Economics and Finance no. 169 dated November 23, 2020, concerning the rules on suitability requirements and criteria for holding offices as corporate officer, inter alia, of banks, according to Section 26 of the TUB.

According to the above-mentioned theoretical profile, UniCredit consequently envisages that each Director may hold an overall number of positions in banks or other commercial companies equal to one of the following alternative settings:

one executive position and two non-executive positions
four non-executive positions

with the following specifications:

a) offices refer to positions held on the Board of Directors, Supervisory Board, Management Board, Board of Statutory Auditors, or as General Manager; in foreign companies, offices refer to positions equivalent to the above, on the basis of relevant regulations applicable to the companies;
b) for the purposes of calculating the above limits
i. the position held in UniCredit is included;
ii. the following aggregation mechanism is applied: the set of positions held (i) within the same group and (ii) in companies not belonging to the UniCredit Group, in which UniCredit holds a qualified shareholding of more than 10% of the share capital is considered as a single position. The set of positions counted as a single position is considered as an executive position if at least one of the positions is executive; in other cases it is considered as non-executive;
iii. the following positions are not considered: (i) in companies or entities whose sole purpose is to manage the private interests of a corporate officer or of his/her spouse who is not legally separated, of a person bound by a civil union or a de facto cohabitation, or of a relative or a relative by blood or by marriage up to the fourth degree, and which do not require any type of day-to-day management by the corporate officer; (ii) as a professional in a company comprising professionals; (iii) as a substitute statutory auditor.

The holding of one non-executive additional post, with respect to the above limits, is allowed only if it does not jeopardize the possibility of the Director to commit an adequate time to the post in UniCredit in order to carry effectively out his/her functions under the limitations established by the afore-mentioned Decree.

* * *

The following chart shows the overall number of offices as Director held in other companies by current Directors as at the approval date of this Report. Compliance with the limits on the maximum number of offices that Directors may hold in other companies envisaged under the applicable provisions was evaluated by taking into consideration the weighting applicable to offices held in the same group, pursuant to declarations made by Directors themselves.

Directors	Overall number of offices as director held in other companies	Directors	Overall number of offices as director held in other companies
Andreotti Lamberto	1	Orcel Andrea	2
Cariello Vincenzo	1	Pietro Carlo Padoan	1
Carletti Elena	--	Pierdicchi Maria	2
Gadhia Jane-Anne	1	Tondi Francesca	3 (1)
Hedberg Jeffrey Alan	4 (1)	Wagner Renate	2
Lara Bartolomé Beatriz Ángela	1	Wolfgring Alexander	4 (1)
Molinari Luca	1

(1) Weighting applicable to offices held within the same group was taken into consideration and/or the fact that offices that do not mainly pursue commercial aims do not count were taken into consideration.

* * *

Moreover, Directors must take into account the provisions of Section 36, Law Decree no. 201/2011 (a ban on interlocking directorships) which was approved as a statute under Law no. 214/2011, which establishes that the holder of a seat on a managerial, supervisory or controlling body, as well as top management officers in companies or groups of companies active in banking, insurance and financial markets, are forbidden from holding similar offices, or to exercise similar duties, in competing companies or groups of companies. The Board must ascertain whether such situations fall under the provision of Section 36 and potential new circumstances of supervening competition.

Board of Directors

Induction initiatives and recurring training

In UniCredit a permanent induction program is active for the Board members, also to the benefit of the Board of Statutory Auditors members, based on three-year cycles connected to the Board mandate, with the aim of ensuring an ad hoc training on a continuous basis that takes in account both their individual and collective needs.

The induction program and the recurring training, which are put in place with the support of an external consultant, respectively include sessions aimed at fostering the integration of new Directors and trainings to preserve over time the expertise needed for the proper fulfilment of their duties.

In addition, individual training plans will be activated in the event it is deemed necessary to strengthen specific individuals' technical knowledge and expertise, also to increase the level of diversity and the collective experience of the Board of Directors.

Over the Reference Period, training sessions for the Board of Directors, or members of each Board Committee covering their competence area, have focused on topics of strategic relevance, as well as those relating to the business, ESG strategies and risks, to markets developments, and legal/regulatory deep-dives, with the aim of ensuring awareness and knowledge of the risk profile adopted by the Group.

More specifically, training schemes focused on the in-depth examination of the above-mentioned topics, along with specific meetings focused on perspectives and key elements for the Group's strategies, were prepared and implemented.

4.3 Board of Directors' role

Meetings and functioning

During the Reference Period, the Board of Directors met twenty-three times, with an average length of about three hours. According to the precautionary health and safety measures adopted by UniCredit within the Covid-19 emergency, in 2021 the attendance to the meetings was allowed both in person and remotely.

For the 2022 financial year, 14 meetings have been planned, of which 5 already held as at March 8, 2022.

Planning Board meeting proceedings is one of the Chair's responsibilities with regard to scheduled items on the Agenda, having received a proposal from the Chief Executive Officer. Furthermore, the Chair ensures that the time necessary for effective discussion of the items on the Agenda is allowed, and during meetings encourages Directors to share their input. The Chair's activities are carried out with the support of the Board Secretary, appointed by the Board of Directors pursuant to the UniCredit Articles of Association, for three financial years, who is not necessarily a Board member.

Group Executive Committee members, among which the Manager charged with preparing the company financial reports, as well as the Head of Internal Audit and the other members of Management at the Company and Group were invited to attend Board meetings, without voting rights, in order to report on specific issues as well as, among others, to assist the Chief Executive Officer in making presentations to the Board.

The UniCredit Corporate Bodies and Committees Regulation establishes that, as a rule, appropriate pre-meeting documentation and information necessary for Directors to express their opinions in an informed manner on the topics under deliberation are made available at least three working days prior to the Board, Directors and Statutory Auditors. This timescale was generally complied with and – when possible – even anticipated, except for particular cases and for justified reasons due to the type of the resolution to be taken. In specific cases, if it was not possible to

comply with the necessary information flow pursuant to the above terms, the Chair ensured that in-depth research was carried out during the Board meetings.

The Board Secretary supports the Chair in the preparation of the Board meetings and prepares summary minutes of the discussions and decisions taken by the Board itself. The minutes also gives proper account of any disagreements expressed by Directors on specific topics and their motivations. Minutes are, as a rule, submitted to the Directors at the next available Board meeting. Minutes signed by the Chair of the meeting and the Secretary are kept under the responsibility of the Secretary and are available for consultation by Directors and Statutory Auditors who may wish to consult them. Where envisaged under applicable laws and regulations, a copy of the minutes containing the resolutions taken by the Board is sent to the Supervisory Authority.

Duties

Pursuant to Clause 23 of the Articles of Association, matters reserved for the Board of Directors' competency include resolutions on general guidelines and the adoption and amendment of business, strategic and financial plans for the Company, as well as periodic monitoring of their implementation.

Moreover, in compliance with Corporate Bodies and Committees Regulation, the Board shall have exclusive competence for:

determining general operational guidelines for the Group's growth policies preparatory to drafting strategic, industrial and financial multi-year plans and operating budgets for the Company and the Group, also on the basis of the analysis of issues relevant to long-term value generation for the benefit of Shareholders, taking also into account the interests of relevant stakeholders, in addition to periodically reviewing whether these guidelines match corporate activities and external circumstances, adopting and amending such plans and checking that they are appropriately implemented;
establishing guidelines for the internal controls system consistent with the strategic guidelines and risk appetite established by the Board itself, according to instructions issued by the Supervisory Authorities and applicable law. On a yearly basis, the Board sets out and approves the Group Risk Appetite Framework consistent with the Budget process timeline, defines the financial plan and establishes policies to govern the risks to which the Group may be exposed, as well as risk targets and tolerance thresholds, reviewing them periodically in order to ensure that they remain effective over time. Furthermore, with regard to credit risk, the Board approves general guidelines for the risk mitigation technique management system;
approving the UniCredit organisational structure and corporate governance, in order to ensure a clear distinction of responsibilities and functions, as well as preventing conflict of interest, covering the corporate structure and Group governance models and guidelines. Furthermore, the Board verifies that the UniCredit overall corporate governance and organizational structure is correctly implemented, promptly implementing corrective measures to tackle any shortcomings or inadequacies detected;
examining and approving transactions undertaken by the Company and companies belonging to the Group which are significant from a strategic, economic, balance-sheet and financial perspective.

For the purpose of informing the Company's Board of Statutory Auditors on such topics pursuant to applicable regulatory provisions, the Board has defined criteria for identifying transactions of strategic, economic, equity-related and financial relevance to UniCredit S.p.A., with specific reference to situations in which one or more Directors hold an interest directly or on behalf of third parties and, more in general, transactions with related parties. Specifically, all transactions of a critical or relevant nature must be reported to the Board of Statutory Auditors, and in any case those concerning:

entry/consolidation of the position in a strategic sector/market;
definition/modification of shareholding structures with third party partners with whom governance-related agreements are executed;
decisions impacting strategic equity holdings;
decisions significantly impacting the organisational structure of the Company or the Group;

Board of Directors

situations in which economic/equity-related/financial thresholds (as defined by the Board) are exceeded in relation to the type of transactions involved;
modifications to the Company's share capital structure;
new legal proceedings and developments in existing ones determining potential liabilities in excess of a certain threshold defined as per the decision of the Board, or potentially at risk of becoming relevant for the company's sector ("pilot proceedings").

Pursuant to Section 136 of the TUB, resolutions concerning obligations of any kind or purchase or sale agreements implemented by the UniCredit corporate officers, directly or indirectly, with the same bank fall within the Board of Directors' exclusive responsibility.

* * *

The Board of Directors:

continuously monitors general management performance, with special reference to conflict of interest management - also by analysing the information received from the delegated bodies and the Board Committees, and periodically comparing results against targets, - as well as assessing the adequacy of the organisational, administrative and accounting structure of UniCredit and, also by issuing policies and guidelines, of all of its strategically-relevant subsidiaries, with particular regard to the internal control and risk management system and the conflict-of-interest management, ensuring that the Bank's structure matches the activities it undertakes and the business model adopted, as well as avoiding the creation of complex structures unjustified by operational ends;
ensures that major corporate risks are correctly identified, measured, managed and adequately monitored, taking into account how they evolve and interact and, furthermore, establishing criteria to ensure that such risks are compliant with sound and prudent Company management.

In particular, the Board identified the following controlled companies as having strategic relevance: UniCredit Bank AG, and UniCredit Bank Austria.

The role played by the Chair of the Board

The Chair is responsible for ensuring that the corporate governance system functions effectively, also with regard to any aspects related to internal and external communications, serving as an interlocutor for the Board of Statutory Auditors and the Board Committees; while remaining neutral, the Chair promotes dialogue among executive and non-executive positions, seeking the active participation of non-executive members in the Board's proceedings so that the resolutions it reaches are the result of adequate debate and an informed and effective contribution from all of its members.

In particular, the Chair ensures that:

i) in good time, Directors are sent supporting documentation on the Board's deliberations or, at the very least, initial information on the issues under debate;
ii) supporting documentation and information on resolutions, in particular documents distributed to non-executive members, are adequate in terms of quantity and quality in regard to the items on the Agenda;
iii) when preparing the Agenda and chairing Board discussions, issues of strategic relevance are given priority, and that all necessary time is set aside for them;
iv) the Heads of the corporate control functions have direct access to the Board of Directors when necessary. To this end, meetings between the Chair and the Heads of the corporate control functions are organized on a regular basis;
v) as a rule on a quarterly basis, opportunities are arranged for all Directors to meet, also apart from Board meetings, in order to investigate and discuss strategic issues;
vi) the self-assessment process is undertaken effectively, its terms and conditions comply with the degree of complexity of the Board's work, and envisaged corrective measures are adopted to tackle any detected shortcomings;
vii) inclusion programs and training schemes are prepared and implemented for members of the Board of Directors and Board of Statutory Auditors, along with succession plans for senior management positions.

Moreover, the Chair manages relations with Shareholders and the Supervisory Authorities with regard to matters falling within his/her purview and activities as a liaison to the Board of Directors and Shareholders' Meeting, in agreement with the CEO.

In order to effectively carry out his/her duties, the Chair, who has a non-executive role and does not undertake operational functions, even in a de facto manner, maintains necessary and advisable relations with the Chief Executive Officer, has access to all company functions, may attend Board Committee and managerial Committee meetings, receives information, including on specific topics, regarding the management of the Company and the Group as well as on the general current and expected performance of the management itself.

Where absent or impeded, the Chair is replaced by the Vice Chair. Where both the Chair and Vice Chair are absent or impeded, the meeting is chaired by the oldest Director.

Self-assessment

On March 8, 2022, the Board of Directors closed the recurring self-assessment process focused on the adequacy of the Board and its Committees in terms of composition and functioning. The self-assessment process, focused on the first year of the 2021-2023 mandate, has been performed in accordance with the provisions of the Corporate Bodies and Committees Regulation, adopted in compliance with Supervisory Regulations on banks' corporate governance, and in line with the recommendations of Article 4 of the Italian Corporate Governance Code.

For the performance of the self-assessment process, UniCredit engaged Spencer Stuart, external consultant selected by the Chair of the Board, upon proposal of the Corporate Governance & Nomination Committee, also on the basis of the neutrality, impartiality and independence of judgement requirements provided by the Corporate Bodies and Committees Regulation. In 2021 Spencer Stuart had some other professional relationships with the UniCredit Group of such relevance unable to compromise its independence.

In compliance with the provisions of the Corporate Bodies and Committees Regulation, the process also covers:

qualitative and quantitative composition, size, degree of diversity, professional training, experience (including managerial), seniority in the present post, a guaranteed balance of non-executive and independent members, adequacy of the appointments processes and selection criteria, and ongoing professional development;
meeting sessions, frequency, duration, the degree and form of attendance, sufficient time available to dedicate to the assignment, a trust-based relationship, cooperation and interaction among members, awareness of the role covered, and the quality of debate on the Board.

With assistance from Spencer Stuart, the process has been broken down into the following stages:

examination: carried out in accordance with the provisions of the Corporate Bodies and Committees Regulation;
assessment of the outcome of the self-assessment process, in order to identify strengths and weaknesses that emerged and to draw up a proposal for actions deemed appropriate;
drawing up of the process outcome summary document: results from the analysis were set out in an ad hoc document which illustrates, among others, the methodologies used, the individuals involved and the results achieved, highlighting strengths and weaknesses, and any proposed necessary corrective action.

The 2021 Board review follows similar initiatives that have been conducted on an annual basis by the Board of Directors since the formal adoption of the 2006 Italian corporate governance code.

Board of Directors

In said Board review, Directors were asked to give their views on the functioning of the Board, highlighting the main topics and issues that they consider significant strengths and/or areas of improvement.

The self-assessment process, carried out through an on-line questionnaire, was focused on a variety of topics concerning the composition and functioning of the Board of Directors and its Committees, with the aim of supporting Directors in identifying further areas in which to improve Board of Directors' performance. In addition to the completion of said questionnaire by all Directors, the process involved one-to-one interviews with Spencer Stuart consultants during which the most important aspects highlighted by each Director were discussed. The Spencer Stuart team were silent observers of the Board meeting on 18 January 2022. As part of the process also the Chair of the Board of Statutory Auditors and the Secretary of the Board were met.

In particular, the questionnaires and the interviews concerned:

the effectiveness of the Board of Directors on key issues, such as, among others, the definition of corporate strategies and the perception by the Board itself on the efficiency and effectiveness of the internal control and risks management system;
the organization and conduct of Board meetings, with particular regard to the thoroughness and promptness of the information flows, to the quality of the minutes and to the support provided by the secretariat of the Board of Directors and by the top management;
the dynamic of the Board's discussions and the decision making processes followed;
the role and responsibility of Directors, with a specific focus on the Chair and the Chief Executive Officer;
the size and composition of the Board of Directors and its Committees, also in terms of skills and experience;
the Committee's functioning and the effectiveness of their activities in supporting the Board of Directors.

Within the Board review process, an analysis of the functioning of UniCredit's Board of Directors compared to international best practices was also carried out.

The results of the Board review for the 2021 financial year highlight a positive overall picture of the conduct of UniCredit's Board of Directors and its Committees, demonstrating that these bodies operate effectively and transparently, in accordance with the best national and international corporate governance practices, as confirmed by the consulting firm.

The 2021 UniCredit Board review took place against the backdrop of a challenging year for the Board and for the business. This was driven in the main by three factors: Board composition, COVID and the focus on strategy. The Board underwent significant change with five new Directors, including the Chief Executive Officer, appointed in April 2021. The Chair was also appointed to his role in April 2021, having previously served on the Board since October 2020. In addition, the Board was highly focused on the new strategy for the business which was an intense and extraordinarily time-consuming process; all Directors attest to the process having been successful.

The following strengths arise from the analysis prepared by the advisory Company:

(i) the composition of the Board of Directors shows a large majority of independent Directors and is based on a diverse mix of skills and experiences, international experience as well as a broadly diverse range of managerial profiles, which allow the Board to carry out an adequate in-depth analysis of the issues which the Board is called to address;
(ii) Directors have a positive constructive attitude and a genuine commitment to serve on the Board in the interests of the business and all stakeholders;
(iii) the relationship between the Board and management is viewed as positive, open and transparent. There was praise from the non-executive Directors for the transparent approach the Chief Executive Officer and management team take, and they feel fully informed, both in Board meetings and in-between Board meetings when necessary;
(iv) the relationship between the Chair and the Chief Executive Officer, whilst in its early stages, is perceived to be positive and constructive with the right amount of support and challenge;
(v) the quality of the Committees' work and the support provided by them to the activity of the Board of Directors is appreciated.

The analysis carried out by the advisory Company also reveals a number of issues on which attention should be focused in order to make the Board of Directors' actions even more effective. These issues include:

organize as many opportunities as possible over the next year for the Board to meet in person and spend time together both in the boardroom and in informal sessions, such as off-site or Company events;
address the current occasional delays on paper delivery; once the timeliness issue has been remedied, then the attention should turn to the format of the papers, with a more standardized format;
increase the number of top managers involved in the presentation to the Board of Directors of the matters for which they are competent, while at the same time ensuring a focus of the relative presentations that allows an adequate space for debate and for questions of in-depth analysis and clarification;
in addition to the existing permanent induction program, carry out further trainings and development programmes for all Directors to be implemented in 2022.

Competitive business

At the Shareholders' Meeting held on April 15, 2021, when the Board of Directors was undergoing renewal, no request of general and prior authorisation was submitted regarding the exercise of competing business by Board members, pursuant to Article 2390 of the Italian Civil Code.

No relevant cases pursuant to this Article emerged during the Board's assessment of the requirements envisaged under law for Directors appointed by the above-mentioned Shareholders' Meeting.

Furthermore, while it is up to each Director to report any such situation arising pursuant to Article 2390 of the Italian Civil Code, the Board of Directors was not required to assess the merits of any situations during the Reference Period.

4.4 Executive Directors

Chief Executive Officers

The empowerment (and disempowerment) of Directors is the Board's responsibility. It is the Board that sets out the subject matter, limits and performance criteria for delegation of powers.

The only Board member with managerial powers is the Chief Executive Officer, Mr. Andrea Orcel, to whom the Board of Directors granted powers, within pre-defined limits and also with the faculty to sub-delegate them, across all sectors of Bank business.

For information on what powers have been granted, please consult the "Managerial powers" to this Report.

Chair of the Board of Directors

The Chair has not been granted managerial authorities or power for the design of the corporate strategies and does not undertake operational functions, not even in a de facto manner, and therefore does not fulfil any executive role. The Chair does not hold a relevant share of the Company equity.

Other executive Directors

None of the Directors who sit on the UniCredit Board of Directors – besides the Chief Executive Officer – can be defined as executive pursuant to the Corporate Governance Code's recommendations.

Board of Directors

Reporting to the Board

Information flows among and within the corporate bodies is a prerequisite for achieving managerial efficiency and effective control objectives.

UniCredit has procedures to ensure adequate information flows among its corporate bodies. As regards in particular the internal controls system, these flows, their content and deadlines are identified in detail by the Board of Directors in its Document of corporate bodies and control functions approved by the Board itself. The Corporate Bodies and Committees Regulation identifies a list of parties required to dispatch information flows on a regular basis to corporate bodies, including an illustration of minimum content and the timing of the main flows.

In particular, in the exercise of all of the proposal and decision-making powers and/or power to submit information to the Board of Directors, the Chief Executive Officer was the recipient of the information flows that Bank structures address to the body with supervisory functions, in compliance with the legal and regulatory provisions in force at the time.

Furthermore, the Chief Executive Officer, having been empowered by the Board to carry out activities the Company may undertake pursuant to Clause 4 of the Articles of Association, has provided the Board of Directors – with the methods and timeframe established – with adequate information flows on the exercise of delegated powers, specifically highlighting any relevant associated risk according to the terms and conditions defined by the Board itself. Information on such powers is contained in the "Managerial powers" Annex to this Report.

4.5 Independent Directors

In compliance with the provisions in force from time to time as well as in line with the criteria envisaged under the Italian Corporate Governance Code, non-executive Directors' independence shall be assessed by the Board of Directors upon their appointment, during the mandate upon the occurrence of circumstances concerning their independence and in any case at least once a year, on the basis of information provided by the Directors themselves or however available to the Company, also considering any circumstance that affects or could affect such requirement. The outcome of these Board assessments shall be disclosed to the market after the appointment, through a press release and, subsequently, via the Corporate Governance Report.

In abidance with the assessment criteria identified by the Company for an overall evaluation of both objective and subjective aspects, since several years UniCredit deploys a structured process for gathering and analysing the information on the existence of direct or indirect relationships (credit, business/professional and employee relationships, as well as significant offices held) that Directors and other connected subjects may have with UniCredit and Group companies.

The Corporate Governance & Nomination Committee and the Board of Directors, the latter at the assessment carried out for the renewal of the Board during its meeting held on May 5, 2021, carried out the assessment of the Directors' independence requirements based on statements made by the parties concerned and on information available to the Company.

With specific reference to the independence requirements laid down by the Italian Corporate Governance Code, information was taken into account relating to the existence of direct or indirect relationships (credit relationships, business/professional relationships and employee relationships, as well as significant offices held) that Directors and their other connected subjects may have with UniCredit and Group Companies.

In order to assess the potential significance of the above-mentioned relationships, the Board of Directors has decided not to proceed with merely identifying predefined economic targets, which if simply exceeded could automatically indicate that independence has been compromised, as such check requires an overall assessment of both objective and subjective aspects. Therefore, for this purpose, the following criteria should be taken into account: (i) the nature and characteristics of the relationship; (ii) the amount in absolute and relative terms of the transactions; and (iii) the subjective profile of the relationship.

More specifically, when assessing the significance of such a relationship, the following information, where available, is considered by the Board:

as far as credit relations are concerned, the amount in absolute value of the credit granted, its weighting in relation to the system and, where appropriate, the economic and financial situation of the borrower;
as far as professional/commercial relations are concerned, the characteristics of the transaction/relationship, the amount of the consideration and, where appropriate, the economic and financial situation of the counterparty;
as far as offices held in Group companies are concerned, the total amount of any additional remunerations.

The above-mentioned criteria and information were also taken into due consideration in assessing the independence of the Chair, designated to said role and qualified as independent candidate – pursuant to the Corporate Governance Code and the TUF – within the list presented by the Board of Directors.

In all of the above cases, all the parties involved (Director or family member; UniCredit or Group Company) and, for relationships with companies/entities, the related kind of "connection" (post held/control participation) with the Director or the family member, were taken into account.

In view of the above, at its May 5, 2021, meeting, the Board checked that Directors met the independence requirements. In particular, with regard to Directors whose information acquired highlighted the existence of such relationships, the Board came to the conclusion that they were not of a nature such as to affect the Director's independence.

With reference to the Board of Directors' composition as at the approval date of this Report, credit relations with UniCredit and/or Group companies have been identified – and evaluated as being of no significance on the basis of the above-mentioned criteria adopted – for the Chairman Mr. Padoan and Directors Ms. Carletti and Mr. Wolfgring. In detail:

Chairman Mr. Pietro Carlo Padoan has indirect credit relations, of family members, of low amount;
Director Ms. Elena Carletti has direct credit relations, of a personal nature of low amount;
Director Mr. Alexander Wolfgring has direct and indirect credit relations, of family members.

In view of the above, as a result of these assessments, the number of independent Directors as defined in the Corporate Governance Code provisions is equal to 11. The outcome is stated below:

"Independent" Directors pursuant to the criteria envisaged under Section 2, recommendation 7, of the Code:

Mr. Andreotti, Mr. Cariello, Ms. Carletti, Ms. Gadhia, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Mr. Padoan, Ms. Pierdicchi, Ms. Tondi and Mr. Wolfgring.

* * *

Moreover, in its above-mentioned meeting on May 5, 2021, pursuant to the provisions on banks contained in the TUB and on listed issuers contained in the TUF, the Board of Directors also checked that the independence requirements pursuant to Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020 and Section 148 of the TUF had been met. The outcome of these assessments is stated below:

"Independent" Directors pursuant to Section 26 of the TUB and the Decree issued by the Ministry of Economics and Finance no. 169/2020: Mr. Andreotti, Mr. Cariello, Ms. Carletti, Ms. Gadhia, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Ms. Pierdicchi, Ms. Tondi, Ms. Wagner and Mr. Wolfgring.

Board of Directors

"Independent" Directors pursuant to Section 148 of the TUF: Mr. Andreotti, Mr. Cariello, Ms. Carletti, Ms. Gadhia, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Mr. Padoan, Ms. Pierdicchi, Ms. Tondi, Ms. Wagner and Mr. Wolfgring.

At its meeting held on May 11, 2021, the Board of Statutory Auditors ascertained, with a positive outcome, the proper application of the criteria and procedures adopted by the Board of Directors to assess the independence of its own members.

* * *

Also in line with the March 2021 theoretical profile of the Board, the number of the independent Directors according to the Corporate Governance Code and the TUB, as well as to the TUF, respectively equal to 85% and 92% of the body's members, is deemed to be suitable both for the Company's needs, also in terms of the functioning of the Board of Directors and its Committees, and for an effective discussion within the body.

Independent Directors' meeting

Starting from June 8, 2021, a meeting among independent Directors is held following each Board of Directors' meeting. The topics discussed during these meetings concern issues deemed of interest, including also those relating to the functioning of the Board of Directors, strategic issues, the corporate organization and the relation between the Board and the management. Since all non-executive Directors of UniCredit are independent according to the TUF and 11 out of 12 of them are also independent according to the Corporate Governance Code and the TUB, all the Directors other than the Chief Executive Officer have been invited to such meetings.

4.6 Lead Independent Director

The UniCredit Board of Directors has not so far designated an independent Director as Lead Independent Director, considering that the conditions set forth by the Corporate Governance Code for his/her appointment do not pertain:

(i) where the chair of the board of directors is the person in charge of managing the company (i.e., the chief executive officer) or holds significant managerial powers;
(ii) where the office of chair is held by the person controlling, also jointly, the company;
(iii) where requested by the majority of independent directors.

Board of Directors' internal Committees

In order to foster an efficient information and advisory system to enable the Board of Directors to better assess the topics for which it is responsible, also in accordance with the provisions of the Code, the Board has established five Committees, vested with research, advisory and proposal-making powers diversified by sector of competence: Internal Controls & Risks Committee, Corporate Governance & Nomination Committee, ESG Committee, Remuneration Committee and Related-Parties Committee. Their duties are undertaken based on terms of reference and procedures set out by the Board.

The Committees consist, as a rule, of a number of members from 3 up to 5. More specifically, the Internal Controls & Risks Committee, the Corporate Governance & Nomination Committee, the ESG Committee and the Remuneration Committee, all set up in compliance with the provisions contained in the Banca d'Italia Supervisory Regulations on banks' corporate governance, are composed of non-executives Directors, mostly independent. In particular, such Committees must be differentiated from each other by at least one member and, if a Director elected by the minorities is present, that Director is a member of at least one Committee. The Chair of each Committee shall be chosen from among the independent members. The Related-Parties Committee, set up for overseeing issues concerning transactions with related and associated parties, in compliance with relevant CONSOB regulatory provisions and Banca d'Italia Supervisory Regulations, consists only of independent Directors pursuant to the Italian Corporate Governance Code.

None of the functions of one or more specialist Committees on appointments, risks and remuneration envisaged under the Code has been reserved for the Board of Directors. Moreover, none of these Committees per se performs the multiple functions of two or more committees as envisaged under the Code. Committee functions have not been allocated amongst the various Committees in a manner that differs from the Code's provisions.

The Committee's tasks are coordinated by its Chair, who exercises all necessary powers for its proper functioning. Each Committee draws up an annual plan of activities to ensure the fulfilment of its tasks. Committee meetings are convened by the Chair with a frequency adequate to the fulfilment of its tasks and plan of activities, or when needed or requested in writing, with proper motivation, by at least two members of the Committee. The provisions set out for the Board of Directors' functioning shall apply, as compatible, to the Board Committees. With reference to the Related-Parties Committee's meetings, only for reasons of urgency, in specific cases dealing with transactions falling into the decision-making powers of the Board of Directors, a meeting may be convened at least twelve hours in advance.

Committee meetings are valid if attended by the majority of their members and their resolutions are taken with a majority of votes cast. Should the Chair be absent or impeded from attending, the meeting shall be chaired by the oldest Committee member. Should the Chair of each Committee consider it appropriate, meetings may be held via conference call or video conference.

The meetings of each Committee were minuted by its Secretary, who is not a member of the Committee, appointed on proposal of its Chair. The minutes gives proper account of any disagreements expressed by Committee members on specific topics and their motivations. Minutes signed by the Chair of the meeting and the Secretary are kept under the responsibility of the Secretary and are available for consultation by Committee members as well as any other Directors and Statutory Auditors who may wish to consult them.

With reference to the composition of the Board Committees, on April 15, 2021, the Board of Directors, appointed by the Shareholders' Meeting held on the same date, set the number of each Committee's members and appointed members to them, taking into account, inter alia, each Director's expertise and experience. More specifically, the Board set:

at four the number of members of the Internal Controls & Risks Committee, appointing the following Directors as members:
➢ Ms. Elena Carletti (Chairwoman), Ms. Maria Pierdicchi, Ms. Francesca Tondi and Mr. Alexander Wolfgring;
at three the number of the members of the Corporate Governance & Nomination Committee, the ESG Committee, the Remuneration Committee and of the Related-Parties Committee, appointing the following Directors as respective members:
➢ Mr. Lamberto Andreotti (Chairman), Ms. Jayne-Anne Gadhia and Mr. Alexander Wolfgring;
➢ M. Francesca Tondi (Chairwoman), Ms. Beatriz Ángela Lara Bartolomè and Mr. Jeffrey Alan Hedberg;
➢ Ms. Jayne-Anne Gadhia (Chairwoman), Mr. Luca Molinari and Ms. Renate Wagner;
➢ Ms. Maria Pierdicchi (Chairwoman), Mr. Vincenzo Cariello and Ms. Elena Carletti.

Committee members have the necessary knowledge, skills and experience to perform the duties assigned to them and ensure that any other corporate positions they hold in other companies or entities (including non-Italian ones) are compatible with their availability and commitment to serve as a Committee member.

The following chart shows Committee composition as at the date of the Report's approval, and any changes that occurred during the 2021 financial year.

					Internal Controls & Risks Committee		Corporate Governance & Nomination Committee		ESG Committee		Remuneration Committee		Related Parties Committee
Members	Exec.	Non exec.	Indep. as Code	*	**	*	**	*	**	*	**	*	**
Padoan Pietro Carlo		X	X			M (1)	100%
Andreotti Lamberto		X	X			C (2)	100%			C (1)	100%
Orcel Andrea	X
Cariello Vincenzo		X	X									M	100%
Carletti Elena		X	X	C (3)	100%					M (1)	100%	M (2)	100%
Gadhia Jayne-Anne		X	X			M (2)	100%			C (2)	100%
Hedberg Jeffrey Alan		X	X					M (2)	100%
Lara Bartolomé Beatriz Ángela		X	X					M (2)	100%
Molinari Luca		X	X							M (2)	100%
Pierdicchi Maria		X	X	M	100%							C	100%
Tondi Francesca		X	X	M	100%	M (1)	100%	C (2)	100%
Wagner Renate		X								M (2)	91.67%
Wolfgring Alexander		X	X	M (4)	100%	M	100%
					----- Members who left during the Reference Period -----
Bisoni Cesare		X
Mustier Jean Pierre	X
Al Mehairi Mohamed Hamad		X	X
Balbinot Sergio		X
De Giorgi Diego		X	X							M (1)	50%
Micossi Stefano		X	X			C (1)	88.89%					M (1)	75%
No. of meetings held during the Reference Period				IC&RC: 20		CG&NC: 19		ESGC: 7		RC: 16		RPC: 14
Note:

* A "C" (Chair) or an "M" (Member) in this column shows that the member of the Board of Directors belongs to the Committee and also indicates his/her position

** Meetings' attendance percentage (number of meetings attended/number of meetings held during the concerned party's term of office with regard to the Reference Period)

Board of Directors' internal Committees

(1) Office held since April 15, 2021
(2) Office held until April 15, 2021
(3) Chair of the IC&RC since April 15, 2021
(4) Chair of the IC&RC until April 15, 2021

At the invitation of each Committee Chair, the CEO, other Directors, the General Manager (when appointed), the Manager in charge of drafting the company financial reports, as well as personnel belonging to the Company and the Group, may attend Committee meetings on specific Agenda items. Without prejudice to the possibility for the other Statutory Auditors to attend the meetings, the Chair of the Board of Statutory Auditors - or any other Auditor designated by the latter - attends Board Committee meetings. Always at the invitation of each Committee Chair, personnel or externals appointed in the corporate bodies of the Group's subsidiaries may be called upon to attend Committee meetings.

During the Reference Period, the spending requirements of the Board Committees were met by an ad hoc budget. In fact, in order to perform their duties, Board Committees have access to the financial resources necessary to guarantee their operational independence and, within the limitations of the budget approved by the Board of Directors, may consult independent external experts and invite them to attend meetings; in the event of specific requirements, the relevant budget may be supplemented.

Furthermore, Committees are assured the necessary tools and information flows from the competent functions to enable them to conduct their evaluations.

Each Committee Chair reported to the Board of Directors during the first available meeting on activities carried out by the Committee, with the support of specific documentation.

Board Committees' functions and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation as resolved by the Board¹¹. For information on Board Committees composition, please refer to the UniCredit website¹².

* * *

The following charts highlight the means of attendance of Board Committees members (in office as at December 31, 2021) at meetings held during 2021. According to the precautionary health and safety measures adopted by UniCredit within the Covid-19 emergency, in 2021 the attendance to the meetings was allowed both in person and remotely. For the purposes of reporting on their attendance, the presence to the Board meetings was counted as physical one.

¹¹ The UniCredit website address where the Corporate Bodies and Committees Regulation is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies.html

¹² The UniCredit website address where information on Directors is available is:

https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-directors.html

	2021
Internal Controls & Risks					Means of attendance
Committee	Meetings	Attendance	%	physical	by teleconference	via phone
Carletti Elena (Chairwoman)(1)	20	20	100%	20
Pierdicchi Maria	20	20	100%	20
Tondi Francesca	20	20	100%	20
Wolfgring Alexander	20	20	100%	20
average attendance	80	80	100%	80

(1) Chairwoman since April 15, 2021

	2021
Corporate Governance &			Means of attendance
Nomination Committee	Meetings	Attendance	%	physical	by teleconference	via phone
Andreotti Lamberto (Chairman) (1)	10	10	100%	10
Gadhia Jayne-Anne (1)	10	10	100%	10
Wolfgring Alexander	19	19	100%	19
average attendance	39	39	100%	39

(1) Office held since April 15, 2021

	2021
ESG Committee					Means of attendance
	Meetings	Attendance	%	physical	by teleconference	via phone
Tondi Francesca (Chairwoman) (1)	7	7	100%	7
Hedberg Jeffrey Alan (1)	7	7	100%	7
Lara Bartolomé Beatriz Ángela (1)	7	7	100%	7
average attendance	21	21	100%	21

(1) Office held since April 15, 2021

	2021
Remuneration Committee					Means of attendance
	Meetings	Attendance	%	physical	by teleconference	via phone
Gadhia Jayne- Anne (Chairwoman)(1)	12	12	100%	12
Molinari Luca (1)	12	12	100%	12
Wagner Renate (1)	12	11	91.67%	11
average attendance	36	35	97.22%	36

(1) Office held since April 15, 2021

Board of Directors' internal Committees

	2021
					Means of attendance
Related-Parties Committee	Meetings	Attendance	%		by
				physical	teleconference	via phone
Pierdicchi Maria (Chairwoman)	14	14	100%	14
Cariello Vincenzo	14	14	100%	14
Carletti Elena (1)	10	10	100%	10
average attendance	38	38	100%	38

(1) Office held since April 15, 2021

5.1 Internal Controls & Risks Committee

The current "Internal Controls & Risks Committee" was established in June 2000 under the name of "Audit Committee". Its name, structure and tasks have changed over the years, in line with the evolution of the regulatory and supervisory framework and industry best practices.

Since October 18, 2018, the Board of Directors has assigned to the Internal Controls & Risks Committee responsibilities over equities investments held by banks and banking groups allocated in Banca d'Italia Circular no. 285/2013 to independent Directors.

Composition

According to the provisions in the Corporate Bodies and Committees Regulation, the Internal Controls & Risks Committee consists of four non-executive Directors.

The composition of the Internal Controls & Risks Committee as at March 8, 2022, is the following: Ms. Elena Carletti (Chairwoman), Ms. Maria Pierdicchi, Ms. Francesca Tondi and Mr. Alexander Wolfgring.

All members of the Internal Controls & Risks Committee, in its composition at such date, comply with the independence requirements prescribed by the Italian Corporate Governance Code, and are independent pursuant to Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020 and Section 148 of Italian Legislative Decree no. 58 dated February 24, 1998.

All members of the Committee have the experience required under applicable provisions, covering the provided areas of competence related to risk and control as well as accounting and audit.

Operations

Committee meetings are attended by the Chair of the Board of Statutory Auditors, Head of Internal Audit, the Group Compliance Officer and the Group Risk Officer. Upon invitation of the Committee Chair, the Chief Executive Officer, other Directors, the Manager in charge of drafting the Company financial reports, as well as personnel belonging to the Company and the Group, may attend Committee meetings. Furthermore, representatives from the external audit firm may also be invited.

During the different phases of 2021, the following were involved in the Committee activities:

the Chair of the Board of Statutory Auditors in all the cases and another Statutory Auditor on a six-monthly rotating basis, as well as the entire Board of Statutory Auditors upon invitation of the Committee Chair;
the Heads of the corporate control functions (Internal Audit, Group Compliance and Group Risk Management) in all the 2021 meetings;
the Chair of the Board of Directors and the Chief Executive Officer upon invitation of the Chair;
the Manager in charge of drafting the Company financial reports upon invitation of the Chair and in occasion of discussions dealing with accounting and linked topics;
the representatives of the external audit firm in 3 meetings for topics concerning its tasks upon invitation of the Chair.

In 2021, the Committee was not supported by external consultants.

Roles and Responsibilities

The Internal Controls & Risks Committee supports the Board of Directors on risk management and control-related issues. Hereinafter, the main roles assigned in accordance with the current Corporate Bodies and Committees Regulation.

With a special focus on risk management and control-related issues, the Committee supports the Board of Directors in:

defining and approving strategic guidelines and risk management policies with specific reference to risk appetite and risk tolerance. For this purpose, it also examines the annual budget drafting guidelines;
verifying that risk strategies, management policies and the Risk Appetite Framework (RAF) have been correctly implemented;
defining policies and processes for evaluating corporate activities, including verification that the price and conditions of client transactions comply with the risk-related business model and strategies.

Furthermore, the Committee:

a) with the support of the Corporate Governance & Nomination Committee, identifies and proposes to the Board who should be appointed as Head of the corporate control functions or assesses the evaluation of their dismissal; for the Head of Internal Audit function, issues its opinion on setting the remuneration and the performance goals associated with its variable portion in line with the company policies;
b) pre-examines activity programmes (including audit plans) and annual reports from corporate control functions to be sent to the Board, as well as periodical reports prepared by these functions above and beyond legal or regulatory requirements;
c) evaluates and issues opinions to the Board on the compliance of the internal control system and corporate organisation with the applicable rules and regulations, and on the requirements that must be complied with by the corporate control functions, drawing the Board's attention to any weaknesses and consequent corrective actions to be implemented; for this purpose, it assesses proposals put forward by the CEO;
d) through evaluations and opinions, contributes to defining company policy on the outsourcing of corporate control functions;
e) verifies that the corporate control functions correctly comply with the Board's recommendations and guidelines, assisting the Board in drafting the coordination documents envisaged under Banca d'Italia Circular no. 285/2013;
f) examines and assesses the correct use of accounting principles and their uniformity with regard to drafting the main accounting documents (such as, by way of example, operating and consolidated financial statements, interim operating reports, etc.), for this purpose coordinating with the Manager in charge of drafting the company financial reports and with the Board of Statutory Auditors;
g) examines the work carried out by the Group's external auditors and the results stated in their reports or any letters and suggestions;
h) assesses any findings reported by Internal Audit and Group Compliance, or that may arise from enquiries and/or investigations carried out by third parties;
i) may seek specific audit interventions, at such time informing the Chair of the Board of Statutory Auditors;
j) analyses Group guidelines for the Group Compliance function that fall within its remit, monitoring that they have been adopted and implemented;
k) requests that the Head of Internal Audit draft any proposals for the qualitative and quantitative improvement of the function itself;
l) is involved, within its specific remit, in the process of identifying material risk takers on an ongoing basis.

Board of Directors' internal Committees

Without prejudice to the competencies of the Remuneration Committee, the Committee checks that the incentives underlying the remuneration and incentive system comply with the RAF, particularly taking into account risks, capital and liquidity.

Moreover, the Committee reports to the Board of Directors on the status of the Group's internal controls system.

Furthermore, as regards investments in non-financial equities, the Committee assesses, supports and puts forward proposals with regard to organising and enacting internal controls on the making and managing of equity investments in non-financial companies, in addition to verifying compliance within the framework of such equity investments in terms of strategic and operational guidelines.

Activities performed

In 2021, the Internal Controls & Risks Committee held 20 meetings. On average, Committee meetings lasted approximately 4 hours.

In 2021, the Committee has performed information-gathering, consultative and proposition-making functions with regard to the duties assigned to it by the Board of Directors. At 5 meetings, focus sessions and "deep dive" sessions were dedicated to the deepening of topics that fall within the Committee remit. More specifically, the May 18 and June 16, 2021, meetings were almost fully focused on deepening for training purposes. In this regard, the Committee deepened the functioning of the internal control system during two dedicated sessions (on July 23 and on October 25, 2021) held in addition to the ordinary meetings.

Furthermore, in 2021, the Committee has established the necessary functional links with the Board of Statutory Auditors, in order to carry out the activities deemed to be common to the two bodies, and exchanging information of mutual interest within the sphere of their respective competencies.

For the 2022 financial year, 23 Committee meetings have been planned. As at March 8, 2022, 9 meetings have been held.

5.2 Corporate Governance & Nomination Committee

The current "Corporate Governance & Nomination Committee" was established in June 2000 under the name of "Nomination Committee". Its name and tasks have changed over the years, in line with the evolution of the regulatory framework and industry best practices.

From the end of the 2016 financial year up to April 15, 2021, its activities were expanded to also embrace the supervision of sustainability issues.

Composition

According to the provisions in the Corporate Bodies and Committees Regulation, the Corporate Governance & Nomination Committee consists of 3 non-executive Directors.

The composition of the Committee as at March 8, 2022, is the following: Mr. Lamberto Andreotti (Chairman), Ms. Jane-Anne Gadhia and Mr. Alexander Wolfgring.

All members of the Committee comply with the independence requirements prescribed by the Italian Corporate Governance Code and are independent pursuant to Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020 and Section 148 of Italian Legislative Decree no. 58 dated February 24, 1998.

Operations

In 2021, 19 meetings of the Corporate Governance & Nomination Committee were held, each one with an average length of 1 hour and 38 minutes. For the 2022 financial year, 7 Committee meetings have been planned. As at March 8, 2022, 2 Committee meetings had been held.

In 2021, the Chair of the Board of Directors, the Secretary of the Board, the Chair of the Board of Statutory Auditors and the Chief Executive Officer (from May to September 2021) attended meetings; Managers of the Company and external consultants were also invited to attend Committee meetings to discuss specific items on the Agenda.

Roles and Responsibilities

The Corporate Governance & Nomination Committee provides opinions and support to the Board regarding the definition of the UniCredit corporate governance system, corporate structure and Group governance models and guidelines.

Furthermore, the Committee;

a) drafts proposals to be submitted to the Board regarding the optimal qualitative and quantitative composition of the Board, and the maximum number of posts held by Directors in other companies considered compatible with effectively fulfilling these roles at UniCredit;
b) provides opinions and support regarding the Board self-assessment process, as directed by the Chair of the Board of Directors;
c) sets targets for the least well represented gender in corporate bodies as well as for management and staff belonging to the Group, and prepares a plan to bring this proportion up to set targets;
d) drafts proposals to be submitted to the Chair of the Board of Directors regarding the selection of staff appointed to conduct the Board's self-assessment process.

Moreover, the Committee provides opinions and support to the Board also regarding:

a) the verification that UniCredit Directors comply with the requirements provided by applicable laws and the Articles of Association (including the ban on interlocking directorships laid down by applicable laws), and that they collectively and individually ensure abidance with the qualitative and quantitative composition of the Board deemed to be optimal;
b) the selection of candidates for the post of Chair, Chief Executive Officer and Director of UniCredit, in the event of co-optation, and, should the Board present its own slate of candidates for the position of independent Director for approval by the UniCredit Shareholders' Meeting, taking into due account any recommendations from shareholders, as per the process for selecting candidates for the posts of Board of Directors' members (including the Chair and the Chief Executive Officer), approved by the Board itself;
c) the appointment of the CEO, General Manager, Deputy General Managers and other Executives with strategic responsibilities;
d) the verification that the General Manager and the Manager in charge of drafting the company financial reports comply with the requirements provided by applicable laws and the Articles of Association, if applicable;
e) the definition of appointment and succession plan policies for the CEO, General Manager, Deputy General Managers and other executives with strategic responsibilities, Senior Executive Vice Presidents, the Group Management Team (Executive Vice Presidents) and Leadership Team (Senior Vice Presidents);
f) the definition of the policy for the appointment of corporate officers (members of the Board of Directors, Board of Statutory Auditors and Supervisory Board) at Group companies;
g) the designation of corporate officers (members of the Board of Directors, Board of Statutory Auditors and Supervisory Board) at the main companies.

Moreover, the Committee:

provides support, coordinating with the Internal Controls & Risks Committee, in proposing candidates or assessing dismissal for the roles of Heads of corporate control functions to the Board of Directors;

Board of Directors' internal Committees

undertakes research to help the Board of Directors draft a succession plan for executive Directors.

Activities performed

In 2021 the Committee continued its regular activities, mainly examining possible actions aimed at strengthening the Bank's governance and aligning it to national and international best practices, and with investor expectations. It oversaw internal governance-related events/processes, such as verifying that corporate officers comply with the relevant regulations and respect the prohibition on interlocking directorship, reviewing the gender equality policy and strengthening the Bank's Diversity, Equity & Inclusion mission. The Committee also examined proposals for the designation of officers in the corporate bodies of the Group's main legal entities.

With regard to the activities relating sustainability, up to April 2021 the Committee assisted management in shaping the Group's sustainability strategy. After April 2021, the new ESG Committee will have responsibility for these matters.

Moreover, the Committee assisted the Board on a number of extraordinary activities, such as the Board's renewal, the selection of the interim General Manager in charge until the appointment of the new Chief Executive Officer in the Shareholders' Meeting, the managerial reorganization proposed by the new Chief Executive Officer and the definition of the succession plan of the Chief Executive Officer.

With specific reference to the above-mentioned Board renewal, the Committee assisted the Board in the following activities:

the analysis of the results of the self-assessment process of the Board and its Committees for the year 2020, aimed at checking its adequacy with respect to its size, composition and functioning;
the definition of the qualitative and quantitative Board composition deemed to be optimal for an effective discharge of the duties conferred to it by law, the Supervisory regulations and UniCredit Articles of Association;
the process for the definition of the Board list in view of the 2021 Shareholders' Meeting, in particular the definition of the ideal profile of the candidates for the role of non-executive director and the selection of candidates;
verifying the candidates included in the Board list possess the regulatory requirements.

With respect to the managerial reorganization, the Committee examined the new proposed organizational structure and managerial team, as well as all the initiatives required to simplify the Group's processes (such as the creation of a more streamlined Group managerial committee, the reduction in the number of the other managerial committees, the reorganization of the Group in geographic areas and transversal businesses).

The Committee then worked on the Chief Executive Officer succession plan, discussing with the Head of Group People & Culture the process for the identification of potential candidates for the post of "Permanent Chief Executive Officer" in the short-, medium- and long-term, and the process for the identification of an "Emergency Chief Executive Officer" in case of temporary or permanent unavailability of the incumbent CEO. Hence, the Committee examined several options for the implementation of an "Emergency plan" and recommended its adoption to the Board.

The Committee, through its Chair, carried out the activities falling under its remit with the support of the Company's structures and, where deemed necessary, of external consultants.

5.3 ESG Committee

The ESG Committee was established in April 2021, taking over the responsibilities over sustainability matters previously assigned to the Corporate Governance, Nomination and Sustainability Committee (now called Corporate Governance & Nomination Committee).

Composition

According to the provisions in the Corporate Bodies and Committees Regulation, the ESG Committee consists of three non-executive Directors.

The composition of the ESG Committee as at March 8, 2022, is the following: Ms. Francesca Tondi (Chairwoman), Mr. Jeffrey Alan Hedberg and Ms. Beatriz Ángela Lara Bartolomé.

All members of the ESG Committee comply with the independence requirements prescribed by the Corporate Governance Code and are independent pursuant to Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020 and Section 148 of Italian Legislative Decree no. 58 dated February 24, 1998.

Operations

During the different phases of 2021, the following were involved in the Committee activities:

the Chair of the Board of Statutory Auditors in all the cases and another Statutory Auditor on a six-monthly rotating basis;
the Chair of the Board of Directors and the Chief Executive Officer at the invitation of the Chair;
the Heads of the functions in charge of ESG matters (Heads of Strategy & Optimisation, Stakeholders Engagement, ESG Strategy & Impact Banking and the Group Risk Officer).

In 2021, the Committee was not supported by external consultants.

Roles and Responsibilities

The purpose of the ESG Committee is to support the Board of Directors in fulfilling its responsibilities with respect to the ESG integral components on the Group's business strategy and sustainability.

The ESG Committee shall provide opinions and support to the other Board Committees to ensure the alignment of the Group's policies to UniCredit's ESG principles and objectives.

The Committee also oversees:

ESG and sustainability-related developments also considering international guidelines and principles and market developments, monitoring the positioning of the Group with respect to national and international best practices in the ESG field;
the preparation of the yearly Integrated Report, which constitutes a non-financial declaration pursuant to the provisions of Sections 3 and 4 of Legislative Decree no. 254/2016, as well as the preparation of the TCFD (Task force on Climate-related Financial Disclosures) report, and any other specific disclosure obligations required by future ESG commitments of the Bank.

Activities performed

In 2021, the ESG Committee held 7 meetings. On average, Committee meetings lasted approx. 2 hours and 30 minutes.

In 2021, the Committee performed information-gathering, consultative and proposition-making functions with regard to the duties assigned to it by the Board of Directors. In particular, the Committee supported the Board of Directors in the definition of the ESG strategy which has then embedded in the strategic multi-year plan of the Group.

Board of Directors' internal Committees

At 2 meetings, "deep-dive" sessions were dedicated to the deepening of topics that fall within the Committee purview, dedicated respectively to "ECB self-assessment on climate and environmental risks" and to provide the Committee with an overview of the ESG Regulatory Framework. The Committee also examined policies relating to sensitive sectors (e.g., Coal Policy and Oil and Gas).

For the 2022 financial year, 10 Committee meetings have been planned. As at March 8, 2022, 4 Committee meetings had been held.

5.4 Remuneration Committee

For the required information on the Remuneration Committee's set-up, tasks and functioning, please refer to paragraphs "Role of the Remuneration Committee" and "Report on the Remuneration Committee" in the "2022 Group Remuneration Policy and Report", drawn up in accordance with Section 123-ter of the TUF, Section 84-quater of the CONSOB Issuers' Rules, and the provisions set forth under First Part, Title IV, Chapter 2, Policies and practices on remuneration and incentive of Banca d'Italia Circular no. 285/2013.

5.5 Related-Parties Committee

Set up in accordance with CONSOB Resolution no. 17221/2010 and Banca d'Italia Circular no. 285/2013 (Third Part, Chapter 11), the Related-Parties Committee oversees issues concerning transactions with related parties and riskrelated activities and conflicts of interest involving associated parties, conducting the specific role attributed to independent Directors by the aforementioned provisions. Furthermore, it carries out any other duty assigned to it under the Global Policy on transactions with related and associated parties, as applicable from time to time¹³.

Composition

The Related-Parties Committee consists of three Directors, all of whom qualify as independent pursuant to the Italian Corporate Governance Code.

The composition of the Related-Parties Committee as at March 8, 2022, is the following: Ms. Maria Pierdicchi (Chairwoman), Mr. Vincenzo Cariello and Ms. Elena Carletti.

Roles and Responsibilities

The Related-Parties Committee operates on a consultative and proposition-making basis. Pursuant to the current Global Policy "Transactions with related parties, associated persons and Corporate Officers ex art.136 CBA", the Committee is in particular in charge of:

• formulating prior, motivated and binding opinions for the purposes of the Board of Directors' resolution on the overall suitability of internal procedures and subsequent updates in order to achieve the objectives established in the external regulatory framework;

¹³ The UniCredit website address where the Global Policy Transactions with related parties, associated persons and corporate officers ex. Section 136 of the CBA is available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/related-parties-and-associated-persons.html

formulating prior and motivated opinions, when expressly required, in the event of transactions with members of the Combined Perimeter¹⁴ either directly or indirectly with UniCredit, concerning the Company's interest in the performance of such transactions, as well as the profitability and substantial correctness of the conditions of such transactions;
becoming timely involved, in the event of transactions of "greater significance" with members of the Combined Perimeter, - if deemed necessary by the Committee through one or more delegated members - in the negotiation phase and in the preliminary phase through the reception of an exhaustive and updated information flow, including the right to request information and issue observations to delegated bodies and the persons in charge of carrying out negotiations or the preliminary phase;
pursuant to section 4, paragraph 1, lett. e-bis) point (i) of the CONSOB Regulation, examining, on the basis of the periodic information flows, also through the use of sample selection methods, the application of the cases of voluntary exemption provided for by the above-mentioned Global Policy in order to examine the adequacy of the same – also in view of its periodic review – and to formulate any corrective measures;
pursuant to section 4, paragraph 1, lett. e-bis) point (ii) of the CONSOB Regulation, verifying the proper application of the exemption conditions to transactions of "greater significance" defined as "ordinary" and "concluded at market or standard conditions", notified to the Committee pursuant to Section 13, paragraph 3, letter c) of the CONSOB Regulation no. 17721/2010, as well as to the above Global Policy. Upon receipt of the report, the Chair of the Committee shall immediately call the Committee to conduct the relevant review.

Operations

Regarding each individual transaction subject to assessment, Committee members must be different from the counterparty, its associated parties and/or any entities related to it.

If a Committee member is a counterparty to the transaction under examination (or is related/associated with the counterparty), he/she must promptly inform the Chair of the Board of Directors and the Committee Chair (provided he/she is not in a conflict of interest situation), and abstain from attending further Committee proceedings with regard to the transaction in which the relationship exists. Having consulted with the Committee Chair (provided he/she is not in a conflict of interest situation), the Chair of the Board of Directors shall immediately take steps to replace the member who has this conflict of interest with another member from the Board of Directors who qualifies as independent pursuant to the Italian Corporate Governance Code, after contacting them beforehand, in order to restore the Committee to three non-related and non-associated independent Directors.

For transactions that need to be finalised urgently and require the intervention of the Related-Parties Committee during negotiations and due diligence and/or during the issue of opinions, having acknowledged the urgency and noted that the majority or all members are unable to meet or carry out the required activities in time to conclude the transaction, the Committee Chair shall promptly inform the Chair of the Board of Directors of this situation. In any event, these circumstances must be communicated no later than the day after the Committee Chair was informed that the majority or all Committee members was not available. Having consulted with the CEO and determined that the transaction cannot be delayed, the Chair of the Board of Directors immediately takes steps to find three Directors to sit on the Committee and follow the process for temporary substitutions in the event of conflicts of interest.

Activities performed

In 2021, the Related-Parties Committee held 14 meetings (on average, each Committee meeting lasted 1 hour and 40 minutes).

¹⁴ Persons at Group level subject to procedures – which apply jointly - as envisaged under the Global Policy Transactions with related parties, associated persons and corporate officers ex section 136 of the CBA, pursuant to both CONSOB Resolution no. 17221/2010 and Banca d'Italia Circular no. 285/2013 (Third Part, Chapter 11).

Board of Directors' internal Committees

Company and Group Managers and personnel, as well as advisors belonging to major Italian and foreign consultancy and law firms, attended Committee meetings for discussions on Agenda items to support the evaluations performed by the competent structures.

A Statutory Auditor of UniCredit attended all 2021 Committee's meetings.

In 2021, the Committee issued three opinions on two transactions related to UniCredit S.p.A. and one transaction related to its subsidiary, UniCredit Factoring S.p.A.. For the issuance of said two opinions, the Committee availed itself of the activity of experts, after having assessed the possession of the independence requirements (pursuant to Annex 4 of CONSOB Regulation no. 17221/2010) and of experience.

Furthermore, on 8 June 2021, the Board of Directors approved, following the positive opinions of the Committee and of the Board of Statutory Auditors, the new release of the Global Policy "Transactions with related parties, associated persons and Corporate Officers ex art. 136 CBA", which was updated to take into account its effectiveness as showed in practice, as well as the amendments of the relevant rules, specifically following the issuance of CONSOB Resolution no. 21624 of 10 December 2020, with which CONSOB updated its Regulation no. 17221/2010, effective as from 1 July 2021.

The activity carried out by the Committee in 2021 also concerned the analysis of the periodic information drafted by:

Group Risk Management, on the Group's overall exposure arising from transactions with components of the Combined Perimeter;
Presidio Unico, on the transactions of UniCredit and of the subsidiaries with components of the Combined Perimeter. As from 1 July 2021, consistently with CONSOB Regulation no. 17221/2010 and the abovementioned Global Policy, the information only concerned the transactions which are subject to an exemption. The mentioned information flow is functional to the performance by the Committee of the examination tasks on the correct implementation of voluntary exemptions;
Presidio Unico, on the topics which are relevant for the Combined Perimeter.

Lastly, the Committee received the following information "on a voluntary basis":

the monitoring performed by Presidio Unico on the adoption and implementation of the Global Policy in Group's companies;
the outcomes of the second-line controls performed by the Compliance function, on the existence and completeness of the procedures which are appropriate to ensure the compliance with the requirements established by the legal framework and by the internal rules on the process for managing the transactions with components of the Combined Perimeter;
the analysis performed by Presidio Unico on the "correlation title" of the components of the Combined Perimeter, with specific reference to the companies which are associated directly and indirectly with UniCredit S.p.A.;
the monitoring performed by Presidio Unico on the operations with the main related parties in the last three years.

For the 2022 financial year, 11 meetings have been planned for the Related-Parties Committee. As at March 8, 2022, 4 meetings have been held.

Directors' remuneration

For the required information on compensation for executive Directors, non-executive Directors and Executives with strategic responsibilities, as well as on indemnities to Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (as per Section 123/bis, sub-section 1, letter i), of the TUF), please refer to the section on "Compensation to Directors, Statutory Auditors and Executives with Strategic Responsibilities" in the "2022 Group Remuneration Policy and Report", drawn up in accordance with Section 123/ter of the TUF, Section 84/quater of the CONSOB Issuers' Rules, and the provisions set forth under First Part, Title IV, Chapter 2, Policies and practices on remuneration and incentive of Banca d'Italia Circular no. 285/2013.

Directors' interests and related-parties transactions

Risks arising from transactions with persons in a potential conflict-of-interest situation are governed, inter alia, by the Regulation CONSOB adopted in Resolution no. 17221/2010, by regulations on "Risk activities and conflicts of interest with associated parties" provided for under Third Part, Chapter 11 of Banca d'Italia Circular no. 285/2013, as well as regulations on the obligations of corporate officers at Banks pursuant to Section 136, Legislative Decree no. 385/1993.

Under this regulatory framework, with the unanimous and favourable opinion of the Related-Party Committee and the Board of Statutory Auditors, on June 16, 2021 the UniCredit Board of Directors adopted its "Global Policy Transactions with related parties, associated persons and corporate officers ex Section 136 of the CBA" (available on the UniCredit website) with the aim of defining principles and setting out rules for controlling risks that may arise out of a possible conflict of interest caused by a party's close ties with bank decision-makers.

Intended as an organic evolution towards unifying aspects of governance and areas of enforcement, procedural and organisational approaches (due to the significant similarities between CONSOB's regulations on related parties and the Banca d'Italia's on associated parties), this Global Policy details provisions to be complied with when managing transactions with persons in a potential situation of conflict of interest, as defined by the above-mentioned regulations.

Here below is the list of enforcement areas which are handled jointly by the provisions in the Policy:

governance issues and the associated roles of the Board of Directors, the Related-Parties Committee and the Board of Statutory Auditors;
organisational structures for overseeing and managing transactions with related and associated parties;
perimeter of CONSOB related parties and Banca d'Italia associated parties;
criteria for identifying and detecting transactions with related parties and associated parties, including those of greater relevance;
cases of exemption set out in the CONSOB Regulations and through Banca d'Italia provisions, and exemptions at UniCredit pursuant to the powers provided for under such provisions;
procedures for arranging and approving transactions with related parties and with associated parties;
checks and rules for adoption of the Policy within the Group.

Taking into consideration the peculiarities that characterise these provisions, references are also provided on the following:

disclosure- and transparency-related obligations required by CONSOB with reference to transactions with related parties;
risk activities with associated parties pursuant to Banca d'Italia supervisory reporting terms;
monitoring prudential limits and risk appetite levels of associated persons.

The current version of the Global Policy is available on the UniCredit website¹⁵.

* * *

Compliance with legal requirements on the interests of company Directors and related-parties transactions being unaffected, through its Global Policy the Company must also comply with Section 136 of Legislative Decree no. 385/1993 concerning the obligations incumbent upon bank corporate officers, according to which such officers may not take on any obligation, directly or indirectly, with the bank that they manage, direct or control, unless it is approved unanimously by the supervisory body, and with the person concerned abstaining, and with the favourable vote of the controlling body's members. Accordingly, corporate officers are required to report the names of

¹⁵ The UniCredit website address where the Global Policy on Transactions with related parties, associated persons and corporate officers ex section 136 of the TUB is available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/related-parties-and-associated-persons.html

individuals or companies with whom entering into relations might constitute an indirect obligation that substantially refers to a corporate officer.

A transaction with a related party involving a bank's corporate officer or a party related to such individual falls under the provisions of Section 136 of the Legislative Decree no. 385/1993 and the respective procedure. In such cases, the Related Parties Committee must be granted an early, timely and complete information flow in accordance with the specific methods envisaged for transactions of greater or lesser relevance.

Internal controls and risks management system

The internal controls system is an essential part of the overall governance system at a bank. It plays a central role in their organisation, and can help to ensure the effective management of risks and how they interrelate, to ensure that the activities carried out complies with the corporate strategies and policies, and is founded on sound and prudent management principles.

An effective internal controls system is a prerequisite for value creation over the medium-to-long term, safeguarding asset quality, correctly perceiving risk and appropriately allocating capital.

The UniCredit Group internal controls system, in its ordinary governance setup, is based on:

control bodies and functions, involving (each one within its respective sphere of competence) the Board of Directors, the Internal Controls & Risks Committee, the Chief Executive Officer, the Board of Statutory Auditors, and the corporate functions with specific tasks to that regard;
information flows and coordination procedures among parties involved in internal controls and risks management system;
Group Governance mechanisms.

8.1 Bodies and functions

The Board of Directors and the Internal Controls & Risks Committee

Guidelines for internal controls and the risks management system are defined by the Board of Directors, having verified their consistency with the strategic orientation and the risk appetite established by the Board. Consequently, the Board is able to guarantee that the main risks are properly identified, measured, managed and monitored in the appropriate manner, also taking into account how they evolve and interact and, furthermore, establishing criteria for the compatibility of such risks with sound and prudent management.

Within this context, on a yearly basis the Board of Directors defines and approves a Group Risk Appetite Framework that is consistent with the budget process timeline and definition of the financial plan, in order to ensure that business develops within the desired risk profile and in accordance with national and international regulations.

The Risk Appetite Framework summarises the Group's desired risk profile, including identification of significant risks to which the Group is exposed, by defining thresholds for the following indicators:

regulatory indicators in order to ensure compliance at all times with the Supervisory Authority requirements (e.g., the Common Equity Tier 1 Ratio and the Liquidity Coverage Ratio);
managerial indicators, to monitor the evolution of key variables from both a strategic and Risk Appetite point of view defined to ensure the steering of all key financial risks (e.g., Credit, Liquidity and Interest Rate Risk, Market and Sovereign Risk), Profitability, Non-Financial Risks (e.g., Operational Risk, ICT, Cyber Risk, Compliance Risk) and Climate and Environmental Risks.

In the second half of the 2021, consistently with the new Strategic Plan definition, the Group Risk Appetite Framework has been set for the whole multi-year Plan horizon as well as for the 2022 to sustain the way forward versus the Company's strategic objectives in a controlled risk environment. The key elements have been re-defined and re-evaluated, including the macro scenario underlying the Plan, key risks and risk trends, considering COVID-19 pandemic still shaping the overall risk picture, re-setting the new Multi-Year Plan RAF KPIs targets as well as the yearly 2022 RAF KPIs Dashboard. Enhancements of the framework included setting the 2022 thresholds for several KPIs that were subject to monitoring only, as well as cascading of some of them from Group level also to the Group Companies. In particular, regarding Non-Financial Risks, KPIs in the ICT risk and Cyber risk area were optimized and cascaded to the Legal Entities' level, a more conservative approach was applied for some Compliance KPIs' thresholds setting. Regarding ESG factors, new risk-related RAF KPIs related to ESG risk were introduced for 2022

addressing both Transition and Physical risks and Risk Appetite Statement has been enhanced covering also "Social" and "Governance" factors.

The Board approved the new Group Risk Appetite Framework for 2022 and for the 2022-2024 Multi-Year Plan , which takes into account the challenges to be faced and the measures planned to tackle the global pandemic crisis.

The Group Risk Appetite Framework, which includes both the quantitative component (i.e. RAF dashboard) and the qualitative component (i.e. Risk Appetite Statement), is consistently implemented at relevant Group Legal Entities. The quantitative component includes for each KPI the definition of relevant target, trigger and limit: (i) the targets represent the amount of risk the Group is willing to take on in normal conditions, and they form the reference thresholds for development of the business, (ii) the triggers represent the maximum acceptable level of deviation from the defined target thresholds. They are set so as to assure that even under stress conditions the Group can operate within the maximum level of acceptable risk; the managerial committee Group Executive Committee and the Board of Directors shall be informed of trigger breaches; (iii) the limits are hard points that represent the maximum level of risk acceptable for the Group; if a limit is breached, the Board of Directors must be involved in assessing and deciding upon possible corrective measures.

The Board of Directors is supported by the Internal Controls & Risks Committee in its decision-making activities relating to the internal controls and risks management system.

Within its sphere of competence, the UniCredit Board of Directors approves the establishment of corporate control functions, defining their relevant roles and responsibilities, forms of coordination and collaboration, and the information flows between them and the corporate bodies. Additionally, as part of its support of the Internal Controls & Risks Committee, it draws up coordination documents envisaged under Banca d'Italia Circular no. 285/2013, and has mandated the Chief Executive Officer to execute the Board's directions by designing, managing and monitoring the internal controls and risks management system. Within the scope of this, the Board of Directors ensures that corporate control functions are stable and independent, and that they may access all Bank and Group Companies' activities and any data relevant for performing their respective duties.

At least once a year, after considering the opinion issued by the Board of Statutory Auditors, the Board of Directors assesses the organisational structure's adequacy and the number and skills of staff working at the compliance (Group Compliance) and risk management functions (Group Risk Management). Furthermore, the Board resolves on any possible amendments necessary to the internal audit function's (Internal Audit) organisation and staffing.

Moreover, the Board of Directors approves the following strategies.

Credit Strategies

Under Basel II Pillar II, Group Credit Risk Strategies represent an advanced credit risk management instrument, targeted at ensuring consistency between budget targets and the Risk Appetite Framework. Taking into consideration the macroeconomic and credit scenario, projections in the economic and industry sector, as well as business initiatives and strategies, Credit Strategies provide a set of guidelines and operational targets broken down by the countries and business segments in which the Group operates, with the goal of identifying the desired risk profile and business line positioning in order to ensure growth consistent with the Group Risk Appetite Framework, while at the same time minimising the overall credit risk impact without precluding profitable business opportunities.

Financial Risk Strategies

At Group level, the UniCredit "Group Financial Risk" function manages the setting of overall limits on the Group's financial risks (i.e. liquidity, interest rate, market, counterparty and trading credit risks).

To this end, the Holding Company's "Group Financial Risk" function acts in tight coordination with:

Internal controls and risks management system

the Group Companies' Market Risk functions, which in accordance with the Group business model are entitled to take on exposures to market risks either in the trading or in the banking book and liquidity. Within the defined overall business model, the relationship with the Market Risk functions, within the overall process of negotiating operational limits alongside the business functions is designed to ensure consistency of the limits with the returns assigned to them in the budget, taking into account dynamics associated with risk indicators, based on historically-observed data, expected market developments and proposed business initiatives;
the "Risk Appetite & Integrated Risks" Group Risk Management function in charge of the Group Risk Appetite, with the aim of verifying the limits-related impact on Regulatory and Economic Capital within an iterative process conceived to ensure that limits are consistentwith the capital allocation approved at Group level, taking into consideration income goals defined in the annual and strategic plans.

The UniCredit Board sets out the guidelines for the internal controls system, verifying its consistency with established strategic orientations and risk appetite, as well as its capacity to detect the evolution of corporate risks and how they mutually interact, ensuring that the main risks are properly identified, measured, managed and monitored in the appropriate manner, through Internal Controls & Risks Committee activities, in particular, on the basis of:

reports by the Heads of corporate control functions: the compliance function (Group Compliance), the risk management function (Group Risk Management), the internal audit function (Internal Audit), the anti-money laundering function (AML Italy) and the validation function (Group Internal Validation);
information from the Manager charged with preparing the company financial reports in compliance with the international accounting standards and with regulations relevant to preparing the consolidated financial statements;
any useful information related to monitoring overall corporate risks provided by the relevant Company structures and/or the by the audit firm assigned to undertake statutory accounting supervision.

At least yearly, the Board approves the activities programme prepared by the corporate control functions, including the yearly audit plan, and examines their annual reports. Moreover, it approves the multi-year audit plan.

In addition, the Board ensures that the internal controls system and corporate organisation are constantly in harmony with the principles enshrined in laws and regulations applicable from time to time, verifying at least yearly on an basis the adequacy, effectiveness and proper functioning of the internal controls and risks management system; should shortcomings or discrepancies emerge, the Board promptly fosters adoption of appropriate corrective measures, the efficacy of which should subsequently be assessed.

Chief Executive Officer

Notwithstanding the Board of Directors' authority over the establishment of corporate control functions and the definition of related roles and responsibilities, the Chief Executive Officer manages the internal controls and risks management system, with support from relevant functions. This includes:

(i) identifying the Company's risks and submitting them to the Board of Directors. To that end, the Chief Executive Officer must have in-depth knowledge about all corporate risks and, as part of an integrated managementoriented approach, their reciprocal relationships, taking into account how external circumstances (including macroeconomic risks) evolve;
(ii) putting into practice the strategic guidelines, RAF and risk management policies defined by the Board. He does this by planning, managing and monitoring the internal controls and risks management system. In the supervision of these activities, the Chief Executive Officer is formally supported by the managerial committee Group Executive Committee and the Group Risks/Controls Committee (i.e., Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee), chaired by the Chief Executive Officer, in which sessions topics related to the system of internal controls, related remedial plans, as well as issues related to risk management and monitoring are addressed.

The Chief Executive Officer is responsible for taking all necessary steps to ensure that the organisation and internal controls system comply with the principles and requirements envisaged under current legal provisions. Furthermore, on an ongoing basis and with assistance from the competent functions (as well as directly sitting on ad hoc managerial committees aimed at overseeing and/or controlling risks), he supervises the proper management of overall corporate risks and the adequacy, and the effectiveness and efficiency of associated protective structures, including by means of defining optimal policies for managing such risks. To that end, at all levels he facilitates dissemination of an integrated risk culture spanning the various types of risk.

With specific reference to the non-compliance risk, working with support from the Compliance function, the Chief Executive Officer ensures effective management of such risk, deciding on appropriate policies and procedures for compliance with local regulations for the Bank; in the case of a compliance breach, he ensures that the necessary remedies are put in place and defines information flows to ensure that the Bank's competent corporate bodies are fully aware of how to manage the non-compliance risk. Backed by the Compliance function, at least once a year the Chief Executive Officer identifies and evaluates the main compliance risks to which the Bank is exposed, planning management measures and at least once a year reporting to the Board of Directors and the Statutory Auditors on the adequacy of non-compliance risk management.

Upon the Internal Controls & Risks Committee Chair's invitation, the Chief Executive Officer attends the meetings of such Committee on specific Agenda items. At these meetings, the Chief Executive Officer reports to the Committee on the relevant issues pertaining to items on the Agenda, providing clarifications when necessary and following up on any requests for the Committee to undertake further investigation.

As for third-level controls carried out by the Internal Audit function, the Chief Executive Officer is informed of guidelines for auditing activities, may make suggestions to integrate the annual control plan, and may request specific auditing not foreseen in the annual plan.

Within this field, the Chief Executive Officer makes sure that the Board of Directors engages in effective, ongoing dialogue and exchange, with support from the corporate functions that report to him as Head of the internal structure, in order to allow him to review the choices and decisions they adopt over time. To that end, the Chief Executive Officer receives information from corporate functions necessary to assure the supervision required of him, especially at managerial committees meetings which he attends as Chair, and meetings by committees of which he is not a member, through specific, systematic information flows.

Moreover, the Chief Executive Officer promotes initiatives and actions that are necessary to ensure the ongoing exhaustiveness, adequacy, functionality and reliability of the internal controls system, reporting to the Board of Directors on the outcome of checks, arranging and carrying out any necessary corrective measures, and implementing such measures should there be any deficiencies or anomalies, or should relevant new products, activities, services and processes be introduced.

Board of Statutory Auditors

The UniCredit Board of Statutory Auditors is responsible for overseeing the completeness, adequacy, functionality and reliability of the internal controls system and the RAF, as well as the risks management and control process. With regard to the variety of corporate functions and structures that have control roles and responsibilities within the Company, the Board of Statutory Auditors is called to check the efficacy of all structures and functions involved in the controls system, the proper performance of duties, proper coordination of such duties, and promoting any corrective actions aimed at remedy any shortcoming or irregularities detected.

Drawing on the contribution of the corporate control functions, as part of its more general overall review of the risks management process, the Board of Statutory Auditors supervises compliance with ICAAP process provisions and the completeness, adequacy, functionality and reliability of the advanced internal risks measurement systems for determining capital requirements, as well as compliance with requirements envisaged under the relevant provisions.

Internal controls and risks management system

The Board of Statutory Auditors supervises the financial disclosure process and compliance with provisions on the disclosure of non-financial information, external auditing of the annual individual and consolidated accounts, the independence of the external audit firm, in particular with regards to carrying out non-auditing activities, and periodically meets with the external audit firm for a reciprocal exchange of information.

With specific regard to the assignment of Supervisory Body functions to the Board of Statutory Auditors pursuant to Legislative Decree no. 231/2001, it should be noted that at its February 6, 2019, meeting, the UniCredit Board of Directors resolved to entrust these tasks to the control body starting from its renewal for the 2019-2021 financial years (see following paragraph 8.5 Organisation Model as per Legislative Decree no. 231/2001).

The Board of Statutory Auditors is responsible for establishing appropriate functional links with the Internal Controls & Risks Committee and the Remuneration Committee, in accordance with their specific skills.

Control functions

In compliance with current law and drawing inspiration from international best practice, the types of control at UniCredit are structured on three levels:

line controls (so-called first-level controls), in charge of the corporate functions responsible for business/ operational activities;
risk and compliance controls (so-called second-level controls), in charge of the Group Compliance and Group Risk Management functions, each regarding the matters in their sphere of competence;
internal audit (so-called third-level controls), in charge of the Internal Audit function.

The Group Compliance, Group Risk Management and Internal Audit functions are separated and hierarchically independent from the corporate functions that carry out the activities subject to their control. The Board of Directors has exclusive competence – based on a proposal made by the Internal Controls & Risks Committee, as well as after hearing the Board of Statutory Auditors – over the appointment and removal of the Heads of said corporate control functions.

As per Banca d'Italia Circular no. 285, corporate control functions also include the anti-money laundering and validation functions set up via Group Compliance and Group Risk Management respectively.

The Compliance function

The mission of Group Compliance, under the responsibility of the Group Compliance Officer, role covered by Ms. Serenella De Candia, is to monitor the management of the non-compliance risk¹⁶ as well as to assist the Group, its Management, the corporate bodies and employees in carrying out their activities in compliance with mandatory rules, internal procedures and applicable best practices.

Bank and Group's companies' Compliance function are independent, drawing on human and technological resources that are qualitatively and quantitatively adequate to the tasks to be performed, reporting directly to Senior Management and the corporate bodies, and with access to all corporate information and participates to decisionmaking processes; when necessary, it can elevate an issue directly up the hierarchical higher levels.

¹⁶ Non-compliance risk can be defined as the risk of incurring legal or administrative penalties, financial losses, or damage to reputation as a result of non- compliance with mandatory rules regulating financial and banking undertakings, codes of conduct and standards of "good practice managing."

Group Compliance has a proactive role in advising the Bank functions on regulatory requirements, especially on new products, processes, business initiatives, commercial campaigns, marketing materials, and sets rules of conducts, guidelines, and standards - for its perimeter of competence - to be observed.

Group Compliance monitors the management of the non-compliance risk according to a risk-based approach, i.e., an approach that, based on the ongoing assessment of Group activities and the regulatory framework and corporate environment, focuses its activities and priorities on the areas, standards, processes and procedures most at risk of non-compliance.

Consistently with this approach, the non-compliance risk monitoring, with respect to all corporate activities (with the exception of laws and regulations falling within the scope of Group Risk Management) is carried out directly¹⁷, on most relevant regulations with regards to non-compliance risk like the ones concerning banking and financial activities, conflicts of interests management, transparency to customers and, more generally, consumer safeguard regulation.

As far as other regulations are concerned (e.g., tax laws, Law on Health and Safety at Work), and with reference to UniCredit S.p.A. only, the Compliance function monitors indirectly¹⁸, by providing/validating compliance risk assessment methodologies and procedures to/for the so-called "Presidi specialistici", in place within other business structures.

Group Compliance pursues these objectives in particular by:

promoting a culture that encourages compliance with the law, internal regulations and the Global Rules and by and they ethical principles which underlie the corporate culture;
identifying, assessing and monitoring non-compliance risk, including the development and monitoring of compliance with Global Rules which are aimed at the mitigation of those risks;
establishing relationships with the Authorities (Supervisory Authorities, Trade Associations, Legislator, etc.) together with other relevant structures and promoting a continuous dialogue with such Authorities for the area of competence;
cooperating with other Competence Lines¹⁹ within the Group, and especially with other structures that oversee the management and control of risk (e.g., Internal Audit, Group Risk Management) in order to improve the overall consistency and ensure adequate and continuous mutual information flows;
periodically communicating with and providing assistance to the senior management and the Board of Directors on non-compliance risk management, including by participating in the Group Executive Committee and other managerial Committees;
providing guidelines on compliance significant topics to business representatives and other Competence Lines, through proactive advice and upon request, i.e., by providing advice on laws, regulations, codes, practices, products, business lines and organizational structures also at local level;
fulfilling legal requirements concerning anti-money laundering reporting for UniCredit S.p.A., through the appointment of a AML Responsible (AML Officer), in accordance with Banca d'Italia Provision of March 10, 2011 laying down implementing provisions concerning anti-money laundering organization, procedures and internal controls, such AML officer being tasked with promoting a unified anti-money laundering approach in Italy and with the managerial coordination of the anti-money laundering officers appointed by other centralized Italian Group Companies;

¹⁷ Compliance has a direct oversight on the thematic areas defined in the IR 995/2 of 20 April 2016 – Group Compliance Framework (App. 1) as well as on the corporate responsibility for crime committed by employees in the interest of company (Legislative Decree no. 231/2001).

¹⁸ As envisaged in the "Indirect Model for the supervision of compliance risk" approved by the Board of Directors on July 8, 2014.

¹⁹ Competence Lines are represented by structures/functions that operate across the Holding Company and Group and are aimed at directing, coordinating and controlling overall Group and individual company activities and risks (Finance, Risk Management, Legal, Compliance, Internal Audit as well as People & Culture).

Internal controls and risks management system

fulfilling legal requirements regarding the personal data processing for UniCredit S.p.A., through the appointment of a Data Protection Officer, in compliance with Regulation (EU) 2016/679 of 27 April 2016 laying down provisions on the organization, procedures and evaluation of the impact of data protection, playing a coordinating role at Group level.

Group Compliance is in charge of guiding, coordinating and monitoring compliance matters at Group level; as part of these responsibilities, Group Compliance can perform centralized functions with regard to Compliance matters on behalf of the Italian Group Companies.

The Group Risk Management function

Under the responsibility of the Group Risk Officer, the Group Risk Management structure's mission is to:

optimise the quality of the Group's assets, minimising the risk cost in accordance with the risk/profitability goals set for the business areas;
ensure the strategic steering and definition of the Group's risk management policies;
define and provide the Heads of the Business Functions and Group Companies with the criteria for assessing, managing, measuring, monitoring and communicating risk. It also ensures that the procedures and systems designed to control risk at Group and individual Group Company level are coherent;
help build a risk culture across the Group by training and developing highly qualified staff, together with the competent Group People & Culture functions;
help to find ways to rectify asset imbalances, where needed coordinating with the Group Financial Officer;
help the Business Functions achieve their goals, including by assisting in the development of products and businesses (e.g., innovation of credit products, competitive opportunities linked to the Basel accords, etc.);
support the Chief Executive Officer in defining the Group Risk Appetite proposal, to be shared in the managerial committee Group Risk Committee and submitted for approval to the Board of Directors, as preliminary and preparatory step for the yearly and multi-yearly budget plan pertaining to the Group Financial Officer. The Group Risk Appetite includes a series of parameters defined by the Group Risk Officer, with the contribution of the Group Financial Officer and of other relevant Group functions, each within the scope of their competence; each parameter can be complemented by limits and thresholds proposed by the Group Risk Officer and targets proposed by the Group Financial Officer and/or by the relevant Group functions, each respecting their mission and internal regulations. The Group Risk Officer is responsible for ensuring the overall coherence of the proposed parameters and values. Furthermore, the Group Risk Officer is responsible for ensuring to the Chief Executive Officer and the Board of Directors the coherence of the Group Risk Appetite with the Group strategic guidelines, as well as the coherence of the budget goals with the Group Risk Appetite setting and the periodical monitoring of the RAF. The Group Financial Officer remains responsible for monitoring the performances of the Group and of the business functions, in order to identify possible underperforming areas and the related corrective measures.

Such mission is accomplished by coordinating the Group's risks management as a whole. More specifically, it involves carrying out the following macro-functions:

governing and checking credit, cross-border, market, balance sheet, liquidity, operational and reputational risk at Group level as well as any other risks relating to Basel II Pillar II (e.g., strategic, real estate, financial investment, business risks), by defining risk strategies and limits, developing risk measurement methodologies, performing stress tests and portfolio analysis;
supervising, on a Group level and for UniCredit S.p.A., Basel accord related activities;
coordinating the internal capital measurement process within the "Internal Capital Adequacy Assessment Process" ("ICAAP") and coordinating activities for drawing up the "ICAAP Regulatory Report";
performing internal validation activities, at Group level, on systems for measuring, credit, operating and market risks, or Basel II Pillar II risks on related processes and data quality and IT components, as well as on models for pricing financial instruments, in order to check that they conform to regulatory requirements and in-house standards, overseeing consequently the non-compliance risk regarding to such regulatory requirements;
ensuring that the competent Bodies/Functions get adequate reports;
developing the strategy and oversee the management, process, targets and disposals of Non-Performing Exposures/NPE, repossessed assets and any other distressed assets for the entire Group. The Group Risk Officer defines the criteria/rules for identifying the exposures and assets for sale and portfolio targets;
drafting and managing risk policies, both at Group level (Group Rules) and at Parent Company level, on the performance of risk-related activities for which UniCredit S.p.A. is competent as well as ensuring the related monitoring;
performing second-level checks on the risks of the treasury and credit treasury portfolios within the Group and the Parent Company;
assigning ratings for banks and for the Group's major exposures, carrying out the relevant mapping, at Group level, and managing the "rating override" process with regard to Group-wide rating systems as well as those for measuring the credit risk of UniCredit S.p.A.'s counterparts;
defining the minimum standards and guidelines for validating IT infrastructures and data quality, credit risks, operating risks and Basel II Pillar II risks, for feeding Group and Parent Company reports on credit risk and for feeding credit risk measurement models;
analysing and controlling, at Italian perimeter level, credit, operating and reputational risks generated by the activities of Italy Division;
carrying out the functional coordination of the Group Companies in its area of competence.

Moreover, the Group Risk Officer has direct responsibilities for UniCredit S.p.A. for coordinating and managing credit granting activities as well as the post-deliberation phases, ensuring the monitoring of credit exposures, credit collection and the operational management of restructuring and workout activities. This translates into the following responsibilities:

coordinating and managing credit-granting activities, assessing the creditworthiness of UniCredit S.p.A.'s counterparties, deciding on credit files within the powers delegated and formulating proposals to the competent decision-making bodies;
coordinating and handling the post-decision phase and ensuring that outstanding positions and the credit portfolio of UniCredit S.p.A. are properly monitored;
coordinating and managing restructuring and workout files including the Debt to Equity and Debt to Asset transactions and the related equity participations/assets;
evaluating, monitoring and supervising, at Group level, of the Large Credit Transactions and managing the Global Credit Model of Financial Institutions, Banks and Sovereigns (FIBS). Furthermore, the Group Risk Officer is responsible for the assessment, approval and daily management of Country Risks and Cross-Border credit risktaking;
contributing to the management of risks through the definition and improvement of credit processes (e.g. underwriting, monitoring, collection e loan administration) for the perimeter of UniCredit S.p.A., in line with strategic guidelines and credit policies.

In order to strengthen the capacity of independent steering, coordination and control of Group risks, to improve the efficiency and the flexibility on the risk decision process and to address the interaction among the relevant risk stakeholders, specific Committees are in place:

The managerial committees Group Executive Committee, Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee support the Chief Executive Officer in the role of steering, coordinating and monitoring the strategic and all categories of risks (included compliance risk), at Group level, as well as defining the Group Recovery Plan.

The Group Risk Management function sets up specific information flows to ensure full knowledge about the Group's risks exposure and underlying factors, as well as trends for significant variables included in the Risk Appetite Framework. This information, of which the Chief Executive Officer is aware, in part through chairing the managerial committee Group Executive Committee and the Group Risks/Controls Committee (i.e., Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee), chaired by the Chief Executive Officer, also with a view to draft proposals/reports for the Board of Directors, mainly relates to the topics summarised below:

• Risk Appetite Framework, liquidity risk management adequacy (ILAAP) and capital adequacy (ICAAP);

Internal controls and risks management system

activities performed, checks carried out and related outcomes of all covered risk types
development, validation and maintenance of the risks measurement and control system, also through the assessment performed by internal validation function.

The UniCredit Group Risk Officer is Mr. Thiam Joo Lim.

The Internal Audit function

The UniCredit Internal Audit function, which reports to the Board of Directors, steers, coordinates and monitors the Group's internal audit activities, and performs third-level control activities as well as on-site inspections on the Parent Company and on the Group's Companies that have outsourced internal audit activities to UniCredit on an inservice company basis ("In service Companies"). In addition, as the Group's Internal Audit function it may conduct on-site controls on any Group Company.

The Internal Audit function acts in compliance with the Internal Audit Group Charter, which defines its mission, responsibility, organisational reporting, tasks and authority.

As independent function, Internal Audit plays an integral part in the internal controls system, carrying out assurance and consulting to evaluate, add value to and improve the internal controls system of UniCredit and its Group.

Internal Audit adheres to the International Professional Practices Framework (Definition of Internal Audit, Core Principles for the Professional Practice of Internal Auditing, and Code of Ethics and International Standards).

The Officer in charge of the Internal Audit function

The Head of the Internal Audit function is Mr. Guglielmo Zadra and he reports, either directly or via the Internal Controls & Risks Committee, to the Board of Directors at least once a year, and, in particularly important cases, at the next available meeting, on the adequacy, effectiveness and efficiency of the internal control system.

The Head of the Internal Audit function is not in charge of any operational areas, and reports hierarchically to the Board of Directors.

In addition, after hearing the Internal Controls & Risks Committee's opinion, the Board of Directors has exclusive competence over determining the variable portion of remuneration for the Head of the Internal Audit function, based on criteria and parameters not connected to Bank performance.

In compliance with the Internal Audit Group Charter, the Head of the Internal Audit function performs the following activities:

develops and executes an annual audit plan and a multi-year audit plan using an appropriate risk-based methodology with a view to the future, taking into account trends and emerging risks. In this context, organisational changes and projects identified by Senior Management and/or governing bodies are considered to be relevant. Both plans are submitted for approval to the Board of Directors after examination by the Internal Controls & Risks Committee;
ensures adequate audit coverage, taking into account the competencies of the external auditors and Supervisory Authorities, including a reasonable overview of expenses;
issues periodic reports to the Board of Directors and to the Internal Controls & Risks Committee, that summarise the main findings of audit activities at Group level;
undertakes special investigations, including on its own initiative, at UniCredit S.p.A. and within the Group, reporting the results to Senior Management and corporate bodies;
maintains a professional audit staff with sufficient knowledge, skill, experience and professional certification to meet the requirements stated in the Internal Audit Group Charter;
reports to the Board of Directors on matters designed to assess Internal Audit performance, including emerging trends and best practices in internal auditing;
ensures fair and transparent communication with Supervisory Authorities on audit activities;
establishes a quality assurance and improvement programme to make it possible to assess internal audit activities and promote professional development.

Specifically, the Head of the Internal Audit function prepares a quarterly report to provide corporate bodies and Senior Management with an overall assessment of the internal controls system. This report includes not only an assessment of the internal controls system, but also summary information on what activities audit has performed, the main risks emerged, and the implementation status of Management action plans.

Updates are also provided on a regular basis regarding the progress status of the annual plan.

Detail is provided of information flows from the Head of Internal Audit to the corporate bodies in a dedicated internal regulation.

The Head of the Internal Audit function arranges the Audit Plan, based on the Risk Assessment results and in compliance with the Group Audit guidelines. The Audit Plan takes into consideration requests made by the Supervisory Authorities and the corporate bodies.

The Board of Directors has empowered the Internal Audit function to have unlimited access to all corporate functions, records, minutes of all consultative and decision-making committees, Company property and staff.

The Head of the Internal Audit function may draw on an appropriate annual budget, which is submitted to the competent corporate bodies for approval.

In 2021, pursuant to the guidelines approved by the Board of Directors, the Head of the Internal Audit function performed checks both on the central structure of the Parent Company and on its subsidiaries, in line with the methodology outlined in the Group Audit Regulations. Appropriate and timely information was sent to corporate bodies in all cases deemed particularly significant, in addition to the above-mentioned periodic report. The Head of the Internal Audit function also played a role in steering, coordination and control, managing, coordinating and monitoring the audit activities carried out by the Group's Companies Audit functions, and continued updating the existing internal regulation framework in order to better support the audit process during its implementation, reporting and monitoring phases.

In 2021, UniCredit had no total or partial outsourcing agreements in place for the Internal Audit function.

The Manager charged with preparing the company financial reports and other company roles and positions

The Manager charged with preparing the company financial reports is Mr. Stefano Porro, Head of the Group Finance area at UniCredit.

In compliance with Clause 34 of the UniCredit Articles of Association, the Manager charged with preparing the company financial reports is appointed by the Board of Directors - subject to the mandatory favourable opinion of the Board of Statutory Auditors, and for a maximum term of three years - to carry out the tasks attributed to this role under laws and regulations in force, establishing his/her powers, resources and remuneration; this person is chosen from among company executives who possess all of the following professional qualifications:

a) a degree (or equivalent) in economics, business administration or finance, obtained in Italy or abroad;
b) at least three years' experience as head of an internal structure devoted to preparing the financial statements, or as Chief Financial Officer (or equivalent) at a listed Italian or foreign joint stock company (including UniCredit and its subsidiaries);

Internal controls and risks management system

c) an employment rank at the time of appointment of Executive or higher.

In performing his duties, the Manager charged with preparing the company financial reports may count on cooperation from all UniCredit Group structures.

The Board of Directors ensures that the Manager charged with preparing the company financial reports is granted with the powers and resources necessary to perform the duties attributed under the laws and regulations in force, and shall comply with all the relevant administrative and accounting procedures.

The Manager charged with preparing the company financial reports issues certifications and declarations, when requested, also jointly with the bodies delegated thereto, as per laws and regulations in force.

8.2 Financial reporting process, including on a consolidated basis

As regards the main features of the internal control system in relation to the financial reporting process of consolidated and non-consolidated information, in accordance with the provisions of Section 154-bis of Italian Legislative Decree no. 58/1998, the UniCredit Manager charged with preparing the company financial reports draws up, and ensures effective application of adequate administrative and accounting procedures for drafting the UniCredit S.p.A. individual and consolidated financial statements.

Jointly with the Chief Executive Officer, through appropriate certification of the annual and consolidated financial statements and the consolidated half-year financial report, the Manager in Charge is required to certify:

the adequacy and effective application of administrative and accounting procedures;
compliance with applicable international accounting standards recognised by the European Community under Regulation (EC) no. 1606/2002 of the European Parliament and the Council dated July 19, 2012;
correspondence to the results of accounting books and records;
suitability to provide a fair and correct representation of the economic and financial situation of the company and all consolidated companies;
inclusion in the report on operations of a reliable analysis of the operating trend and results , as well as the circumstances of the company and consolidated undertakings, and a description of the main risks and uncertainties to which they are exposed.

To fully comply with regulatory requirements, the Board of Directors approved a specific Global Policy - "Internal control system on financial reporting (Law no. 262/05– Manager in Charge)", in which general rules are laid out along with a description of responsibilities and relationships between the Holding Company, the Sub-Holdings/Central Europe & Eastern Europe Reference Banks and the Companies belonging to the Group in assessing the status of the internal controls system for Financial Reporting, in compliance with the Italian Law on savings (Law no. 262/2005).

Furthermore, the Global Process Regulation "Management of the certification process according to Italian Law no. 262/05" and the Global Operational Regulation "Management of the internal control system on Financial Reporting (Italian Law no. 262/05 – Manager in Charge)", governing processes and procedures for applying the abovementioned general criteria, were approved and sent to companies within the consolidation area and subject to certification pursuant to Italian Law no. 262/2005, on the basis of criteria as resolved from time to time.

The Global Policy aims to ensure correct and complete Financial Reporting through:

reinforcement and enhancement of Corporate Governance in relation to risks, by ensuring:
the take-up of responsibilities for risk monitoring at executive level;
a set of rules and behaviours established and implemented by Top Management;
raising of awareness at operational level of risks associated with producing Financial Reporting;

• the systematic monitoring of significant risks by the relevant functions for compliance with the abovementioned Law.

The internal controls system for Financial Reporting adopted by the Company includes the application of a common methodological framework, based on:

using a consistent, centrally-developed internal controls system model based on internationally-acknowledged methodological standards;
updating and broadcasting within the Group on the basis of centrally-established parameters.

The methodological approach the UniCredit Group adopts to comply with Italian Law on the protection of savings (Law no. 262/05) is inspired by the "Internal Control - Integrated Framework" (CoSO Framework), issued by the Committee of Sponsoring Organisations of the Treadway Commission (CoSO).

The Global Policy also defines parameters for identifying subsidiaries required to implement the internal controls system over Financial Reporting in accordance with the provisions of Italian Law no. 262/2005.

Operational implementation of the Global Policy envisages the Holding Company and subsidiaries involved in activities envisaged under Law no. 262/2005, identifying administrative and accounting, business, managerial and support processes that have a significant impact on financial statement items.

For such processes, existing controls and the owners in charge of their execution are stated; owners are required first and foremost to ensure assessment of the effectiveness of controls, pointing out any possible action necessary to reduce levels of associated risk; in addition, periodical confirmation is required that controls have been implemented.

For the Sub-Holding/Central Europe & Eastern Europe Reference Banks and their subsidiaries, a flow of internal certifications is in place for the internal controls system on Financial Reporting, following the approach adopted by the Holding Company. This entails:

giving the governing bodies of Companies and Sub-Holding/Central Europe & Eastern Europe Reference Banks responsibility for certifying adequacy and the effective application of both administrative and accounting procedures as well as controls on the Information System to the Holding Company. In particular, Sub-Holding/Central Europe & Eastern Europe Reference Bank bodies/corporate officers are responsible for issuing certification for their respective consolidation areas;
setting roles for the Manager in Charge and the Chief Executive Officer within the Companies and the Sub-Holding/Central Europe & Eastern Europe Reference Banks involved, assigning them responsibility for systematically reporting to their respective governing bodies on the status of the internal controls system on Financial Reporting, along with any improvement action plan;
validating documentation and confirming the implementation of controls by relevant managers in charge of first-level controls at individual companies and support units, including Back-office and Information Technology (IT). To achieve this goal, each and every procedure and control must be documented, assessed, tested and validated, and individual managerial responsibility must be defined for carrying out the activities involved;
sharing a data repository in order to:
facilitate consolidation of risk and control values at Subsidiary, Sub-Holding/Central Europe & Eastern Europe Reference Bank and Holding Company level.
support take-up of a common language and approach for describing, assessing, testing and monitoring internal control system adequacy.

Moreover, the Global Policy provides for the involvement of Holding Company governing bodies, in particular:

at Board of Directors' meetings where individual and consolidated annual financial statements and the consolidated half-year financial report are presented, the Chief Executive Officer and the Manager in charge of preparing the company financial reports provide a report regarding both the internal control system on Financial Reporting and the text to be signed to ensure compliance with the requirements laid down in the regulations;
at the Internal Controls & Risks Committee and at the Group Non-Financial Risks & Controls Committee, in which the individual and consolidated annual financial statements and the consolidated half-year financial report are

Internal controls and risks management system

presented, the Manager in charge of preparing the company financial reports provides a report on the results of the analysis of the internal control system on Financial Reporting of the Companies and the Sub-Holding/Central Europe & Eastern Europe Reference Banks Companies with a system in place; in addition, with reference to the first and the third quarter consolidated interim reports, the Manager in charge of preparing the company financial reports provides an update on the status of any remediation actions identified.

In its operations, the Holding Company is also required to validate documentation and confirm the implementation of controls by relevant staff in charge of first-level controls. To that end, each procedure and control must be documented, assessed, tested and validated, and one managerial owner must be identified for the activities involved.

It should be noted that even in alignment with international best practices, (such as the aforementioned CoSO Framework), no internal control system can completely avoid the risk of fraud, error, malfunction or a need for further improvements, and this may ultimately affect the financial disclosures produced.

8.3 Coordination procedures among parties involved in the internal controls and risks management system

According to Banca d'Italia provisions, the UniCredit S.p.A. "Document of corporate bodies and control functions" is drafted to define the control bodies' and functions' tasks and responsibilities, information flows among different functions/bodies and between the latter and corporate bodies, and coordination and cooperation procedures to implement when sectors to be controlled have potentially overlapping areas or allow the development of synergies.

The UniCredit means of cooperation and coordination among its control functions range from mutual information flow exchange to the attendance at managerial committee meetings focused on control-related topics.

In addition, interactions between second and third level corporate control functions are part of what is overall a steady and active cooperation framework, for the most part formalised via specific internal regulations, and performed through the functions of:

participation in defining and/or updating internal regulations on risk and control-related matters;
mutual exchange of information flows, documents or data, e.g. relating to planning controls and monitoring the results thereof, and control functions access to any internal resource or corporate information in line with their specific control-related needs;
attendance at Board Committee and managerial Committee meetings (systematically or on demand);
attendance on an ad hoc basis at Work Groups set up from time to time on risk and control topics.

Enhanced interaction among control functions and the provision of constant activity updates to corporate bodies have the ultimate goal of building a corporate governance environment that, over time, is able to safeguard sound corporate management also through the more efficient supervision of risks at all levels of the Company.

8.4 Group governance mechanisms

An effective internal controls system is also based on appropriate governance mechanisms through which UniCredit, as a Holding Company, conducts its management and coordination of Group Companies, in accordance with the law and regulations in force²⁰.

²⁰ Specifically, Section 61 of the TUB and the Supervisory Regulations for banks issued by Banca d'Italia.

In particular, UniCredit acts through:

indicating "trusted persons" at corporate bodies (Board of Directors members at companies with a traditional system, or Supervisory Board members) and at key management positions within Group companies;
a management/functional system ("Group Managerial Golden Rules") that defines mechanisms for coordinating Group management, assigning specific responsibilities and powers to the Heads of UniCredit functions for corresponding functions at the Group Companies as described below;
the definition, enactment and monitoring of Group rules take-up (the "Global Rules") by companies;
disseminating best practice, methods, procedures and developing IT systems to standardise operating procedures within the Group and achieve the most effective risk management and wider operational efficiency.

Group's managerial and functional system cuts across existing corporate structures. One example is the Competence Lines, which create a strong functional link between the Holding Company's structures and corresponding structures at companies, as an expression of responsibilities assigned by local law and regulations to members of corporate bodies and employees, as well as the hierarchical relationships within each company.

Based on the above managerial and functional system, Heads of Competence Lines (and Heads of business/service functions in their respective areas of expertise) have specific powers in relation to budget issues, defining policies and guidelines/competence models to ensure monitoring of Global Rules implementation by the Group Companies.

In accordance with the Group Managerial Golden Rules guidelines, UniCredit issues Global Rules to regulate, among others, relevant activities for the purposes of compliance with law and/or risk management to foster Group stability and ensure a unique approach to corporate planning and overall efficiency.

8.5 Organisation Model as per Legislative Decree no. 231/2001

On February 10, 2021, the UniCredit Board of Directors approved, an updated version of the "Organisation and Management Model pursuant to the Italian Legislative Decree no. 231/2001", following the review of the Group 231 Framework carried out in 2020.

The General Section had the following updates: (i) the revision of the concept of adopting the Holding Company's Model by the companies within the Group, because of their specific operational, corporate, governance, and control frameworks; (ii) the new paragraph "The Anticorruption framework" in order to highlight the connection between the control principles for the prevention of risks pursuant to Legislative Decree 231/2001 and those for the prevention of general corruption.

With reference to the Special Section, the Decision Protocols have been updated in the association of at-risk activities with the predicate offences (reati presupposto), including associations with new predicate offences (e.g., offenses introduced by the "PIF Directive"). A new Decision Protocol has been inserted and referred specifically to the "Management of the environmental system".

"The list of predicate offenses and unlawful conduct" was reviewed in the structure considering the latest regulatory updates. The "Code of Ethics pursuant to Legislative Decree no. 231/2001" has been revised to comply with the changes introduced in the General Section and integrated with specific principles regarding relations with third parties and Auditors, environmental protection, new tax offences, involvement in illicit brokering and labour exploitation, and the selection and performance evaluation process.

On July 6, 2021, the UniCredit Board approved a new update version of the "Organisation and Management Model pursuant to Legislative Decree no. 231/2001" which aimed at extending the following offenses for specific Decision Protocols: "Fraud to the detriment of the State or other public body", "Aggravated fraud for obtaining public grants", "Undue receipt of funds to the detriment of the State" and "Computer fraud".

Internal controls and risks management system

At the approval date of this Report, the Model consists of:

a General Section: composed of seven chapters, describing the purpose and perimeter of the Model, the regulatory framework, the Supervisory Body, the disciplinary system, staff information and training, and keeping the Model up to date. The following documents are attached to the General Section of the Model:
a "List of predicate offences and illegal conduct", containing a description of crimes and offences referred to under Legislative Decree 231/2001 and regarding banking activity in general;
the "Code of Ethics pursuant to Legislative Decree no. 231/2001" that contains the rules with which all Model recipients must comply in order to ensure that their conduct is always guided by the criteria of fairness, collaboration, loyalty, transparency and mutual respect, as well as to avoid conduct that may constitute a crime or an offence pursuant to the Italian Legislative Decree no. 231/2001;
a Special Section, the "Decision Protocols", containing principles of conduct and control to be complied with in performing "activities at risk", that is to say activities where the risk of committing a crime was signalled;
the "Information Note", which refers to the main internal regulation on the at risk activities described in all Decision Protocols.

The Model's principles and contents are addressed to members of the corporate bodies, to all UniCredit personnel and to third parties who, although not being part of UniCredit pursuant to contract relationships, within the scope of existing relationships take part in carrying out the Bank's activities.

Model recipients are therefore required to abide by the principles contained in the organisation model and to report to the Supervisory Body any information concerning breaches of rules in the model or relating to criminal activities.

8.6 Whistleblowing

In July 2015, during an update to its Supervisory Regulations for banks (Circular no. 285/2013), Banca d'Italia established specific requirements on whistleblowing by employees on illegal actions or breaches of the applicable provisions and internal processes, some of which are additional to those currently implemented at UniCredit.

These additional requirements (among which there is the identification of a Head of the whistleblowing system, an obligation to inform the whistle-blowers and reported persons about developments of any investigation set up following the whistleblowing, and formalisation of the investigation time frame) have been set out and the whole whistleblowing system was submitted to the Board of Directors for its approval.

Supervisory regulations also require banks to prepare an annual report on the proper functioning of internal systems for reporting violations, which contains "aggregate information on the results of the activities carried out as a result of the reports received".

Law no. 179, published on December 14, 2017, introduced new provisions to protect whistle-blowers who report crimes or irregularities that have come to their attention within the context of public or private employment relationships. In particular for the private sector, Section 2 of the Law covers organisational and management models for entities pursuant to Italian Legislative Decree no. 231/2001.

The Law also establishes that retaliatory or discriminatory dismissal of a whistle-blower (whose identity cannot be disclosed) is void, as are changes to duties or other retaliatory or discriminatory measures taken against a whistleblower.

The UniCredit internal whistleblowing process is already compliant with the new Law, and has been reviewed and extended to third parties.

On 26 November 2019, Directive (EU) no. 2019/1937 on the protection of persons who report violations of the law in the European Union was published and all Member States are required to transpose it, which at the moment has not yet taken place.

8.7 Auditing firm

Having heard the Board of Statutory Auditors' proposal, for financial years 2013-2021, the UniCredit Shareholders' Meeting held on May 11, 2012, resolved to appoint the audit firm Deloitte & Touche S.p.A. for statutory accounting supervision of the UniCredit separate and consolidated financial statements and a limited review of brief interim separate and consolidated financial statements. In addition, the firm was commissioned to check that the Company's accounting records are properly maintained and that its operations are correctly reflected in the accounting records, pursuant to Section 13, sub-section 1, and Section 16 of Legislative Decree no. 39/2010.

The External Auditing firm's report expresses its opinion on the consistency of the report on operations and of specific information included in the report on corporate governance and ownership structure with the financial statements, as well as their compliance with legal provisions pursuant to Section 14, sub-section 2, letter e), of Legislative Decree no. 39/2010 (as last amended by Legislative Decree no. 135/2016) and Section 123-bis, subsection 4, of Legislative Decree no. 58/1998.

Under a separate engagement, Deloitte & Touche S.p.A. separately issued the independent auditor's report on consolidated non-financial statements drafted by UniCredit in accordance with Legislative Decree no. 254/2016.

Handling of corporate information

The Corporate Bodies and Committees Regulation designates the body with supervisory functions to define procedures for internal management and the public disclosure of documents and information concerning the Company, including inside information.

In particular, in June 2018 the Bank adopted a dedicated procedure to evaluate, manage and disclose insider information to the market. This procedure was reviewed in February 2022 to ensure alignment with the recent reorganisation.

In detail, the process:

a) assigns to a dedicated working group created for the insider information management (the "Working Group") the responsibility for the assessment of the inside nature of the specific information, the decision to disclose inside information and, if applicable, the decision to delay public disclosure about inside information. The Working Group members are the Head of Group Strategy & Optimization, the Head of Group Stakeholder Engagement, the Group Compliance Officer, the Group Legal Officer and the Group Financial Officer. The Working Group takes its decisions also with the support of other relevant functions if requested.

Moreover, any employee who believes he/she is in possession of specific relevant information regarding the UniCredit Group, disclosure of which could affect the price of UniCredit S.p.A. shares or other financial instruments issued by UniCredit, is required to promptly report this to Group Compliance, so that the assessment of the inside nature of the information conveyed can be carried out, and to take all steps necessary for proper management of such information, including its potential timely disclosure to the market or delay of such communications in accordance with the conditions provided for by law;

b) puts in place appropriate and effective measures to ensure the confidentiality of relevant/inside information, as long as it has not been disclosed to the public.

To this end, upon receipt of a notification the Working Group, initiates the evaluation of the specific relevant information. If required, this may include starting up a Relevant Information List pursuant to CONSOB Guidelines.

Dedicated IT tools are used in a process which is designed to enter, update and maintain such lists;

c) describes monitoring the origination and evolution of the specific relevant information until it takes on the characteristics of inside information. Once inside information is flagged, the Working Group triggers the process for preparing a draft press release informing the competent department and Group Media Relations, which will subsequently take over drafting and public disclosure. Alternatively, after a preliminary evaluation of the existence of regulatory requirements, the Working Group may decide to delay disclosure of inside information to the public. In such cases, the Working Group requests the timely opening of an insider list in order to properly monitor circulation of the information and ensure its confidentiality. Once the conditions for delaying communication of such information to the public cease to exist, the Working Group triggers the abovementioned process for preparing the draft press release and formally informing CONSOB of the delay to the public disclosure of inside information in accordance with provisions of law;
d) assigns Group Media Relations the responsibility of publishing the press release to the market through the "S.D.I.R.-N.I.S." system, to Borsa Italiana and CONSOB. Press agencies will have access to the system directly.

Under the procedure, it is envisaged that if the press release relates to an event of major importance, supported by Group Compliance, the Head of Group Media Relations announces to CONSOB and Borsa Italiana its submission in advance.

Press releases are published on the Company's website during market opening time on the day after their disclosure.

Press releases are available on the UniCredit website for at least five years after disclosure.

Since UniCredit is listed also on the Frankfurt and Warsaw Stock Exchanges, in order to ensure harmonised information, public disclosure of inside information is made according to procedure in a synchronised manner to all categories of investors and in all Member States where UniCredit shares are traded;

e) introduces a specific escalation process to UniCredit for Group Legal Entities with respect to this information which directly regards these companies but may also have an impact on the price of financial instruments issued by UniCredit. Rules are provided for such cases to evaluate and manage possible inside information.

All Directors and Statutory Auditors are duty-bound to maintain the confidentiality of documents and information obtained while performing their duties and to comply with the procedures UniCredit has adopted for its internal management and external disclosure of such documents and information.

In particular, to monitor and ensure correct internal management of documentation sent to Board members and Statutory Auditors prior to Board meetings, it is specifically envisaged that they acquire such documentation exclusively via an IT platform protected by two-level access keys.

This procedure ensures not only greater speed in sharing documents and information, as well as faster delivery, traceability of individuals participating in the drafting of proposals submitted for the Board's approval, but also confidential document delivery via a system of personal, protected passwords given to each Director and Auditor.

Appointment of Statutory Auditors

In accordance with current legal and regulatory provisions, permanent and substitute members of the UniCredit Board of Statutory Auditors are appointed on the basis of slates submitted by legitimate parties in compliance with the composition criteria, inter alia, regarding the appointment of the Chair of the Board of Statutory Auditors by minority shareholders and gender balance (for more on this, please refer to Clause 30 of the Articles of the Association, available on the UniCredit website)²¹.

The legitimate parties who are entitled to submit lists are Shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at an Ordinary Shareholders' Meetings. Each party entitled to file a slate of candidates may submit or contribute to the submission of just one slate (including via proxies or trustee companies). Shareholders belonging to the same group or Shareholders who are parties to a Shareholders' agreement concerning UniCredit shares cannot submit more than one slate (including via proxies or trustee companies). Candidates must be included in one slate only, under penalty of ineligibility.

At least two candidates for the role of permanent Auditor and at least one candidate for the role of substitute Auditor must be enrolled with the Legal Auditors Register and must have practiced legal auditing of accounts for a period of three years in total experience. All candidates should be suitable for the office in accordance with current laws and regulations.

At least one permanent Statutory Auditor must be appointed by the minority Shareholders not connected, not even indirectly, with the Shareholders who filed or voted for the majority slate. The UniCredit Articles of Association provide that two permanent Statutory Auditors and two substitute Statutory Auditors must be appointed by minorities.

In compliance with the provisions of Section 147-ter of the TUF, UniCredit has established that the slates of candidates for the position of Statutory Auditor featuring the names of candidates listed with a progressive number, should be filed at the Registered Office in Milan no later than the twenty-fifth day prior to the date of the Shareholders' Meeting called to resolve upon the appointment of members to the Board of Statutory Auditors. These slates must be made publicly available at the Registered Office, on the Company's website and through other channels provided for under prevailing laws, at least twenty-one days prior to the date of the Shareholders' Meeting. As regards the minimum percentage of share capital needed to submit a slate, Clause 30 of the Articles of Association specifies that the percentage must be equal to 0.5% of share capital in the form of shares with voting rights at the ordinary Shareholders' Meeting, consistent with the minimum shareholding percentage established by CONSOB on the basis of the provisions of said Section 147-ter of the TUF (Section 144-quater of CONSOB Issuers' Rules). Ownership of the minimum number of shares required to file a slate is calculated with regard to the shares registered for each individual Shareholder, or for several Shareholders together, on the day on which the slates are filed with the Company.

In accordance with current regulations and with the aim to facilitate the best possible identification of candidates to be proposed to the April 8, 2022 Shareholders' Meeting called to renew the control body for the 2022-2024 financial years, Company's Shareholders were invited to take into account the results of the analysis carried out by the outgoing Board of Statutory Auditors, on the body's composition deemed to be optimal to ensure the proper performance of the duties assigned to it, contained in the "Qualitative and quantitative composition of the UniCredit S.p.A. Board of Statutory Auditors" (for more on this, please refer to this document available on the UniCredit website) ²².

²¹ The UniCredit website address where the Articles of Association are available is:

http://www.unicreditgroup.eu/en/governance/our-governance-system/article-association-code-ethics.html

²² The UniCredit website addresses where the "Qualitative and quantitative composition of the UniCredit S.p.A. Board of Statutory Auditors" is available are:

https://www.unicreditgroup.eu/en/governance/shareholders/archive/2022/shareholders-meeting.html

https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-statutory-auditors.html

Board of Statutory Auditors' composition and functioning

Pursuant to Clause 30 of the UniCredit Articles of Association, the ordinary Shareholders' Meeting appoints five permanent Statutory Auditors, among whom the Chair, and four substitute Statutory Auditors.

The Board of Statutory Auditors' term in office is three financial years and ends on the date of the Shareholders' Meeting called for the approval of the financial statements relating to the last financial year in which they are in office.

The ordinary Shareholders' Meeting held on April 11, 2019, appointed the Board of Statutory Auditors' members for the financial years 2019-2021, whose term runs until April 8, 2022, the date of the Shareholders' Meeting called to approve the 2021 financial statements.

Their appointment took place pursuant to Clause 30 of the Articles of Association and in accordance with current laws and regulatory provisions.

During the process, two slates were submitted, filed and published by the deadline and under the terms provided for in current provisions and the Articles of Association, i.e.:

• Slate no. was 1 submitted by Allianz Finance II Luxembourg S.à.r.l, with a shareholding equal to 0.997% of ordinary share capital:

Permanent Statutory Auditors (1) Mr. Angelo Rocco Bonissoni, (2) Ms. Benedetta Navarra, and (3) Mr. Guido Paolucci

Substitute Statutory Auditors (1) Ms. Raffaella Pagani, and (2) Ms. Paola Manes

Slate no. 2 was jointly submitted by several Funds, with an overall shareholding equal to 1.677% of ordinary share capital:
Permanent Statutory Auditors (1) Mr. Marco Giuseppe Maria Rigotti, and (2) Ms. Antonella Bientinesi Substitute Statutory Auditors (1) Mr. Roberto Franchini, and (2) Ms. Enrica Rimoldi.

Along with the two slates, the following documentation was also filed and disclosed, pursuant to the envisaged terms and conditions:

a statement from the Shareholders (other than those holding, even jointly, a control or relative majority shareholding) – attesting that no connection, direct or indirect, exists with the latter, and no significant relationships crucial for existence of the above connections exist;
exhaustive information on the personal and professional characteristics of the candidates on the slate (curriculum vitae), as well as a list of management and controlling offices held at other companies pursuant to Article 2400 of the Italian Civil Code;
statements from each candidate irrevocably accepting his/her office (subject to his/her appointment) and attesting, under his/her own responsibility, that there was no reason for his/her ineligibility, forfeiture or incompatibility, as well as his/her fulfilment of the requirements set out under current laws and regulatory provisions, in particular those regarding professional experience, integrity and independence, together with information on the knowledge/experience gained in the areas envisaged by the theoretical profile.

Information on the personal and professional characteristics of each candidate, as shown on their curriculum vitae, a list of management and controlling offices held at other companies, and the statements required under current provisions, also of a regulatory nature, or those required in the profile, were made available on the UniCredit website (https://www.unicreditgroup.eu/en/governance/shareholders.html).

The Shareholders' Meeting held on April 11, 2019, appointed the new Board of Statutory Auditors, comprised of five permanent Statutory Auditors and four substitute Statutory Auditors, as follows:

from Slate no. 1, which obtained the relative majority of Shareholders' votes, Mr. Angelo Rocco Bonissoni, Ms. Benedetta Navarra and Mr. Guido Paolucci were appointed as permanent Statutory Auditors, while Ms. Raffaella Pagani and Ms. Paola Manes were appointed as substitute Statutory Auditors;
from Slate no. 2, which obtained the minority of Shareholders' votes, Mr. Marco Giuseppe Maria Rigotti (Chairman) and Ms. Antonella Bientinesi were appointed as permanent Statutory Auditors, while Mr. Roberto Franchini and Ms. Enrica Rimoldi were appointed as substitute Statutory Auditors.

Moreover, the Shareholders' Meeting also resolved on the annual remuneration to which members of the Board of Statutory Auditors are entitled to for the entire term of their office, also on the basis of information given by the outgoing Board of Statutory Auditors with regard to the commitment required for its members, in order to allow both the Shareholders and the candidates to evaluate the adequacy of such remuneration.

Without prejudice to fulfilment of the requirements currently in force, the Board of Statutory Auditors' composition resulting from the appointment process, including on the basis of the declaration provided by the Statutory Auditors, qualitatively corresponded to the theoretical profile for the Statutory Auditors made available to Shareholders in 2019 in the run-up to the Board of Statutory Auditors' renewal and was suitable pursuant to the ECB "Guide to fit & proper assessment".

The Statutory Auditors personal qualities and gender diversity (the female component was equal to 40%, above the quota established under the applicable provisions) comply with the principles of the theoretical profile.

All the Statutory Auditors (both permanent and substitute) had experience in at least two of the competencies envisaged under the profile, and stated that they had specific experience in the legal field and proper knowledge of corporate organisation and processes, thus allowing the Board of Statutory Auditors to carry out its 231 Supervisory Body functions.

With reference to the time commitment recommended for an appropriate attendance of the permanent Statutory Auditors to the Board of Statutory Auditors meetings, the Statutory Auditors declared their ability to commit sufficient time to duly perform their functions. In particular, the commitments that the Board of Statutory Auditors' members declared were found to be suitable with the commitment required to carry out their duties at UniCredit, including conducting activities related to their functions as a 231 Supervisory Body.

With regard to the maximum number of offices to be held, in line with the position expressed by the ECB on the adoption of the limits envisaged under the CRD IV provisions, also with regard to the statutory auditors, the permanent Auditors complied with the specific limits recalled in the profile.

With regard to "collective suitability", the profiles of the permanent Statutory Auditors appointed correspond to the ideal overall Board of Statutory Auditors' composition. In particular, this composition of the Board of Statutory Auditors ensures a balanced mix of profiles and experiences (legal auditing of accounts, control activities in the banking sector and/or in listed companies; professional activities in fields relating to the banking, financial and securities industries; teaching, at university level, on subjects in the field of banking operations, business economics, accountancy, running of the securities markets); all Statutory Auditors possess more than three of the areas of competence envisaged under the profile.

After the resignation handed in by Mr. Roberto Franchini from the position of substitute Statutory Auditor (effective as from April 28, 2020), for professional reasons, the Shareholders' Meeting, convened on April 15, 2021, was called to appoint a new substitute Statutory Auditor. As to said appointment, on March 18, 2021, the several funds - that had already submitted a list with reference to the renewal of the Board of Directors - submitted the candidacy of Mr. Ciro Di Carluccio.

The appointment of the substitute Statutory Auditor was thus resolved upon by the April 15, 2021, Shareholders' Meeting according to the majority required by law, without applying the list vote system and, in any case, abiding to the principles of the minority representation and gender balance required by current provisions. After his

Board of Statutory Auditors' composition and functioning

appointment, an assessment was carried out also in terms of matching the 2019 theoretical profile of the Board of Statutory Auditors and fitting of the suitability requirements pursuant to the ECB "Guide to fit & proper assessment".

		In office		Slate	Independent		Number of other
Position	Members	Since	until	(M/m) *	as per Code	% **	positions ***
Chairman	Rigotti Marco Giuseppe Maria	11-04-2019	April 8, 2022	m	X	100%	--
Permanent Statutory Auditor	Bonissoni Angelo Rocco	11-04-2019	April 8, 2022	M	X	98.5%	2
Permanent Statutory Auditor	Navarra Benedetta	11-04-2019	April 8, 2022	M	X	100%	1
Permanent Statutory Auditor	Paolucci Guido	11-04-2019	April 8, 2022	M	X	100%	--
Permanent Statutory Auditor	Bientinesi Antonella	11-04-2019	April 8, 2022	m	X	100%	1
Substitute Statutory Auditor	Pagani Raffaella)	11-04-2019	April 8, 2022	M	X
Substitute Statutory Auditor	Manes Paola	11-04-2019	April 8, 2022	M	X
Substitute Statutory Auditor	Rimoldi Enrica	11-04-2019	April 8, 2022	m	X
Substitute Statutory Auditor	Di Carluccio Ciro (1)	15-04-2021	April 8, 2022	--	X
		----- Statutory Auditors who left during the Reference Period ----
--
	Quorum required for submission of slates for the latest appointment: 0.5%
	No. of meetings held during the Reference Period: 64
NOTE
*	M = Member elected from the slate that obtained the majority of Shareholders' votes
m = Member elected from the slate voted for by a minority
	** Meetings attendance percentage (number of meetings attended/number of meetings held during the concerned party's term of office over the
	Reference Period)
	*** Number of positions as Director or Auditor held by the concerned party pursuant to Section 148-bis of the TUF and to the relevant implementing
provisions contained in the CONSOB Issuers' Regulation. A list of such positions is published by the CONSOB on its website pursuant to Section 144-
	quinquiesdecies of the CONSOB Issuers' Rules.
(1)	Appointed by the April 15, 2021, Shareholders' Meeting in place of Mr. Roberto Franchini, who resigned as Substitute Statutory Auditor, effective
from April 28, 2020.

As at March 8, 2022, the Board of Statutory Auditors has the following composition.

The Board of Statutory Auditors' members comply with the requirements envisaged under applicable provisions. Statutory Auditors' personal qualities comply with the indications of the theoretical profile approved in February 2019 and meet the suitable requirements called for by the ECB's "Guide to fit and proper assessments".

For any further details on the composition of this corporate body and each Statutory Auditors' personal and professional characteristics, please refer to the information published on the UniCredit website²³. With regard to the requirements UniCredit Directors must meet, in addition to those envisaged under current laws and regulatory provisions, please refer to the Board of Statutory Auditors' theoretical profile published on the Company's website.

The following chart shows the seniority in office since their first appointment of current members of the Board of Statutory Auditors as at the approval date of this Report:

Member of the Board of Statutory Auditors		First appointment date
Rigotti Marco Giuseppe Maria	Chairman	April 2019
Bonissoni Angelo Rocco	Permanent Statutory Auditor	May 2015
Navarra Benedetta	Permanent Statutory Auditor	April 2016
Paolucci Guido	Permanent Statutory Auditor	May 2017 (1)
Bientinesi Antonella	Permanent Statutory Auditor	October 2017 (2)

(1) Mr. Paolucci was in office as a Permanent Statutory Auditor pursuant to Article 2401 of the Italian Civil Code between May 2, 2017, and December 4, 2017

(2) Ms. Bientinesi was in office as a Permanent Statutory Auditor pursuant to Article 2401 of the Italian Civil Code between October 26, 2017, and December 4, 2017

The Board of Statutory Auditors broken down by age and gender is detailed below.

During the Reference Period the Board of Statutory Auditors met 64 times.

Board of Statutory Auditors meetings lasted on average approximately 3 hours.

For the first quarter of the 2022 financial year, 16 meetings of the Board of Statutory Auditors have been planned. As at March 8, 2022, 11 meetings have been held.

²³ The UniCredit website address where the information concerning the Auditors is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-statutory-auditors.html https://www.unicreditgroup.eu/en/press-media/press-releases.html

Board of Statutory Auditors' composition and functioning

On February 22, 2022, the Board of Statutory Auditors finalized the self-assessment process focused on the Body's adequacy in terms of composition as well as correct and efficient functioning. The self-assessment process has been performed in accordance with the provisions of the Corporate Bodies and Committees Regulation, adopted in compliance with Supervisory Regulations on banks' corporate governance, and in line with the recommendations in the document "The self-assessment of the Board of Statutory Auditors" issued by Consiglio Nazionale dei Dottori Commercialisti ed Esperti Contabili (the National Council of Chartered Accountants) in May 2019.

* * *

The Board of Statutory Auditors assessed its composition to be adequate, also considering its development over time and its diversity in terms of skills, knowledge, experience, and gender, that has ensured the ongoing proper functioning of the Body.

* * *

In compliance with the provisions in force from time to time as well as in line with the criteria envisaged under the Italian Corporate Governance Code, the Statutory Auditors' independence shall be assessed by the Board of Statutory Auditors upon their appointment, as well as during the mandate upon the occurrence of circumstances concerning their independence and in any case at least once a year, on the basis of information provided by the Statutory Auditors themselves or however available to the Company, also considering any circumstance that affects or could affect such requirement. The outcome of these assessments shall be disclosed to the market after the appointment, through a press release and, subsequently, via the Corporate Governance Report.

With reference to the Statutory Auditors in office as at the date of the Report's approval, the Board of Statutory Auditors checked the meeting of the independence requirements at the annual verification carried out during its meeting held on July 14, 2021.

* * *

The Board of Statutory Auditors meets regularly with the Chair of the Board of Directors and the Chief Executive Officer for mutual exchanges of information.

In performing its duties, the Board of Statutory Auditors constantly coordinated its activities with the Internal Audit function and the External Auditing firm. Appropriate functional links were established in their respective areas of competence with Board Committees, in accordance with the provisions of the UniCredit Corporate Bodies and Committees Regulation. More in detail, in 2021 the Chair of the Board of Statutory Auditors attended at all meetings of the Internal Controls & Risks Committee; furthermore, the entire Board of Statutory Auditors attended Committee meetings when topics of common interest were examined (namely, the annual and half-year financial reports, and accounting issues).

Individual members of the Board of Statutory Auditors attended (on a six-monthly rotating basis) the meetings of the Related Parties and Remuneration Committees, while the Chair of the Board of Statutory Auditors attended the meetings of the Corporate Governance & Nomination Committee and the ESG Committee. Another Statutory Auditor also attended the Internal Controls & Risks Committee and the ESG Committee meetings (on a six-monthly rotating basis).

* * *

The special authorisation procedure set out in Section 136 of the TUB applies to obligations of any kind or to purchase or sale agreements executed by the Board of Statutory Auditors members, either directly or indirectly, with the bank for which they perform their duties.

Statutory Auditors should also comply with the provisions laid down in Section 36 of Law Decree no. 201/2011 (interlocking prohibition), as amended by Law no. 214/2011, which prohibits office-holders in management, supervisory and controlling bodies and top executives of companies or groups of companies operating in credit, insurance and financial markets from taking or holding similar offices in competing companies or groups of companies.

* * *

The Board of Statutory Auditors' members benefit from the permanent induction program active for the Board of Directors' members, based on three-year cycles connected to the Board mandate and put in place with the support of an external consultant. This program ensures ad hoc training on a continuous basis that takes into account both the individual and collective needs of the body, with the aim also to preserve over time the background of technical skills necessary to perform the role with awareness.

More specifically, in 2021, training initiatives focused on topics linked to ESG strategies and risks as well as legal/regulatory deep-dives were prepared and implemented for Statutory Auditors.

Relations with Shareholders

In order to foster dialogue with institutional and private investors, analysts and rating agencies, as well as to maintain a constant flow of market-bound information, UniCredit has special, readily-recognisable, easy-to-access sections on its website (Governance and Investors sections) where it provides information on its governance structure and on the Company's internal organisation in order to ensure that Shareholders stay informed as they exercise their rights. The site also offers economic/financial information, data and up-to-date documents of interest to Shareholders as a whole.

All documents and information are available in both Italian and English.

Also, in line with the Italian Corporate Governance Code provisions, ad hoc structures were set up to handle relations with Shareholders in general and with investors, in particular, in compliance with provisions, also of internal kind, on corporate information. In detail:

within the Shareholders Engagement department, Group Investor Relations is in charge of managing dialogue with institutional investors, whether or not they are Shareholders, financial analysts and proxy advisors in general, providing the market with timely, transparent and consistent information to support a fair valuation of the Group;
within the Group Corporate Affairs structure, Corporate Governance and Shareholders Relations, in the capacity of Corporate Law Advice & Shareholders' Relations, is in charge of overseeing and managing relations with Italian and foreign private (i.e. non-institutional) Shareholders and managing their requests.

The following dedicated channels are available:

a dedicated e-mail address ([email protected]) for institutional investors;
a toll-free number, 800 307 307 (only for calls within Italy); dedicated e-mail ([email protected]) for noninstitutional Shareholders; fax: +39 02 4953.6941.

Starting from October 28, 2021, the Head of Group Investors Relations is Ms. Magdalena Palczynska.

Shareholders may also communicate with the Company via its website, albeit not in real time.

For specific matters related to corporate governance-related topics and remuneration policies, Group Investor Relations has involved and coordinated itself with Group Corporate Affairs and Group People & Culture departments to strengthen long-term constructive dialogue with institutional investors and their proxy advisors on such matters. In particular, within the Group People & Culture department, the Performance, Compensation & People Care structure is in charge of managing the dialogue with investors on remuneration-related matters, enabling an exchange on mutual expectations and needs when drawing up remuneration policies. For information on the annual dialogue process with institutional investors and proxy advisors managed by the Group People & Culture department, please refer to the Group Remuneration Policy and Report.

It should further be noted that during the course of 2021, the Group Corporate Affairs structure also kept up a calendar of contacts with institutional investors and their proxy advisors oriented towards long-lasting and constructive dialogue on corporate governance-related topics.

* * *

In regard of the engagement, since March 2019 the Board of Directors adopted a specific internal policy to govern any possible request for meetings and/or for information addressed to Board of Directors' non-executive member by UniCredit Shareholders, both institutional or non-, and/or any related proxy advisor, given the growing number of requests from institutional investors who hold stakes in Italian listed companies and seek direct contact not only with company offices in charge of managing such issues, but also with the Board of Directors and, more specifically, with the Chairs of Board Committees.

More specifically, according to the above internal policy, dialogue with Shareholders and/or any related proxy advisor is conducted by (i) the Chair of the Board of Directors, in agreement with the Chief Executive Officer, if related to strategic corporate governance topics or to the functioning of the Board of Directors; (ii) the Chief Executive Officer, in agreement with the Chair of the Board, if related to strategic business topics or to the bank's management.

Each Chair of the Committees may directly maintain the meetings only for specific requests falling under the Board Committee's competencies, and on previous agreement with the Chair of the Board. In such cases, the Chairs of the Board Committees report to the Chair of the Board of Directors and to the Chief Executive Officer on any discussed topic and on the meetings' outcomes. Also the Board of Directors will be informed at its first available meeting.

Dialogues occurs in full compliance with the applicable laws, such as, for example, the rules on the inside information, in observance of any constraints resulting, in particular, from the market abuse regulation and the principle dealing with the Shareholders' equal treatment (on an information basis).

In 2021, the Chair and the Chief Executive Officer informed the Board of Directors, during its first available meeting, on the developments and main contents raising from the Shareholders' engagement.

The engagement policy of UniCredit is available on the Company's website in the Governance/Corporate Bodies section²⁴.

²⁴ UniCredit website address where the engagement policy (annex E of the Corporate Bodies and Committees Regulation) is available is: http://www.unicreditgroup.eu/en/governance/governance-bodies.html

Changes since the closing of the reference period

The UniCredit Board of Directors in its meeting held on December 14, 2021, resolved to submit the proposal to amend some provisions of the Articles of Association to the extraordinary Shareholders' Meeting to be held at the same time as the ordinary Shareholders' Meeting called to approve the 2021 financial statements, mainly designed to align text of the Articles of Association with the provisions introduced by the Decree and by the current Corporate Governance Code on the independence and experience requirements respectively for Directors and Statutory Auditors.

With specific reference to the independence requirement set forth under Clause 20 of the Articles of Association, The Board resolved to submit the proposal to align such provision to the new circumstances provided for by the Corporate Governance Code.

Positions held by UniCredit Directors at other listed companies or large companies

	POSITIONS HELD	the UniCredit Group	Company belonging to
		YES	NO
Pietro Carlo Padoan Chairman		--	--

Lamberto Andreotti Deputy Vice Chairman	Member of the Board of Directors at Corteva Agriscience		X

Andrea Orcel Chief Executive Officer	Director of EIS Group Ltd.		X

Vicenzo Cariello Director	Member of the Board of Directors of A2A S.p.A.		X

Elena Carletti Director		--	--

Jayne-Anne Gadhia Director	Executive Chairwoman of Snoop		X

Jeffrey Alan Hedberg Director	Chief Executive Officer of Wind Tre S.p.A.		X

Beatriz Ángela Lara Bartolomé Director	Sole Director of the AHAOW Moment S.L.		X

Luca Molinari Director	Member of the Board of Directors at Sanad Group		X

Maria Pierdicchi Director	Independent Member of the Board of Directors at Autogrill Group		X
	Member of the Board of Directors at PBI S.p.A.		X

Francesca Tondi Director	Member of the Board of Directors at Angel Academe Nominee		X

Renate Wagner Director	Member of the Management Board of Allianz SE		X
	Member of the Management Board of Allianz Deutschland AG		X

	(further) POSITIONS HELD	Company belonging to the UniCredit Group
		YES	NO
Alexander Wolfgring Director	Chairman of the Supervisory Board at Österreichisches Verkehrsbüro AG		X
	Member of the Board of Directors at AVZ GmbH		X

Delegations of powers

Without prejudice to the authorities assigned to the Board of Directors by laws and the Articles of Association, the Board has granted the Chief Executive Officer the following powers, within pre-defined limits and also with the faculty to further sub-delegate, across all sectors of the Bank's business:

credit activities;
equity capital market transactions with an underwriting risk;
appointment of corporate officers to the governing bodies of companies (including non-investee companies), entities and other bodies as well as assignment of related remuneration;
management of shareholdings, concerning in particular (i) transactions on shareholdings already held or to be acquired; (ii) instructions for the exercise of voting rights at the Shareholders' Meetings (both ordinary and extraordinary) of its direct investee companies (control/joint control or non-controlled shareholdings); (iii) entering into and/or amending Shareholders' agreements related to (direct and indirect) controlling or noncontrolling shareholdings;
funds transactions of any kind, regardless of whether they belong to the Group;
short and medium/long term liquidity management activities for UniCredit and the Group;
management of Banking and Trading Book positions, not attributable to debt capital market activities on the Trading Book and to equity capital markets transactions;
activities connected to the marketing of products and services, including of third parties, and to the identification of conditions;
powers to authorise expenses and investments for Bank management, within the limits set by the annual Boardapproved strategies and cost estimate;
powers over staff management, in compliance with the collective responsibility principle during the set-up phase;
definition of and amendments to organisational structures and the organisational book, without prejudice to the Board's remit for (i) changing the powers and responsibilities of structures/roles belonging to the first reporting line to the Board itself and to the Chief Executive Officer; and (ii) setting up/amending/cancelling Managerial Committees where the Chief Executive Officer is an ordinary member that modify mission, members and quorum;
decision-making powers on matters pertaining to "restructuring" or "non-performing exposures";
decision-making powers on matters pertaining to expected losses and waivers due to capital and/or capitalised interests, disbursements and settlement offers, arising from proceedings of any nature (including administrative and tax), either on the active or passive side, judicial or extrajudicial (including mediation/conciliation proceedings), incidents or customer complaints;
selling/disposal and management of the Bank's real-estate and movable assets;
decision-making powers with regard to activities related to debt capital markets on the trading book, for the definition of limits to be assigned for each counterpart (single issuer/economic group), in reason of counterparty credit standing and the transaction's characteristics;
deciding the limits for overall individual issuer exposure on the trading book (single counterparty/economic group), regardless of the type of instruments on the trading book, based on the creditworthiness of the counterparty and transaction's characteristics;
entries on the profit and loss account for the settlement of outstanding items;
transactions related to firms, going concerns and/or "en-bloc" legal relationships.

* * *

In order to ensure proper management of and effective control over these delegated powers, the Chief Executive Officer has provided the Board of Directors, according to the ways established by the Board itself, with adequate information flows specifically highlighting any relevant associated risk.

AI assistant

Unicredit — Governance Information 2022

4272_cgr_2022-03-17_4a9d6d5c-bb48-4929-8ed2-2aca86a1d8c7.pdf

Unlock your potential

2021

Report on corporate governance and ownership structure

Index

ANNEXES:

Glossary

Group Remuneration Policy and Report

Italian Civil Code

Legislative Decree no. 231/2001

Manager in Charge

Ministry of Economy and Finance Decree no. 169 dated November 23, 2020 (also Decree)

Report

Supervisory Authority

Supervisory Regulations on corporate governance

Supervisory Regulations on remuneration

UniCredit website

Issuer profile

Foreword

The Italian Corporate Governance Code

Issuer profile

Issuer profile

The Report on corporate governance and ownership structure

Profile and structure

Shareholder structure

Corporate governance model

Issuer profile

Shareholders' Meeting

Board of Directors

Board Committees

Appointment process

Requirements

Issuer profile

For more information on the Board Committees, please see Section no. 5

Board of Statutory Auditors

Diversity Policies

Directors' gender

Issuer profile

Information on the ownership structure

2.1 Share capital structure

Rights and obligations

Other financial instruments granting the right to subscribe new shares

2.2 Restrictions on stock transfers

2.3 Relevant equity holdings

Information on the ownership structure

2.4 Restrictions on voting rights

2.5 Changes to control clauses and by-laws provisions on public purchase offers

2.6 Delegation of power to increase share capital and authorisations to purchase own shares

Information on the ownership structure

Shareholders' Meetings

Legitimation, how to attend and voting rights

Shareholders' Meetings conduct

Shareholders' Meetings

Board of Directors

4.1 Appointment and replacement

Succession plans

Board of Directors

Process

Content

4.2 Composition

Board of Directors

Board of Directors

Quorum required for submission of slates for the latest appointment: 0.5%

No. of meetings held during the Reference Period: 23

Directors' seniority in office since their first appointment date

Board of Directors

Executive and non-executive Directors Renewal rate

Core competencies

Board of Directors

Time commitment and number of offices

Board of Directors

Induction initiatives and recurring training

4.3 Board of Directors' role

Meetings and functioning

Duties

Board of Directors

The role played by the Chair of the Board

Self-assessment

Unicredit Governance Information 2022