Skip to main content

AI assistant

Sign in to chat with this filing

The assistant answers questions, extracts KPIs, and summarises risk factors directly from the filing text.

Sign up Log in

Unicredit Governance Information 2023

Mar 9, 2023

4272_rns_2023-03-09_5190cb3d-ad27-4683-934b-2bed9639df8d.pdf

Governance Information

Open in viewer

Opens in your device viewer

Unlocking...

A better bank A better world A better future

Name of Issuer: UniCredit S.p.A.

Website: www.unicreditgroup.eu

Reference Period: January 1, 2022/December 31, 2022

Report approved on: February 24, 2023

Report on corporate governance and ownership structure

pursuant to Section 123/bis of the TUF (so-called "traditional" management and control system)

Index

Glossary 4
1. Issuer profile 6
2. Information on the ownership structure 17
2.1 Share capital structure 17
2.2 Restrictions on stock transfers 17
2.3 Relevant equity holdings 17
2.4 Restrictions on voting rights 19
2.5 Changes to control clauses and by-laws provisions
on public purchase offers 19
2.6 Delegation of power to increase share capital and
authorisations to purchase own shares 19
3. Shareholders' Meetings 21
4. Board of Directors 24
4.1 Appointment and replacement 24
4.2 Composition 27
4.3 Board of Directors' role 36
4.4 Executive Directors 41
4.5 Independent Directors 42
4.6 Lead Independent Director 45
5. Board of Directors' internal Committees 46
5.1 Internal Controls & Risks Committee 49
5.2 Corporate Governance & Nomination Committee 52
5.3 ESG Committee 54
5.4 Remuneration Committee 56
5.5 Related-Parties Committee 56
6. Directors' remuneration 59
Indemnities to Directors in the event of resignation, dismissal or termination
of employment following a public purchase offer
7. Directors' interests and related-parties transactions 60
8. Internal controls and risks management system 62
8.1 Bodies and functions 62
8.2 Financial reporting process, including on a consolidated
basis 72
8.3 Coordination procedures among parties involved in the
internal controls and risks management system 74
8.4 Group governance mechanisms 74
8.5 Organisation Model as per Legislative Decree no. 231/2001 75
8.6 Whistleblowing 76
8.7 Auditing firm 77
9. Handling of corporate information 78
10. Appointment of Statutory Auditors 80
11. Board of Statutory Auditors' composition and functioning 82
12. Relations with Shareholders 89

ANNEXES:

- Positions held by UniCredit Directors at other listed companies
or large companies 91
- Delegations of powers 93

Glossary

Banca d'Italia The Italian Republic's central bank, it is part of the Eurosystem, comprising the European Central Bank and the national central banks of the European Union States that

Circular no. 285/2013

have adopted the Euro

Circular no. 285, dated December 17, 2013, and issued by Banca d'Italia, regarding prudential Supervisory Regulations for banks and banking groups, as subsequently amended

CONSOB Regulations on transactions with related parties (also CONSOB Resolution no. 17221/2010)

The regulation governing transactions with related parties by companies that make use of the risk capital market directly or via subsidiaries, adopted by CONSOB through Resolution no. 17221, dated March 12, 2010, as subsequently amended

Corporate Governance Code (also the Code) CRD V

The Italian "Corporate Governance Code" for listed companies approved in January 2020 by the Italian Corporate Governance Committee, made up of ABI, Ania, Assogestioni, Assonime, Confindustria and Borsa Italiana S.p.A.

Bank (also the Holding Company or Company)

Commissione Nazionale per le Società e la Borsa, the Italian Supervisory Authority that oversees transparency and correctness in conduct of subjects operating in the

Italian financial markets

(also the TUB)

Consolidated Law on Banking

Legislative Decree no. 385, dated

Capital Requirements Directive V, the European Parliament and Council's Directive 2013/36/EU, dated June 26, 2013, regarding access to the activity of credit institutions and the prudential supervision of credit institutions

September 1, 1993, as subsequently amended

UniCredit S.p.A.

CONSOB

Borsa Italiana

The company responsible for managing and overseeing the proper functioning of the Italian financial market in which financial instruments are exchanged and traded

CONSOB Issuers' Rules

Regulation implementing the Italian Consolidated Law on Finance governing issuers, adopted by CONSOB through Resolution no. 11971, dated May 14, 1999, as subsequently amended

Consolidated Law on Finance (also the TUF)

Legislative Decree no. 58, dated February 24, 1998, as subsequently amended

European Central Bank (ECB)

The central bank of the twenty European Union Member States that adopted the Euro

Financial year to which the Report
refers (also Reference Period)		 Group Remuneration Policy and
Report		 Italian Civil Code
January 1, 2022/December 31,
2022		 The Group Remuneration Policy and
Report, drawn up in accordance
with Section 123/ter of the TUF,
Section 84/quater of the CONSOB
Issuers' Rules and with Supervisory
Provisions on remuneration		 Royal Decree no. 262, dated March
16, 1942, as subsequently
amended
Legislative Decree no. 231/2001 Manager in Charge Ministry of Economy and Finance
Decree no. 169 dated November
23, 2020 (also Decree)
Legislative Decree no. 231, dated
June 8, 2001, containing the
framework that governs the
administrative responsibility of
legal persons, companies and
associations, with or without legal
liability, as subsequently amended		 The Manager charged with
preparing the company's financial
reports (pursuant to Section
154/bis of the Consolidated Law on
Finance)		 The Regulation on the
requirements and suitability
criteria for corporate officers of
banks, financial intermediaries,
"confidi", electronic money
institutions, payment institutions
and depositor guarantee schemes
to carry out their duties
Report Supervisory Authority Supervisory Regulations on
corporate governance
This "Report on corporate
governance and ownership
structure", referring to the 2022
financial year, made available on
the Company's website		 The European Central Bank, Banca
d'Italia, CONSOB, as defined above,
and/or any other independent
authority and/or administration at
national or EU level		 Provisions on banks' corporate
governance, laid down in Circular
no. 285, dated December 17, 2013
(First Part, Title IV, Chapter 1)
Supervisory Regulations on
remuneration		 UniCredit website
Provisions on remuneration and
incentive policies and practices at
banks and banking groups, as laid
down in Circular no. 285, dated		 The Company's website,
www.unicreditgroup.eu

December 17, 2013 (First Part, Title

IV, Chapter 2)

Issuer profile

Foreword

The overall corporate governance framework of UniCredit S.p.A. has been defined in compliance with applicable national and European provisions, as well as the recommendations contained in the Italian Corporate Governance Code approved by the Italian Corporate Governance Committee, made up of ABI, Ania, Assogestioni, Assonime, Confindustria and Borsa Italiana S.p.A..

Moreover, UniCredit is subject to the provisions contained in the Supervisory Regulations issued by Banca d'Italia and, specifically with regards to corporate governance issues, to regulations on banks' corporate governance (Circular no. 285/2013, First Part, Title IV, Chapter 1). In compliance with the aforementioned Supervisory Regulations, as a significant bank subject to the direct prudential supervision of the ECB as well as being a listed bank, UniCredit qualifies as a bank of large size or operational complexity, and consequently complies with provisions applicable to such banks.

As an issuer of shares that are also listed on the Frankfurt and Warsaw regulated markets, UniCredit also fulfils legal and regulatory obligations related to listings on said markets, as well as provisions on corporate governance stipulated under the Polish Corporate Governance Code issued by the Warsaw Stock Exchange.

The Italian Corporate Governance Code

In line with practice on major international markets, the Italian Corporate Governance Code identifies goals for a sound corporate governance, as well as the behaviours deemed appropriate for their achievements recommended by the Italian Corporate Governance Committee made up of ABI, Ania, Assogestioni, Assonime, Confindustria and Borsa Italiana S.p.A., to companies listed in Italy, to be applied according to the "comply or explain" principle that requires explanation in the corporate governance report of any reasons for failure to comply with one or more recommended best practices.

To ensure the ongoing consistency of the corporate governance code's recommendations against a backdrop of a changing market and investor expectations, in 2019 the Italian Corporate Governance Committee launched a review of the code, approved in its final version in January 2020. The adoption of this new version, based on principles of flexibility, proportionality also calibrated according to the company's size and ownership structures and neutrality with respect to the national provisions and the governance model specifically adopted, came into force starting from the 2021 financial year. Information on its implementation shall be included in corporate governance reports published during 2022.

Since 2001, UniCredit has adopted the Italian Corporate Governance Code, which is publicly available on the Italian Corporate Governance Committee website (https://www.borsaitaliana.it/comitato-corporategovernance/homepage/homepage.en.htm).

UniCredit, being a large company, applies the recommendations addressed to the category of "large companies".

The Code assigns the Italian Corporate Governance Committee the task of periodically monitoring the level of compliance with its provisions by the companies with listed shares that have stated their adherence to it.

Any possible area of improvement for listed companies' governance is highlighted in the annual Report on compliance with the Code and disclosed to the companies concerned. This practice is intended to encourage a more effective adoption of Code recommendations, and to promote an ongoing development of corporate governance at all listed companies, regardless of whether companies have formally adopted the Code or not.

The last letter sent by the Chair of the Italian Corporate Governance Committee, dated January 25, 2023, identified some areas where the implementation of the recommendations requires enhancement, and focused on:

  • dialogue with shareholders and with other relevant stakeholders
  • granting managerial powers to the chair (specifically addressed to companies where the chair is granted significant managerial powers)
  • pre-meeting information
  • managers' attendance to the meetings of the board of directors and board committees
  • guidelines on the optimal composition of the board of directors (specifically addressed to companies not qualifying as "companies with concentrated ownership")
  • directors' independence assessment
  • remuneration policies.

Said recommendations were submitted to the attention of the UniCredit Board Committees, in particular of the Corporate Governance & Nomination Committee (at its meeting held on February 21, 2023) and of the Remuneration Committee (at its meeting held on February 23, 2023), as well as of the Board of Directors (at its meeting held on February 24, 2023) and of the Board of Statutory Auditors (at its meeting held on February 9, 2023).

It should be noted that all the above highlighted areas of improvement have been subject to in-depth analysis and discussion by the Board and its Committees to strengthen the Company's corporate practices and to meet the growing expectations of the market.

As to the dialogue with shareholders and with other relevant stakeholders, please note that UniCredit adopted - already in 2019 - an engagement policy in order to manage any request for meetings and/or for information coming from UniCredit Shareholders, both institutional or non-, and/or any related proxy advisor, and addressed to the Board of Directors' non-executive members. The related rules are made available on the corporate website in the UniCredit Corporate Bodies and Committees Regulation (Annex E). Specifically, dialogue with Shareholders and/or any related proxy advisor is carried out by (i) the Chair of the Board of Directors, in agreement with the Chief Executive Officer, if the request concerns strategic corporate governance topics or the functioning of the Board of Directors; (ii) the Chief Executive Officer, in agreement with the Chair of the Board, if the request concerns strategic business topics or the bank's management. Committee Chairs may run the meetings only for the specific requests which fall under the remit of the Board Committee which they chair, and in prior agreement with the Chair of the Board. The Chair and the Chief

Issuer profile

Executive Officer ensure timely information flows to the Board of Directors on the key points of the discussions held with Shareholders and related updates.

With reference to the granting of managerial powers to the chair, please note that UniCredit's Chair does not hold any executive role.

Regarding pre-meeting information addressed to the Board, the Corporate Bodies and Committees' Regulation is in line with best practices and provides that information is made available to Directors at least three days before the Board meetings, unless there are exceptional events which prevent the documentation to be made available within said deadline. In such cases, the Chair ensures that the Chief Executive Officer provides an appropriate presentation of the relevant topic during the Board meeting. Such circumstances only occurred in some instances in 2022.

With reference to the managers' attendance to the meetings of the board of directors and board committees, upon invitation of the relevant Chair, the personnel belonging to the Company and the Group may attend Board of Directors' meetings and Board Committees' meetings on specific items on the Agenda. Said process is regulated in the Corporate Bodies and Committees' Regulation.

As to the guidelines on the optimal composition of the board of directors, UniCredit complies with the regulations of the Supervisory Authorities, as well as with the recommendations of the Italian Corporate Governance Committee. Specifically, in the run-up of the Board of Directors' renewal, the Board:

  • (i) establishes its optimal qualitative and quantitative composition for the effective performance of the duties entrusted to it by the law, by the provisions of the Supervisory Authority and by the UniCredit Articles of Association. Such theoretical composition is defined taking into account the results of the self-assessment process which focuses on the adequacy of the composition and functioning of the Board and its Committees;
  • (ii) informs Shareholders in due time so that they can identify candidates taking into account the skills required.

Shareholders may obviously carry out their own assessment of the Board's optimal composition and submit candidacies consistent with that assessment, giving their reasons for any difference vis-à-vis the analyses carried out by the Board itself.

With reference to the directors' independence assessment process, UniCredit has in place a structured process. According to said process, UniCredit gathers and analyses the information on the existence of direct or indirect relationships (credit, business/professional and employee relationships, as well as significant offices held) that Directors and their other connected subjects may have with UniCredit and Group companies. The process complies with the assessment criteria identified by the Company in order to reach a thorough analysis of both objective and subjective aspects concerning any relevant relationship, and is also based on quantitative parameters defined in monetary terms. Both the criteria and the result of the assessment process, which also includes a focus on the single individuals, are disclosed to the market through the annual corporate governance report. The Report also includes the outcomes of the Board of Statutory Auditors' assessment on the proper implementation of the mentioned procedures and related criteria.

Lastly, on the remuneration policies no critical elements emerged, considering that UniCredit's remuneration and incentive systems are already compliant with the recommendations of the Italian Corporate Governance Committee. Specifically, UniCredit includes in its remuneration policy and incentive systems information on (i) the nature and weight of the short and long-term variable components, (ii) the multiyears horizons for variable components consistent with the Company's strategic goals and sustainable success, as well as (iii) the performance targets linked to sustainable goals.

Overall - in view of the above - no issues emerged on the areas of improvement highlighted in the letter of the Italian Corporate Governance Committee, considering the good quality of the UniCredit corporate governance that is already compliant with the recommendations outlined in the letter and in the Italian Corporate Governance Code. Nonetheless, there could be still room for improvement regarding the timeliness of the information flows to Directors prior to the meetings.

The Report on corporate governance and ownership structure

On an annual basis, UniCredit draws up this Report for its Shareholders, institutional and non-institutional investors, and the market. The Report conveys appropriate information about the UniCredit corporate governance system.

Consistently with applicable legal and regulatory obligations, and in line with the Code's provisions, in its version as approved as at January 2020, this UniCredit Report on corporate governance and ownership structure was drafted in accordance with Section 123-bis of the TUF.

The Report approved by the Company's Board of Directors at its February 24, 2023, meeting is disclosed at the same time as the Report on Operations via the UniCredit website1 and on the website of the authorised "eMarket STORAGE" storage mechanism managed by Teleborsa S.r.l. (www.emarketstorage.com).

Unless expressly specified otherwise, the information contained in this Report refers to the date of December 31, 2022.

The Report was submitted to independent audit firm KPMG S.p.A. for its audit and its opinion on the consistency of certain specific information included in the Report itself with the financial statements, as well as their compliance with the legal provisions pursuant to Section 14, sub-section 2, letter e), of Legislative Decree no. 39/2010 (as last amended by Legislative Decree no. 135/2016) and Section 123-bis, sub-section 4, of the TUF. The results of the audit firm's activities are outlined in its reports attached to the 2022 UniCredit individual and consolidated financial statements.

It should be noted that the Report on Operations in the Consolidated Reports and Accounts contains a section entitled "Corporate Governance", in which the UniCredit corporate governance system is briefly described.

1 The UniCredit website address where the Report on corporate governance and ownership structure is available is: https://www.unicreditgroup.eu/en/governance/our-governance-system.html

Issuer profile

It should further be noted that the Company also draws up the yearly Integrated Report, which constitutes a non-financial declaration to fulfil the obligations under Sections 3 and 4 of the Legislative Decree no. 254/2016, implementing in Italy the Directive 2014/95/EU of the European Parliament and the Council dated October 22, 2014, as well as the Report TCFD (Task force on Climate-related Financial Disclosures)2.

Profile and structure

UniCredit S.p.A. is a company whose shares are listed on the Milan, Frankfurt and Warsaw regulated markets. As a bank, parent company of the UniCredit banking Group, pursuant to the provisions of Section 61 of the TUB, in addition to banking activities, it carries out guidance and coordination as well as control functions vis-à-vis its banking, financial and instrumental subsidiaries which compose the banking Group. UniCredit also carries out governance and coordination activities pursuant to Article 2497 and following of the Italian Civil Code with reference to Italian subsidiaries belonging to the UniCredit Group, directly and indirectly controlled by the same.

The Company is not subject to guidance and coordination by other legal entities.

The UniCredit organisation3 reflects an organisational and business model which maintains a divisional structure for the governance of business/products, as well as global control over Digital and Operation functions, while ensuring the autonomy of countries/local banks on specific activities to ensure increased proximity to the client and more efficient decision-making processes.

Shareholder structure

As at December 31, 2022, UniCredit share capital amounted to Euro 21,220,169,840.48, divided into 1,935,269,741 ordinary shares of no nominal value. The shares are issued in a dematerialised form and are indivisible as well as freely transferable.

At the same date, Shareholders were about 259,000; 90.66% of its share capital was owned by legal persons, and the remaining 9.34% by physical persons. UniCredit's Shareholders' composition is the result of analyses conducted on data deriving from the contents of the Shareholders' Register.

The representation provided by the Shareholders' Register is the best estimate of the composition of UniCredit's Shareholders base; however, its updating procedures are not such as to ensure that the composition represented corresponds to the actual Shareholder base at any given time.

2The UniCredit website address where the Company's Integrated Report and the Report TCFS are available is: https://www.unicreditgroup.eu/en/esg-and-sustainability/sustainability-reporting.html

3 The UniCredit website address where the Company's organisation structure is available is: https://www.unicreditgroup.eu/en/unicredit-at-a-glance/organizational-structure.html

Corporate governance model

UniCredit has adopted the traditional Italian management and control system based on the existence of two corporate bodies appointed by the Shareholders' Meeting: a Board of Directors, which is in charge of the strategic supervision and management of the Company, and a Board of Statutory Auditors, which is responsible for the supervision of management. In accordance with applicable provisions, legal accounting supervision is entrusted by the Shareholders' Meeting to an external audit firm, on proposal of the Board of Statutory Auditors.

UniCredit believes that this governance model has proven to be suitable for managing the business efficiently, while ensuring effective controls. That is, it creates the conditions for the Company to be able to guarantee the sound and prudent management of a complex and global banking group like the UniCredit Group.

Shareholders' Meeting

The Shareholders' Meeting is empowered to resolve both in ordinary and extraordinary session, albeit with different constitutive and resolving quorum depending on the specific topics on the Agenda.

In particular, in its ordinary session, the Shareholders' Meeting approves the financial statements, the allocation of net profits, the appointment of Directors and Statutory Auditors, and the assignment of the mandate for external auditing to an audit firm, resolving on the connected fees. Furthermore, it resolves on the remuneration and incentive policies and practices provided for under applicable provisions, and on criteria to determine compensation to be granted in the event of early termination of employment or early retirement from office.

In extraordinary session, the Shareholders' Meeting is empowered to resolve on amendments to the Articles of Association and on transactions of an extraordinary nature such as increases in share capital, mergers and de-mergers.

Ordinary Shareholders' Meeting

Extraordinary Shareholders' Meeting

Traditional system

Issuer profile

Those entitled to attend the Shareholders' Meeting are the holders of voting rights about whom the Company has received notification from the broker holding their accounts by the deadline stated under applicable provisions (i.e., the "record date", which is seven market trading days prior to the date set for the Shareholders' Meeting).

For more information on the Shareholders' Meeting, please see Section no. 3

Board of Directors

The UniCredit Board of Directors may be comprised of between a minimum of nine and to a maximum of twenty-four members. As at February 24, 2023, the number of Directors is twelve, and their term of office will expire on the date of the Shareholders' Meeting called upon to approve the 2023 financial statements.

At the Report's approval date, 42% of the Board members are Directors from the lessrepresented gender, and the 33% of them come from countries other than Italy.

Board members shall be appointed on the basis of a proportional representation mechanism ("voto di lista"). Legitimate parties entitled to submit slates are the Board of Directors and shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at ordinary Shareholders' Meetings.

The UniCredit Articles of Association envisage that, regardless of the total number of Board members, two Directors shall be appointed from the second slate receiving the highest votes, without any connection with the Shareholders who, jointly or severally, filed or voted for the slate that came first by number of votes, to ensure that the minority Shareholders have a greater presence on the Board of Directors.

In the appointment process, Shareholders are invited to take into account the qualitative and quantitative composition that the Board has deemed to be optimal for the effective fulfilment of the duties and responsibilities entrusted to the body with supervisory functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association, according to applicable provisions applicable on such topics also as concerning time commitments and the limits upon the maximum number of offices UniCredit Directors may hold.

Board members comply with the professional experience, integrity and independence requirements envisaged under applicable provisions, also of a regulatory nature, and under the Articles of Association.

Pursuant to the provisions of the Articles of Association, the Board of Directors has appointed a Chief Executive Officer, to whom it has entrusted the management of the Company within the terms and limits set by the Board itself.

The Board of Directors' function and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation4.

Record date

Number of members

Gender diversity

Directors' appointment

Directors appointed by minorities

Qualitative and quantitative composition

Requirements

Chief Executive Officer

4 The UniCredit website address where the Corporate Bodies and Committees Regulation is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies.html

For more information on the Board of Directors, please see Section no. 4

Board Committees

Also in line with the provisions of the Italian Corporate Governance Code, the Board of Directors has established five Committees, vested with research, advisory and proposal-making powers diversified by sector of competence: Internal Controls & Risks Committee, Corporate Governance & Nomination Committee, ESG Committee, Remuneration Committee and Related-Parties Committee. Their duties are undertaken based on terms of reference and procedures set forth by the Board.

The Board Committees' composition, functioning and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation.

For more information on the Board Committees, please see Section no. 5

Board of Statutory Auditors

Pursuant to the UniCredit Articles of Association, the ordinary Shareholders' Meeting appoints five permanent Statutory Auditors, among whom the Chair, and four substitute Statutory Auditors. As at February 24, 2023, the Board of Statutory Auditors is comprised of five permanent members. Their term of office expires on the date of the Shareholders' Meeting called to approve the 2024 financial statements.

At the Report's approval date, 40% of the Board of Statutory Auditors members are Auditors from the less-represented gender.

Board of Statutory Auditors' members shall be appointed on the basis of a proportional representation mechanism ("voto di lista"). The legitimate parties entitled to submit slates are shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at an ordinary Shareholders' Meetings.

The UniCredit Articles of Association establish that two permanent Statutory Auditors and two substitute Statutory Auditors shall be appointed by minorities. The Chair of the Board of Statutory Auditors shall be appointed by the Shareholders' Meeting among the Auditors elected by the minority.

In the appointment process, Shareholders are invited to take into account the qualitative and quantitative composition that the Board of Statutory Auditors has deemed to be optimal for the effective fulfilment of the duties entrusted to body with control functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association, according to applicable provisions.

The members of Board of Statutory Auditors in office are enrolled with the Italian Legal Auditors Register and meet the professional experience, integrity and independence requirements envisaged under applicable laws and regulatory provisions.

The Board of Statutory Auditors' functioning and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation.

Auditors' appointment

Gender diversity

Auditors appointed by minorities

Qualitative and quantitative composition

Requirements

Issuer profile

For more information on the Board of Statutory Auditors, please see Sections nos. 10 and 11

Diversity Policies

The Board of Directors' composition ensures the gender balance envisaged under the applicable provisions.

In the run-up of the Board of Directors' renewal for the 2021-2023 financial years, the outgoing Board of Directors made available to Company's Shareholders a theoretical profile for the Directors to facilitate the best choice of candidates to be presented to the 2021 Shareholders' Meeting called for the approval of the financial statements. More in detail, in the theoretical profile specific recommendations were formulated to ensure a balanced composition of knowledge, skills and experience and to promote inclusion and diversity across age, gender and geographic areas, as well as to adequately reflect UniCredit's status as Italy's only G-SIB (Global Systemically Important Bank).

When formulating its recommendations on the composition of the Board of Directors and its Committees, UniCredit recommended that its Shareholders filed slates of candidates in which at least two-fifths of candidates were drawn from the leastrepresented gender, in line with the relevant provisions.

It should be noted that UniCredit already recommended that its Shareholders abided by the above provisions on gender balance in its 2015 and 2018 qualitativequantitative profiles.

On the topic of diversity, when formulating its recommendations for the renewal of the Board of Directors for the 2021-2023 financial years, UniCredit reiterated the relevance of the following factors: (i) the international nature of the UniCredit Group, which suggests that proper consideration should be given to the presence of Directors with an international training and professional experience (regardless of nationality), (ii) the presence of members having knowledge, skills and technical experience that also allow them to understand the activities and main risks to which the UniCredit Group is exposed as well as (iii) different age of the members of the body. Furthermore, some areas of competence have been selected, with the recommendation that candidates preferably possess two or more of them.

Compliance with the diversity composition requirements identified in the 2021 qualitative-quantitative profile was checked by the Board at the end of the Directors' appointment process. Directors' personal qualities and gender diversity fully complied with the principles set in the theoretical profile. Furthermore, with reference to professional expertise accrued in the areas of competence envisaged under the profile, all the areas of competence were represented in the Board and the experience gained by all Directors was in line with the requirements provided for under the profile, considering that they possess good understanding of and experience in more than two of the required areas of competence. At the Report's approval date, the Board composition fully complies with the principles set in the theoretical profile; in particular, as to the gender diversity, the female component is above the quota established under the applicable provisions.

Directors' gender

Training, professional experience, age

The Board of Statutory Auditors' composition ensures the gender balance envisaged under the applicable provisions. Compliance with this requirement was achieved both during the appointment process of the body, and in the event of other changes to its composition.

In the run-up of the Board of Statutory Auditors' renewal for the 2022-2024 financial years, the outgoing Board of Statutory Auditors made available to Company's Shareholders a theoretical profile for the Statutory Auditors to facilitate the best choice of candidates to be presented to the 2022 Shareholders' Meeting called for the approval of the financial statements.

When formulating its recommendations on the composition of the Board of Statutory Auditors, UniCredit recommended that its Shareholders filed slates of candidates in which at least two-fifths of candidates were drawn from the least-represented gender, in line with the relevant provisions.

Furthermore, on the topic of diversity, specific recommendations were formulated to ensure a balanced composition of profiles and experiences and further promoting the diversity characteristics, in particular with regards to training, professional experience, gender diversity and age. Some areas of competence were also selected, with the recommendation that candidates preferably possess two or more of them.

It should be noted that UniCredit already recommended that its Shareholders abided by the applicable provisions on gender balance in its 2019 qualitative-quantitative profiles, even though there was no specific provision requiring the identification of the qualitative and quantitative composition deemed to be optimal also for the control body.

Compliance with the diversity composition requirements stated in the theoretical profile was checked by the Board of Statutory Auditors at the end of the Statutory Auditors' appointment process. The Statutory Auditors' personal qualities and gender diversity comply with the principles set in the theoretical profile. The body's composition fully comply with the applicable provisions and the principles set in the theoretical profile, is adequate for ensuring functionality and avoiding redundancy as well as ensures a balanced mix of profiles and experiences (legal auditing of accounts, control activities in the banking sector and/or at listed companies; professional activities in fields relating to the banking, financial and securities industries; teaching, at university level, on subjects in the field of banking operations, business economics, accountancy, and management of securities markets); all Statutory Auditors possess more than three of the areas of competence envisaged under the profile.

Moreover, it should be noted that in UniCredit there is an active and permanent induction program for the Board members, also to the benefit of the Board of Statutory Auditors members, consisting, inter alia, of recurring trainings sessions to preserve over time the expertise needed for the proper fulfilment of their duties.

With reference to the measures adopted by the Company to promote equal opportunities and treatment between genders within the whole organisation, it should be highlighted that at UniCredit, Diversity, Equity, and Inclusion (DE&I) are key tenets to be fulfilled in every key moment of its' employees' journey, from recruiting and onboarding, to learning and development, performance management and compensation, in line with the Group's Values - Integrity, Ownership and Caring - that

Statutory Auditors' gender

Training, professional experience, age

Gender in UniCredit

Issuer profile

guide all actions and behaviours. Through the Diversity, Equity, and Inclusion Global Policy, UniCredit further enhances inclusion within the whole organisation, to ensure that internal procedures, policies and practices promote such principles and nurture a supportive working environment where individual differences are respected and valued.

Moreover, UniCredit is committed to promote gender parity across all organisational levels and to ensure equal pay for equal work, providing equal opportunities and fair treatment.

UniCredit is accountable for the Diversity, Equity, and Inclusion progress, setting up a monitoring process that includes relevant DE&I metrics and KPIs in the Group People Analytics Dashboard as well as data on gender diversity alongside indicators related to the diversity of people. UniCredit also makes available, both internally and externally, relevant data, commitments and initiatives leveraging on the Group Integrated Report.

* * *

For further information on the UniCredit corporate governance structure, in addition to the specific Sections contained in this Report, please see the Company's website where such information is available alongside information of an economic and financial nature, data, and documents of interest to Shareholders in general.

Information on the ownership structure

2.1 Share capital structure

As at December 31, 2022, the UniCredit fully subscribed and paid-in share capital amounted to Euro 21,220,169,840.48, divided into 1,935,269,741 ordinary shares of no nominal value.

UniCredit shares are listed on the Milan, Frankfurt and Warsaw regulated markets, respectively on Borsa Italiana S.p.A. (Euronext Milan), on the Frankfurt Stock Exchange and on the Warsaw Stock Exchange. The shares traded on the aforesaid markets have the same characteristics and offer the same rights.

No other types of shares, equity instruments or convertible or exchangeable bonds have been issued.

As at February 24, 2023, the UniCredit fully subscribed and paid-in share capital amounts to Euro 21,220,169,840.48, divided into 1,935,269,741 ordinary shares of no nominal value.

Rights and obligations

Each ordinary share entitles holders to the right to cast one vote at ordinary and extraordinary Shareholders' Meetings. Shares give holders all the administrative and economic rights and obligations envisaged by law.

No stocks granting special controlling rights or special powers have been issued.

Other financial instruments granting the right to subscribe new shares

At the Report's approval date, there are no financial instruments granting the right to subscribe new shares linked to incentive systems.

For the sake of completeness, it should be noted that with regard to the capital increase approved by the Extraordinary Shareholders' Meeting of UniCredit S.p.A. on November 14, 2008, no. 967,564,061 ordinary shares, subscribed by Mediobanca - Banca di Credito Finanziario S.p.A. pursuant to the guarantee agreement executed with UniCredit S.p.A. were used to service the issue of and underlie Convertible and Subordinated Hybrid Equity-linked Securities ("Cashes") financial instruments. These Cashes were subscribed in full by institutional investors. Mediobanca gave the right of usufruct over such shares to UniCredit, maintaining bare ownership ("nuda proprietà") of the shares. As a result of reverse-split transactions on these shares conducted in December 2011 and January 2017, at the Report's approval date the number of the aforesaid ordinary shares is equal to 9,675,640.

2.2 Restrictions on stock transfers

At the Report's approval date, there are no restrictions on stock transfers, taking into account the 9,675,640 shares used to service the Cashes of which Mediobanca holds bare ownership (see the previous section on Share capital structure).

2.3 Relevant equity holdings

On the basis of the communications received in accordance with Section 120 of the TUF, direct and indirect relevant equity holdings as at December 31, 2022, registered on the Shareholders Register are stated below.

The Shareholders listed below hold more than 3%, and do not qualify for disclosure exemptions (as provided under Section 119/bis of CONSOB Rule no. 11971/99).

Declarant
Direct Shareholder		 % of ordinary
capital		 % of voting
capital
BlackRock Group 5.938% 5.938%
BlackRock Fund Advisors 1.631% 1.631%
BlackRock Institutional Trust Company,
National Association		 1.558% 1.558%
BlackRock Advisors (UK) Ltd 0.944% 0.944%
BlackRock Asset Management Deutschland
Ag		 0.778% 0.778%
BlackRock Investment Management (UK)
Ltd		 0.384% 0.384%
BlackRock Investment Management, Llc 0.283% 0.283%
BlackRock Advisors, Llc 0.122% 0.122%
BlackRock Asset Management Canada Ltd 0.083% 0.083%
BlackRock Japan Co. Ltd 0.064% 0.064%
BlackRock Investment Management
(Australia) Ltd		 0.049% 0.049%
BlackRock Financial Management, Inc. 0.036% 0.036%
BlackRock Asset Management North Asia
Ltd		 0.004% 0.004%
Aperio Group Llc 0.002% 0.002%
Blackrock (Singapore) Ltd 0.000% 0.000%
Blackrock International Limited 0.000% 0.000%
Allianz SE Group 3.598% 3.598%
Allianz Finance II Luxembourg S.à.r.l. 3.477% 3.477%
Allianz S.p.A. 0.101% 0.101%
Investitori Società di Gestione del
Risparmio Società per Azioni		 0.009% 0.009%
Allianz Lebensverischerungs Ag 0.008% 0.008%
Allianz Life Luxembourg Sa 0.002% 0.002%
Allianz Benelux Sa 0.001% 0.001%
Allianz Vie 0.001% 0.001%

Information on the ownership structure

At the Report's approval date, the information concerning the above-mentioned significant shareholdings in the share capital is unchanged.

There is no employee equity holding system in place whereby voting rights may be exercised by employee representatives.

2.4 Restrictions on voting rights

At the Report's approval date, there is no limitation on the exercise of voting rights.

At the Report's approval date, the voting rights of the 9,675,640 UniCredit shares subscribed by Mediobanca pursuant to the guarantee agreement executed with UniCredit S.p.A. and used to service the Cashes, in relation to which the aforementioned party granted a usufruct right to UniCredit, do not have voting rights (see the previous section on Share capital structure).

The Company knows of no Shareholders' agreements among relevant Shareholders as defined by Section 122 of the TUF.

2.5 Changes to control clauses and by-laws provisions on public purchase offers

UniCredit S.p.A. is not a Company controlled by any Shareholder or subject to any Shareholder agreement, as provided for under Italian law.

No UniCredit subsidiaries executed agreements that may be considered relevant pursuant to Section 123/bis of the TUF.

* * *

The UniCredit Articles of Association do not envisage exceptions to the provisions on the passivity rule envisaged under Section 104, sub-sections 1 and 1-bis, of the TUF.

The Articles of Association do not envisage the application of the counteracting rules envisaged under Section 104/bis, sub-sections 2 and 3, of the TUF.

2.6 Delegation of power to increase share capital and authorisations to purchase own shares

The Board of Directors was empowered by the Shareholders' Meeting to execute free share capital increases, with the exclusion of option rights, to service incentive plans for UniCredit Group employees (see Clause 6 of the Articles of Association). The Board of Directors was not granted any authority to issue other equity instruments.

The UniCredit Shareholders' Meeting held on April 11, 2019, resolved an authorisation to purchase and dispose of treasury shares so that, also taking into account market trends and the strategy the Company pursued, the Board could start the procedure aimed at achieving a revocation from trading of the UniCredit shares acquired on the Warsaw Stock Exchange and registered with the Polish National Depository of Securities, in accordance with the resolution taken on September 2017 concerning a strengthening of corporate governance. On October 11, 2020,

such authorisation lapsed. Hence, a new authorisation in favour of the Board of Directors to purchase and dispose of treasury shares was resolved by the Shareholders' Meeting convened on April 15, 2021. On October 15, 2022, such authorisation lapsed too; moreover, in February 2022 the Board of Directors had already ascertained the absence of the conditions for launching the purchase of UniCredit shares aimed at initiating the procedure to obtain the delisting of the UniCredit shares from the Warsaw Stock Exchange.

Furthermore, the UniCredit Shareholders' Meeting, with the resolution adopted in its meeting held on April 8, 2022, as updated and integrated on September 14, 2022, authorised the Board of Directors to lunch a programme for the purchase of treasury shares and their consequent cancellation with no reduction in the share capital aimed at increasing remuneration in favour of Company's Shareholders (i.e., the 2021 Buy-Back Programme).

On November 30, 2022, the 2021 Buy-Back Programme was concluded and at the Report's approval date, UniCredit does not hold treasury shares (the relevant cancellation was completed on December 19, 2022).

Shareholders' Meetings

In compliance with the applicable provisions, the UniCredit Articles of Association envisage that the ordinary Shareholders' Meeting is convened at least once a year, within 180 days of the end of the financial year, to resolve upon the issues for which it is responsible pursuant to applicable laws and the Articles of Association. An extraordinary Shareholders' Meeting is convened, instead, whenever it is necessary to resolve upon any of the matters that are exclusively attributed to its jurisdiction by applicable laws.

Shareholders' Meetings are held on single call, in accordance with the provisions of law. However, to maintain adequate organisational flexibility, the Articles of Association retain the option for the Board to issue more than one call for single meetings.

In accordance with legal and regulatory requirements, Shareholders' Meetings are convened via a notice published on the Company's website, as well as through other channels provided for under applicable laws and regulatory provisions, including publication in daily newspapers in extract form. The Agenda of the Shareholders' Meeting is established in accordance with legal requirements and the Articles of Association by whomever exercises the power to call a Meeting.

By the deadline for publication of the Shareholders' Meeting call of notice provided for each item on the Agenda - or by any other deadlines envisaged under other legal provisions - the Board of Directors shall make publicly available a report on each of the items on the Agenda.

The right to ask for the integration of the Agenda may, according to the cases, methods and terms outlined in the applicable provisions, be exercised by Shareholders who individually or jointly represent at least 0.50% of share capital. Shareholders requesting additions to the Agenda shall prepare a report stating the reason for their resolution proposals on the new matters they propose for discussion. Shareholders may also submit further resolution proposals on items already on the Agenda, stating the reasons thereof.

The Shareholders' Meeting shall take place at the Company's Registered Office in Milan or at another location in Italy, as indicated in the Meeting call notice. The Meeting resolves with the majorities envisaged under applicable laws.

The Articles of Association do not provide for particular quorum. Relevant legal and regulatory provisions must be complied with for a Shareholders' Meeting and the resolutions it takes, to be valid.

In compliance with the provisions set forth in Article 2365 of the Italian Civil Code, Clause 23 of the Articles of Association grants the Board of Directors authority over resolutions on the following:

  • changes made to the Articles of Association to comply with legal requirements;
  • merger through incorporation of companies in situations envisaged under Articles 2505 and 2505-bis of the Italian Civil Code;
  • de-merger of companies in situations envisaged under Article 2506-ter of the Italian Civil Code;
  • the reduction of share capital in the event of a Shareholder withdrawing;
  • decisions on which Directors, in addition to those indicated in the Articles of Association, may represent the Company.

In compliance with the Articles of Association and pursuant to applicable provisions issued by Banca d'Italia concerning the remuneration and incentive policies and practices for banks and banking groups, in addition to establishing the compensation payable to the corporate bodies appointed by the Shareholders' Meeting, in its ordinary session the Shareholders' Meeting approves: (i) remuneration and incentive policies for members of the supervisory, management and controlling bodies, as well as for remaining employees; (ii) equity-based compensation schemes; (iii) the criteria for determining the compensation to be granted in the event of early termination of employment or early retirement from office including the limits set for said compensation in terms of number of years of fixed remuneration as well as the maximum amount deriving from their application. Furthermore, during approval of remuneration and incentive policies, the ordinary Shareholders' Meeting may

exercise the faculty to determine a ratio of variable-to-fixed remuneration for employees higher than 1:1, but in any case not exceeding a ratio of 2:1. In accordance with Section 123-ter of the TUF, the Shareholders' Meeting resolves on the Group Remuneration Policy and Report, explaining, inter alia, the Company's policy on the remuneration of Board of Directors members, the General Manager (when appointed), Executives with strategic responsibilities and, without prejudice to the provisions set forth by Article 2402 of the Italian Civil Code, Board of Statutory Auditors members, as well as the procedures used to adopt and implement this policy.

The Shareholders' Meeting is informed about the ways in which the Remuneration Committee may exercise its functions and on the activities it has carried out via the "Group Remuneration Policy and Report".

Legitimation, how to attend and voting rights

Pursuant to applicable provisions, the holders of voting rights from whom the Company has received notification through the broker holding their accounts by the deadline established by law are entitled to attend the Shareholders' Meeting. Those who hold voting rights may be represented at the Shareholders' Meeting via a written proxy. Since 2011 UniCredit identifies for each Shareholders' Meeting a "Designated Proxy-Holder" to whom the holders of voting rights may grant a proxy inclusive of voting instructions regarding all, or some of, the items on the Agenda free of charge.

The UniCredit Articles of Association provide an option for voting rights holders to participate remotely at Shareholder's Meetings via means of telecommunications, and to exercise their voting rights using electronic methods, referring the decision to activate such instruments to the Board of Directors on a single meeting basis.

As a rule, all Directors attend the Shareholders' Meeting.

The Board reports to the Shareholders' Meeting on the activities performed and planned within the framework of the management report. Furthermore, it makes every effort to ensure adequate information on all relevant items so as to enable Shareholders to take informed decisions on matters within their sphere of competence, in particular by ensuring that Directors' Reports and any additional information has been made available within the time frame established by law and by regulatory provisions in force.

Information on the functioning of the Shareholders' Meeting and on the exercise of Shareholders' rights is available on the Company's website (https://www.unicreditgroup.eu/en/governance/shareholders.html).

Shareholders' Meetings conduct

Since 1998 the Shareholders' Meeting has adopted rules oriented towards ensuring the orderly and effective conduct of ordinary and extraordinary meetings. The Regulations governing general meetings, most recently approved in April 2018, are available online at the UniCredit S.p.A. website under the Governance/Shareholder Section5.

Clause 7 of the Regulations on general meetings states that those entitled to attend the Shareholders' Meeting are entitled to take the floor in respect of each of items presented for discussion. Shareholders intending to exercise this right must ask the Chair for permission, via the Notary or the Secretary, providing the Chair with a written request containing details of the issue or the issues to which the request refers to, up until he declares discussions regarding the issue or the issues the request to take the floor refers to are closed. The Chair usually allows persons to take the floor as per the chronological order in which they have submitted their requests. The Chair may moreover authorise the submission of requests to take the floor by a show of hands.

5 The UniCredit website address where the Regulations governing general meetings are available is:

http://www.unicreditgroup.eu/en/governance/shareholders.html

Shareholders' Meetings

* * *

In 2022, UniCredit's market capitalisation decreased by ca. 4.5 billion, reaching 25.7 billion. In a negative trend for the European banking sector, UniCredit's stock price performance was -2.01%, overperforming (+1.18%) the sector benchmark (the performance of SX7P index, comprising the 600 largest banks in Europe, was -3.2% over the reference period).

As to changes that affected the Shareholder structure, during 2022, taking into account the threshold of market disclosure obligations that qualify as relevant shareholdings according to the TUF, BlackRock Inc. stayed above the 5% threshold.

No proposals were put to the Shareholders' Meeting to amend the Articles of Association with regard to the percentages set for exercising rights and prerogatives to safeguard minorities.

Board of Directors

4.1 Appointment and replacement

In accordance with applicable legal and regulatory provisions, UniCredit Directors are appointed on the basis of a proportional representation mechanism ("voto di lista") in compliance with composition criteria concerning, among others, minority and independent Directors, and gender balance (for more on this, please see Clause 20 of the Articles of Association, available for consultation on the UniCredit website6).

The legitimate parties who are entitled to submit slates are the Board of Directors and Shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at the ordinary Shareholders' Meetings. Each party entitled to file a slate of candidates may submit or contribute to the submission of just one slate (including via proxies or trustee companies). Shareholders belonging to the same group or Shareholders who are parties to a Shareholders' agreement concerning UniCredit shares may not submit more than one slate (including via proxies or trustee companies). Candidates must be included in one slate only, otherwise they are ineligible.

The UniCredit Articles of Association envisage that, regardless of the total number of the Board members, two Directors shall be appointed from the second slate receiving the highest votes, without any connection with the Shareholders who, even jointly, filed, or voted for, the slate first by number of votes, to ensure to the minority Shareholders a greater presence on the Board of Directors.

In compliance with the provisions of Section 147-ter of the TUF, UniCredit established that slates of candidates for the position of Director should be filed at the Registered Office no later than the twenty-fifth day prior to the date of the Shareholders' Meeting called to resolve on the appointment of members of the Board. Slates must be made publicly available at the Registered Office, on the Company's website and via other channels provided for under applicable laws, at least twenty-one days prior to the date of the Shareholders' Meeting. As regards the minimum percentage of share capital needed to submit a slate, Clause 20, sub-section 5, of the Articles of Association specifies that the percentage must be equal to 0.5% of the share capital in the form of shares with voting rights at an ordinary Shareholders' Meetings, consistent with the minimum shareholding percentage established by CONSOB on the basis of the provisions of Section 147-ter of the TUF (Section 144-quater of the CONSOB Issuers' Rules). Ownership of the minimum number of shares required to file a slate is calculated with regard to the shares registered for each individual Shareholder, or for several Shareholders together, on the day on which the slates are filed with the Company.

Other than those set out under law, no particular rules apply to amending the Articles of Association.

In compliance with applicable provisions, the Board of Directors establishes its qualitative and quantitative composition deemed to be optimal for the effective fulfilment of the duties and responsibilities entrusted to the body with supervisory functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association. The Board also establishes requirements for UniCredit Directors to meet, in addition to the possession of requirements envisaged under applicable provisions.

Before appointing new members, the Board shall inform Shareholders on the composition deemed to be optimal in order that the expertise required may be taken into consideration in the choice of candidates. Shareholders may obviously carry out their own assessment of the optimal composition of the body with supervisory functions, and file candidacies consistent with that assessment, giving their reasons for any difference vis-à-vis the analyses carried out by the Board. The outcomes of the check on the matching between the qualitative and quantitative composition deemed to be optimal and the one resulting from the appointment process are disclosed to Shareholders, to allow

6 The UniCredit website address where the Articles of Association are available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/articles-association-code-ethics.html

them to take the proper measures, in due time before the first Shareholders' Meeting called for the approval of the financial statements following the renewal of the body or of the majority of its members.

With regard to the qualitative and quantitative composition of the Board of Directors and the profile necessary for candidates to the position of Director, and in particular the time commitment and limits upon the maximum number of offices Directors may hold, as well as the diversity composition criteria for the body with supervisory functions, reference is made to the document7 "Qualitative and Quantitative Composition of the UniCredit S.p.A. Board of Directors" - as most recently approved on March 3, 2021 - published on the Company's website, and in the information provided in Section 4.2 "Composition".

* * *

Based on the discussions that took place in the Corporate Governance, Nomination and Sustainability Committee (now called Corporate Governance & Nomination Committee), the Board of Directors approved over time some actions to improve UniCredit governance and to align it with best national and international practices, including, inter alia, significant changes to the Board's composition recommended to Shareholders, who decided on the composition of the Board. Such actions, in view of the 2021 renewal, included in particular:

  • a reduction in number to thirteen Directors;
  • a maximum number of three mandates for Board members.

Furthermore, the Articles of Association was amended to:

  • also empower the outgoing Board of Directors, in the event of its renewal, with the faculty to file its own slate of candidates;
  • increase from one to two the number of Directors selected from the second slate having received the highest number of votes, without any connection with the Shareholders who, jointly or severally, filed, or voted for the slate first by number of votes, regardless of body composition.

On the topic, the procedure for identifying candidates for the posts on the Board of Directors, including the posts of Chair and the Chief Executive Officer, was approved by the Board8.

Succession plans

With reference to the recommendations in CONSOB Resolution no. DEM/11012984 dated February 24, 2011, and to the provisions of Article 4, recommendation 24, of the Italian Corporate Governance Code, please be informed that, since 2006, UniCredit has in place a structured process, aimed at managing and developing the leadership pipeline across the Group, called Succession Planning related to all Group Executives (approximately 2,400), including the Chief Executive Officer position.

7 The UniCredit website address where the "Qualitative and Quantitative Composition of the UniCredit S.p.A. Board of Directors" is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies/selection-and-composition.html

8 The UniCredit website address where the "Process for selecting candidates" approved by the Board of Directors is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies/selection-and-composition.html

Board of Directors

Number UNICREDIT BANDING SYSTEM VALIDATION ORGA LEVEL PROCESS
14 CEO-GEC Corporate Governance &
Nomination Committee / BoD		 GEC-1 & GROUP
జ 107 EVP Head of Group P&C / CEO* Above SUCCESSION
PLANNING
= 371 SVP Head of Group P&C GEC-2 &
Below
= 1900 FVP Managers PERFORMANCE
MANAGEMENT		 LOCAL
SUCCESSION
= 73k BAND 0-3 Managers PLANNING
8
TALENT
MANAGEMENT

Process

Performance Management and Succession Planning are integrated processes starting with individual appraisal and managerial appraisal, the latter followed by a number of calibrations at local and Group level, ultimately aiming at having a consistent Group view of each Executive.

Consolidated outcomes are presented to the Chief Executive Officer and to the Head of the Group People & Culture function to define career/succession plans for Executives holding top positions at Group level, as well as for key players in positions below them.

Timing wise, the update of the succession plans occurs on a yearly basis. As a rule, at the end of each cycle, a results summary is discussed by the Committee specifically devoted to corporate governance issues (the Corporate Governance & Nomination Committee), which reports to the Board of Directors on the main points discussed.

During the year, the Corporate Governance & Nomination Committee regularly analyses the evolution of the succession planning for the Chief Executive Officer and his first reporting line.

Moreover, the Chief Executive Officer succession planning is reviewed on a periodical basis, with regular processes of internal and external scouting for potential successors identification. Outcomes of this processes are shared with the Corporate Governance & Nomination Committee and/or with the Chair of the Board of Directors.

Content

Performance Management and Succession Planning are based on the Group values and foster Group Leaders growth, ensuring business continuity and sustainability through an identification of short, medium and long-term successors for all key managerial positions.

In the event of early or unforeseen replacement of Executives, including the Chief Executive Officer, the Succession Planning's results serve as the reference point for the evaluation of possible candidates and decisions on new appointments.

4.2 Composition

Pursuant to the Articles of Association, the UniCredit Board of Directors may be comprised of between a minimum of nine up to a maximum of twenty-four members. As at February 24, 2023, the number of Directors is twelve.

Directors' term in office is three financial years, unless a shorter term is established at such time as they are appointed and ends on the date of the Shareholders' Meeting called to approve the financial statements relating to the last year in which they are in office.

The ordinary Shareholders' Meeting held on April 15, 2021, appointed Directors for financial years 2021-2023, whose term runs until the date of the Shareholders' Meeting called to approve the 2023 financial statements.

According to Clause 20 of the Articles of Association and pursuant to applicable laws and regulations, the Board submitted a proposal to the abovementioned ordinary Shareholders' Meeting to establish the number of Directors and appoint them. In such circumstance, the Board recommended that when submitting slates of candidates Shareholders should take into account the document on the Board of Directors' qualitative and quantitative composition deemed to be optimal for the effective fulfilment of its duties and responsibilities, as approved by the Board in March 2021.

As expressly provided for in the Articles of Association, with reference to the faculty held by the Board of Directors to submit its own slate of candidates, on March 3, 2021, the outgoing Board unanimously approved its own slate of candidates to the post of Director. In execution of its March 2021 resolutions, the Board submitted a proposal to the Shareholders' Meeting to set the number of the Board of Directors' members at thirteen, including one Chair and one Deputy Vice Chair. Slate candidates were chosen via the procedure for identifying candidates approved by the Board. The criteria adopted for issuing this slate complied with the requirements highlighted in the qualitative and quantitative profile approved by the Board.

Two slates were submitted, filed and published according to the deadline and in the terms provided for under applicable provisions and the Articles of Association, specifically:

  • Slate no. 1 was submitted by the outgoing Board of Directors:
  • Mr. Pietro Carlo Padoan (designated as Chairman), Mr. Andrea Orcel (designated as Chief Executive Officer), Mr. Lamberto Andreotti, Ms. Elena Carletti, Ms. Jayne-Anne Gadhia, Mr. Jeffrey Alan Hedberg, Ms. Beatriz Ángela Lara Bartolomé, Mr. Luca Molinari, Ms. Maria Pierdicchi, Ms. Renate Wagner and Mr. Alexander Wolfgring;

Board of Directors

Slate no. 2 was submitted by several Funds, with an overall shareholding equal to 1.55% of the share capital: Ms. Francesca Tondi and Mr. Vincenzo Cariello.

In addition to the above slates, the following documentation was submitted and published in accordance with prescribed deadlines and procedures:

  • the statement of Shareholders, others than those who, also jointly, hold a controlling or relative majority shareholding, stating that there is no connection with the latter, even indirectly, pursuant to Section 144 quinquies of CONSOB Issuers' Rules, taking into account the recommendations issued by CONSOB in Communication no. DEM/9017893, dated February 26, 2009;
  • an exhaustive information on the personal and professional characteristics of the candidates indicated on the slate (such as: curriculum vitae and a list of the supervisory, managerial and controlling offices held in banks and other commercial companies);
  • the statements where each candidate accepts the position (subject to their appointment) and attests, under their own responsibility, the absence of ineligibility, forfeiture or incompatibility situations, and that they meet the requirements established under the applicable provisions, also of a regulatory nature;
  • the statements by each candidate concerning their fulfilment or not of the independence requirements pursuant to Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020, Section 148 of the TUF, the UniCredit Articles of Association and the Italian Corporate Governance Code as well as information on knowledges and expertise gained in the areas covered by the theoretical profile.

Information on the personal and professional characteristics of each candidate, as shown in their curriculum vitae, statements envisaged under applicable laws and the UniCredit Articles of Association as well as those provided for in the theoretical profile, and, more specifically, statements certifying their compliance or otherwise with the independence requirements prescribed by law and in the Italian Corporate Governance Code, may be found on the UniCredit website (https://www.unicreditgroup.eu/en/governance/shareholders.html). In particular, when submitting their candidacies Mr. Andreotti, Mr. Cariello, Ms. Carletti, Ms. Gadhia, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Ms. Pierdicchi, Ms. Tondi and Mr. Wolfgring declared their independence pursuant to the Decree, the TUF, the Articles of Association and the Italian Corporate Governance Code. Mr. Padoan declared his independence pursuant to the TUF, the Articles of Association and the Italian Corporate Governance Code and Ms. Wagner declared her independence pursuant to the Decree and the TUF.

The Shareholders' Meeting held on April 15, 2021, after resolving that the members of the Board of Directors should in total be thirteen as proposed by the outgoing Board, appointed the following Directors for the financial years 2021-2023:

  • Mr. Pietro Carlo Padoan, Mr. Andrea Orcel, Mr. Lamberto Andreotti, Ms. Elena Carletti, Ms. Jayne-Anne Gadhia, Mr. Jeffrey Alan Hedberg, Ms. Beatriz Ángela Lara Bartolomé, Mr. Luca Molinari, Ms. Maria Pierdicchi, Ms. Renate Wagner and Mr. Alexander Wolfgring were appointed from Slate no. 1, obtaining the majority of the Shareholders' votes;
  • Ms. Francesca Tondi and Mr. Vincenzo Cariello were appointed from Slate no. 2, voted for by the minority of the Shareholders.

In April 2021, Mr. Gianpaolo Alessandro, General Counsel of the UniCredit Group, was confirmed as Board Secretary.

The Board composition resulting from the appointment process was:

  • quantitatively corresponding to that identified as optimal by the Board itself. The Board had determined in thirteen, the quantitative composition deemed to be optimal and the Shareholders, who are in charge to decide on the matter, agreed on such proposal, which was consequently approved by the Shareholders' Meeting;
  • qualitatively corresponding to the theoretical profile established by the Board, as well as suitable pursuant to the ECB "Guide to fit & proper assessment".

More specifically, also taking into consideration information provided by the person concerned, compliance was achieved vis-à-vis requirements concerning experience, competence, integrity, fairness and independence, the requirements of independence of mind, also considering the specific mitigation measures identified, as well as the adequate time to perform their duties (the time commitment recommended for an effective attendance at the Board and Committees meetings and limits upon the maximum number of offices a Director may hold9 established under the applicable provisions).

With reference to the time commitment recommended for effective attendance at Board and Committees meetings, all Directors, inter alia, declared their ability to commit sufficient time to duly perform their functions. The commitments Directors declared were deemed to be compatible with the commitment required to conduct their duties at UniCredit, including sitting on Board Committees, where applicable.

Furthermore, with reference to professional expertise accrued in areas of competence envisaged under the theoretical profile [i.e., banking business, banking governance, risk and control, legal and regulatory, strategic planning, accounting & audit, financial and international markets, digital and technology and sustainability (ESG)], all these areas were represented on the Board. Considering that, in addition to their international experience, they possess a good understanding of and experience in more than two areas of competence envisaged in the qualitative and quantitative profile, the experience gained by all Directors is in line with the requirements identified in the profile.

Regarding the "collective suitability", the personal qualities of Directors, as well as age and gender diversity, fully complied with the applicable provisions and the principles set in the Board theoretical profile. In particular, as to the gender diversity, the female component was equal to 46%, above the composition criterion for the less represented gender set forth by the provisions equal to at least two-fifths of the appointed Directors.

The outcomes of the check on the matching between the qualitative and quantitative composition deemed to be optimal and the one resulting from the appointment process were disclosed to Shareholders via a press release (on February 15, 2022), to allow them to take the proper measures, in due time before the April 8, 2022, Shareholders' Meeting, the first Shareholders' Meeting called for the approval of the financial statements following the renewal of the body.

Respectively on July 5 and November 9, 2022, the Board of Directors reviewed the independence requirement for Director Ms. Wolfgring and Chairman Mr. Padoan:

  • acknowledging that Director Mr. Wolfgring is no longer independent according to the Italian Corporate Governance Code and the Decree as he has been a Director of UniCredit for more than 9 years in the last 12 years; and
  • assessing with a positive outcome the independence requirement of Chairman Mr. Padoan according to the Decree, as more than 2 years have passed since the withdrawal from his parliamentary office.

Following the resignation of Director Ms. Jayne-Anne Gadhia, the Board of Directors, in its meeting held on February 16, 2023, deemed appropriate to propose to the Shareholders' Meeting called for approving the 2022 financial statements the reduction at 12 of the number of Directors, in order to ensure continuity in the Board's activities while preserving an optimal set-up. The Board, as composed by 12 Directors at the Report's approval date, fully complies with the necessary requirements established by law and with the principles identified by the Board itself in its theoretical profile of March 2021. Its collective composition presents an adequate diversity in terms of gender balance (with a quota equal to 42% of women, which is above the minimum threshold envisaged by the applicable provisions) and of geographical mix. Moreover, there is an adequate number of professional profiles which foster a constructive debate within the Board. All Directors proved also to commit sufficient time for an effective attendance at Board meetings and the significant number of independent Directors ensures the efficient functioning of the Board.

9 See the following section on the "Maximum number of offices held at other companies"

Board of Directors

As to the "collective suitability", in particular:

  • all Directors have international experience and almost all Directors have competencies in financial and international markets;
  • 83% of the Directors has expertise in strategic planning;
  • 75% of the Directors has expertise in sustainability (ESG);
  • 67% of the Directors has expertise in banking business and in legal and regulatory;
  • 58% of the Directors has expertise in banking governance, risk and control, accounting and audit, while 33% of the Directors covers the digital and technological area;
  • on average, the Directors possess seven of the areas of competence identified by the Board.

The following chart shows the Board of Directors' composition at the Report's approval date, and any changes that occurred during and/or after the 2022 financial year.

Position Members since In office
until		 (M/m)*
Slate		 Executive Non-executive Code
per
as
Independent		 TUB
per
as
Independent		 TUF
per
as
Independent		 **
meetings
%
attendance
Board		 positions
other
of
Number
***
Chairman Padoan Pietro Carlo 15-04-2021 Approval of 2023
financial
statements		 M X X X X 100 --
Deputy Vice
Chairman		 Andreotti Lamberto 15-04-2021 Approval of 2023
financial
statements		 M X X X X 89.47 1
Chief
Executive
Officer ◊		 Orcel Andrea 15-04-2021 Approval of 2023
financial
statements		 M X 100 1
Director Cariello Vincenzo 15-04-2021 Approval of 2023
financial
statements		 m X X X X 100 1
Director Carletti Elena 15-04-2021 Approval of 2023
financial
statements		 M X X X X 100 --
Director Hedberg Jeffrey Alan 15-04-2021 Approval of 2023
financial
statements		 M X X X X 89.47 4
Director Lara Bartolomé Beatriz
Ángela		 15-04-2021 Approval of 2023
financial
statements		 M X X X X 100 1
Director Molinari Luca 15-04-2021 Approval of 2023
financial
statements		 M X X X X 100 1
Director Pierdicchi Maria 15-04-2021 Approval of 2023
financial
statements		 M X X X X 100 3
Director Tondi Francesca 15-04-2021 Approval of 2023
financial
statements		 m X X X X 94.74 2
Director Wagner Renate 15-04-2021 Approval of 2023
financial
statements		 M X X X 78.95 2
Director Wolfgring Alexander 15-04-2021 Approval of 2023
financial
statements		 M X X 100 2
Directors who left during and after the Reference Period
Director Gadhia Jayne-Anne (1) 15-04-2021 07-02-2023 M X X X X 100 1
Quorum required for submission of slates for the latest appointment: 0.5%
No. of meetings held during the Reference Period: 19
NOTE:
* M = Member elected from the slate that obtained the majority of the Shareholders' votes
m = Member elected from the slate voted for by the Shareholders' minority
** Number of meetings attended/number of meetings held during the concerned party's term of office with regard to the Reference Period
*** Number of positions as Director or Auditor held at other listed companies or large companies. A list of such companies for each Director is attached to the Report
Director in charge of the internal controls and risks management system
(1) Resigned effective from February 7, 2023

The Board of Directors members comply with the requirements envisaged under applicable provisions. Directors' personal qualities comply with the indications of the theoretical profile approved by the Board of Directors in March 2021 and meet the suitable requirements under the ECB's "Guide to fit and proper assessments".

For more details on the composition of this corporate body and on personal and professional characteristics of each Director and of the Board Secretary, please see the information published on the UniCredit website10. With regard to the requirements UniCredit Directors must meet, in addition to those envisaged under applicable laws and regulatory provisions, please see the "Qualitative and Quantitative Profile of UniCredit S.p.A. Board of Directors" document, which is published on the Company's website.

The following charts shows the composition of the Board of Directors at the Report's approval date.

Directors' seniority in office since their first appointment date

Directors First appointment
date		 Directors First appointment
date
Andreotti Lamberto April 2018 Orcel Andrea April 2021
Cariello Vincenzo April 2018 Padoan Pietro Carlo October 2020
Carletti Elena February 2019 Pierdicchi Maria April 2018
Hedberg Jeffrey Alan April 2021 Tondi Francesca April 2018
Lara Bartolomé Beatriz Ángela February 2020 Wagner Renate April 2021
Molinari Luca April 2021 Wolfgring Alexander May 2013

10 The UniCredit website address where the information on Directors is available is:

https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-directors.html

Board of Directors

Executive and non-executive Directors Renewal rate Independence

Age and gender breakdowns

Geographical mix Minorities

33% 67% 17%
Other countries Italv

Core competencies

Each Director with his/her theoretical and practical experience allows the Board to understand the Company's activities and main risks. The skills matrix reflects the core competencies, envisaged in the March 2021 theoretical profile, that the Board of Directors deemed to be significant in assessing both the personal qualities and the collective suitability of its own members.

* * *

The following chart highlights the means of attendance of Directors (in office as at December 31, 2022) at Board meetings held in 2022. In 2022 the attendance to the meetings was allowed both in person and remotely. According to the precautionary health and safety measures adopted by UniCredit within the Covid-19 emergency, for the purposes of reporting on their attendance, the presence to the Board meetings held from January up to April 2022 was counted as physical one.

2022
Board of Directors Attendance % Means of attendance
Meetings physical by teleconference via phone
Padoan Pietro Carlo (Chairman) 19 19 100% 16 3
Andreotti Lamberto (Deputy Vice Chairman) 19 17 89.47% 13 4
Orcel Andrea (Chief Executive Officer) 19 19 100% 17 2
Cariello Vincenzo 19 19 100% 16 3
Carletti Elena 19 19 100% 17 2
Gadhia Jayne-Anne 19 19 100% 15 4
Hedberg Jeffrey Alan 19 17 89.47% 14 3
Lara Bartolomé Beatriz Ángela 19 19 100% 16 3
Molinari Luca 19 19 100% 15 4
Pierdicchi Maria 19 19 100% 15 4
Tondi Francesca 19 18 94.74% 16 2
Wagner Renate 19 15 78.95% 11 4
Wolfgring Alexander 19 19 100% 15 3 1
average attendance 247 238 96.36% 196 41 1

Board of Directors

Time commitment and number of offices

Based upon the nature, quality and complexity of the office, and given the provisions contained in the relevant regulations, having sufficient time to fulfil the role is an essential requirement that Directors must guarantee, including in relation to activities arising from taking part in Board Committee proceedings.

According to its qualitative and quantitative profile, the UniCredit Board recommends that candidates accept the office only if they believe they are able to dedicate the necessary time to that position, considering the following factors: their other professional or personal commitments and circumstances, as well as performing roles at other companies; the nature, scale and complexity of the activities performed, the size and the situation of the entities where such positions are held, and the place or country where such entities are based.

Also in line with the ECB guidelines, the Board carried out an estimate to be intended as a reference for assessing the minimum time needed for appropriate meeting attendance, which is summarised in the following chart.

Chair of the Board of Directors 2/3 days per week
Chief Executive Officer full time
Chair of a Board Committee 2 days for each Committee's meeting
Non-executive Director 21 days per year
Member of the Corporate Governance & Nomination
Committee		 15 days per year
Member of the Internal Controls & Risks Committee 15 days per year
Member of the Remuneration Committee 10 days per year
Member of the Related-Parties Committee 13 days per year

With specific reference to the ESG Committee established in April 2021, the minimum time needed for appropriate meeting attendance was estimated in 12 days per year.

With specific reference to Board of Directors and Committee meeting attendance percentages, this should not fall any lower than 75% per annum; attendance should preferably be physical, save for extraordinary meetings.

Finally, with reference to limits upon the maximum number of offices that UniCredit Directors may hold, it should be noted that since December 2008, in its Regulations and in the qualitative-quantitative profiles approved in 2012, 2015 and 2018, the Board has expressed an opinion on the maximum number of offices that may be held at the same time by the Company's Directors.

In the document dealing with the qualitative and quantitative profile as most recently approved in March 2021, the Board recalled the specific limits envisaged under the Decree issued by the Ministry of Economics and Finance no. 169 dated November 23, 2020, concerning the rules on suitability requirements and criteria for holding offices as corporate officer, inter alia, of banks, according to Section 26 of the TUB.

According to the above-mentioned theoretical profile, UniCredit consequently envisages that each Director may hold an overall number of positions in banks or other commercial companies equal to one of the following alternative settings:

  • one executive position and two non-executive positions
  • four non-executive positions

with the following specifications:

  • a) offices refer to positions held on the Board of Directors, Supervisory Board, Management Board, Board of Statutory Auditors, or as General Manager; in foreign companies, offices refer to positions equivalent to the above, on the basis of relevant regulations applicable to the companies;
  • b) for the purposes of calculating the above limits
    • i. the position held in UniCredit is included;
    • ii. the following aggregation mechanism is applied: the set of positions held (i) within the same group and (ii) in companies not belonging to the UniCredit Group, in which UniCredit holds a qualified shareholding of more than 10% of the share capital is considered as a single position. The set of positions counted as a single position is considered as an executive position if at least one of the positions is executive; in other cases, it is considered as non-executive;
    • iii. the following positions are not considered: (i) in companies or entities whose sole purpose is to manage the private interests of a corporate officer or of his/her spouse who is not legally separated, of a person bound by a civil union or a de facto cohabitation, or of a relative or a relative by blood or by marriage up to the fourth degree, and which do not require any type of day-to-day management by the corporate officer; (ii) as a professional in a company comprising professionals; (iii) as a substitute statutory auditor.

The holding of one non-executive additional post, with respect to the above limits, is allowed only if it does not jeopardize the possibility of the Director to commit an adequate time to the post in UniCredit to carry effectively out his/her functions under the limitations established by the afore-mentioned Decree.

* * *

The following chart shows the overall number of offices as Director held in other companies by current Directors at the Report's approval date. Compliance with the limits on the maximum number of offices that Directors may hold in other companies envisaged under the applicable provisions was evaluated by taking into consideration the weighting applicable to offices held in the same group, pursuant to declarations made by Directors themselves.

Directors Overall number of
offices as director held
in other companies		 Directors Overall number of
offices as director held
in other companies
Andreotti Lamberto 1 Orcel Andrea 2
Cariello Vincenzo 1 Pietro Carlo Padoan --
Carletti Elena -- Pierdicchi Maria 3
Hedberg Jeffrey Alan 4 (1) Tondi Francesca 2
Lara Bartolomé Beatriz Ángela 1 Wagner Renate 2
Molinari Luca 1 Wolfgring Alexander 4 (1)

(1) Weighting applicable to offices held within the same group was taken into consideration and/or the fact that offices that do not mainly pursue commercial aims do not count were taken into consideration.

* * *

Moreover, Directors must take into account the provisions of Section 36, Law Decree no. 201/2011 (a ban on interlocking directorships) which was approved as a statute under Law no. 214/2011, which establishes that the holder of a seat on a managerial, supervisory or controlling body, as well as top management officers in companies or groups of companies active in banking, insurance and financial markets, are forbidden from holding similar offices, or to exercise similar duties, in competing companies or groups of companies. The Board must ascertain whether such situations fall under the provision of Section 36 and potential new circumstances of supervening competition.

Board of Directors

Induction initiatives and recurring training

In UniCredit a permanent induction program is active for the Board members, also to the benefit of the Board of Statutory Auditors members, based on three-year cycles connected to the Board mandate, with the aim of ensuring an ad hoc training on a continuous basis that takes in account both their individual and collective needs.

The induction program and the recurring training, which are put in place with the support of an external consultant, respectively include sessions aimed at fostering the integration of new Directors and trainings to preserve over time the expertise needed for the proper fulfilment of their duties.

In addition, individual training plans will be activated in the event it is deemed necessary to strengthen specific individuals' technical knowledge and expertise, also to increase the level of diversity and the collective experience of the Board of Directors.

Over the Reference Period, training sessions for the Board of Directors, or members of each Board Committee covering their competence area, have focused on topics relating to business, corporate governance, digital technology, risks management with a particular focus on ESG risks, and legal/regulatory deep-dives, with the aim of ensuring awareness and knowledge of the risk profile adopted by the Group.

More specifically, training schemes focused on the in-depth examination of the above-mentioned topics, were prepared and implemented, also with the support of experts outside the Bank.

4.3 Board of Directors' role

Meetings and functioning

During the Reference Period, the Board of Directors met nineteen times, with an average length of about four hours and fifteen minutes.

For the 2023 financial year, 13 meetings have been planned, of which 4 already held as at February 24, 2023.

One of the Chair's responsibilities is planning Board meetings also in respect of the items on the Agenda, which are proposed by the Chief Executive Officer. The activities are carried out with the support of the Board Secretary, appointed by the Board of Directors pursuant to the UniCredit Articles of Association, for three financial years, who is not necessarily a Board member. Furthermore, the Chair ensures that the time necessary for effective discussion of the items on the Agenda is allowed, and during meetings encourages Directors to share their input.

The Secretary, who possesses adequate experience, assists the Board with independence of judgement on all relevant aspects for the correct functioning of the corporate governance system.

Group Executive Committee members, among which the Manager charged with preparing the company financial reports, as well as the Head of Internal Audit and the other members of Management at the Company and Group were invited to attend Board meetings, without voting rights, to report on specific issues as well as to assist the Chief Executive Officer in making presentations to the Board.

In particular, the Heads of control functions (i.e., Group Risk Management, Group Compliance, Group Legal and Internal Audit) attended all the ordinary Board's meetings - mainly in the Risk Committee section - except for the meetings focused on the results' approval, which involved the prevailing attendance of the CFO (who also holds the role of Manager in Charge) and of the Group Risk Management. The functions related to the other Board Committees, whose activities are promptly reported to the Board, regularly attended Board's meetings (i.e., Group

People & Culture e Group Strategy & ESG). Lastly, Group Digital & Information, Group Operations, Group Stakeholder Engagement, as well as the functions related to business areas (i.e., Group Client Solutions and the Heads of the geographical areas in which the Group is entailed) attended Board's meetings on a periodical basis to report on specific issues and to assist the Chief Executive Officer, according to the relevant Agenda.

The UniCredit Corporate Bodies and Committees Regulation establishes that, as a rule, appropriate pre-meeting documentation and information necessary for Directors to take resolutions in an informed manner are made available to Directors and Statutory Auditors at least three days prior to the Board meeting. In the cases in which it was not possible to made available the necessary documentation pursuant to the above terms, the Chair ensured that adequate explanation of the topics was provided by the Chief Executive Officer during the Board meetings.

The Board Secretary prepares summary minutes of the discussions and decisions taken by the Board itself. The minutes also give proper account of any disagreements expressed by Directors on specific topics and their motivations. As soon as available, minutes are, as a rule, submitted to the Directors at the first Board meeting. Minutes signed by the Chair of the meeting and the Secretary are kept under the responsibility of the Secretary and are available for consultation by Directors and Statutory Auditors who may wish to consult them. Where envisaged under applicable laws and regulations, a copy of the minutes containing the resolutions taken by the Board is sent to the Supervisory Authority.

Duties

Pursuant to Clause 23 of the Articles of Association, matters reserved to the Board of Directors' competency include resolutions on general guidelines and the adoption and amendment of business, strategic and financial plans for the Company, as well as periodic monitoring of their implementation.

Moreover, in compliance with Corporate Bodies and Committees Regulation, the Board shall have exclusive competence for:

  • determining general operational guidelines for the Group's growth policies preparatory to drafting strategic, industrial and financial multi-year plans and operating budgets for the Company and the Group, also on the basis of the analysis of issues relevant to long-term value generation for the benefit of Shareholders, taking also into account the interests of relevant stakeholders, in addition to periodically reviewing whether these guidelines match corporate activities and external circumstances, adopting and amending such plans and checking that they are appropriately implemented;
  • establishing guidelines for the internal controls system consistent with the strategic guidelines and risk appetite established by the Board itself, according to instructions issued by the Supervisory Authorities and applicable laws. On a yearly basis, the Board sets out and approves the Group Risk Appetite Framework consistent with the Budget process timeline, defines the financial plan and establishes policies to govern the risks to which the Group may be exposed, as well as risk targets and tolerance thresholds, reviewing them periodically to ensure that they remain effective over time. Furthermore, with regard to credit risk, the Board approves general guidelines for the risk mitigation technique management system;
  • approving the UniCredit organisational structure and corporate governance, to ensure a clear distinction of responsibilities and functions, as well as preventing conflict of interest, covering the corporate structure and Group governance models and guidelines. Furthermore, the Board verifies that the UniCredit overall corporate governance and organizational structure is correctly implemented, promptly implementing corrective measures to tackle any shortcomings or inadequacies detected;
  • examining and approving transactions undertaken by the Company and companies belonging to the Group which are significant from a strategic, economic, balance-sheet and financial perspective.

Board of Directors

For the purpose of informing the Company's Board of Statutory Auditors on such topics pursuant to applicable regulatory provisions, the Board has defined criteria for identifying transactions of strategic, economic, equity-related and financial relevance to UniCredit S.p.A., with specific reference to situations in which one or more Directors hold an interest directly or on behalf of third parties and, more in general, transactions with related parties. Specifically, all transactions of a critical or relevant nature must be reported to the Board of Statutory Auditors, and in any case those concerning:

  • entry/consolidation of the position in a strategic sector/market;
  • definition/modification of shareholding structures with third party partners with whom governance-related agreements are executed;
  • decisions impacting strategic equity holdings;
  • decisions significantly impacting the organisational structure of the Company or the Group;
  • situations in which economic/equity-related/financial thresholds (as defined by the Board) are exceeded in relation to the type of transactions involved;
  • modifications to the Company's share capital structure;
  • new legal proceedings and developments in existing ones determining potential liabilities in excess of a certain threshold defined as per the decision of the Board, or potentially at risk of becoming relevant for the company's sector ("pilot proceedings").

Pursuant to Section 136 of the TUB, resolutions concerning obligations of any kind or purchase or sale agreements implemented by the UniCredit corporate officers, directly or indirectly, with the same Bank fall within the Board of Directors' exclusive responsibility.

* * *

The Board of Directors:

  • continuously monitors general management performance, with special reference to conflict of interest management - also by analysing the information received from the delegated bodies and the Board Committees, and periodically comparing results against targets - as well as assessing the adequacy of the organisational, administrative and accounting structure of UniCredit and, also by issuing policies and guidelines, of all of its strategically-relevant subsidiaries, with particular regard to the internal control and risk management system and the conflict-of-interest management, ensuring that the Bank's structure matches the activities it undertakes and the business model adopted, as well as avoiding the creation of complex structures unjustified by operational ends;
  • ensures that major corporate risks are correctly identified, measured, managed and adequately monitored, taking into account how they evolve and interact and, furthermore, establishing criteria to ensure that such risks are compliant with sound and prudent Company management.

In particular, the Board identified the following controlled companies as having strategic relevance: UniCredit Bank AG, and UniCredit Bank Austria AG.

The role played by the Chair of the Board

The Chair is responsible for ensuring that the corporate governance system functions effectively, also with regard to any aspects related to internal and external communications, serving as an interlocutor for the Board of Statutory Auditors and the Board Committees; while remaining neutral, the Chair promotes dialogue among executive and non-executive positions, seeking the active participation of non-executive members in the Board's proceedings so that the resolutions it reaches are the result of adequate debate and an informed and effective contribution from all of its members.

In particular, the Chair ensures that:

  • i) in good time, Directors are sent supporting documentation on the Board's deliberations or, at the very least, initial information on the issues under debate;
  • ii) supporting documentation and information on resolutions, in particular documents distributed to non-executive members, are adequate in terms of quantity and quality in regard to the items on the Agenda;
  • iii) when preparing the Agenda and chairing Board discussions, issues of strategic relevance are given priority, and that all necessary time is set aside for them;
  • iv) the Heads of the corporate control functions have direct access to the Board of Directors when necessary. To this end, meetings between the Chair and the Heads of the corporate control functions are organized on a regular basis;
  • v) as a rule on a quarterly basis, opportunities are arranged for all Directors to meet, also apart from Board meetings, in order to investigate and discuss strategic issues;
  • vi) the self-assessment process is undertaken effectively, its terms and conditions comply with the degree of complexity of the Board's work, and envisaged corrective measures are adopted to tackle any detected shortcomings;
  • vii) inclusion programs and training schemes are prepared and implemented for members of the Board of Directors and Board of Statutory Auditors, along with succession plans for senior management positions.

Moreover, the Chair manages relations with Shareholders and the Supervisory Authorities with regard to matters falling within his/her remit and activities as a liaison to the Board of Directors and Shareholders' Meeting, in agreement with the Chief Executive Officer.

In order to effectively carry out his/her duties, the Chair, who has a non-executive role and does not undertake operational functions, even in a de facto manner, maintains necessary and advisable relations with the Chief Executive Officer, has access to all company functions, may attend Board Committee and managerial Committee meetings, receives information, including on specific topics, regarding the management of the Company and the Group as well as on the general current and expected performance of the management itself.

Where absent or impeded, the Chair is replaced by the Vice Chair. Where both the Chair and Vice Chair are absent or impeded, the meeting is chaired by the oldest Director.

Self-assessment

On February 24, 2023, the Board of Directors closed the recurring self-assessment process focused on the adequacy of the Board and its Committees in terms of composition and functioning. The self-assessment process, focused on the second year of the 2021-2023 mandate, has been performed in accordance with the provisions of the Corporate Bodies and Committees Regulation, adopted in compliance with Supervisory Regulations on banks' corporate governance, and in line with the recommendations of Article 4 of the Italian Corporate Governance Code.

For the performance of the self-assessment process, UniCredit engaged Spencer Stuart, external consultant selected by the Chair of the Board, upon proposal of the Corporate Governance & Nomination Committee, also on the basis of the neutrality, impartiality and independence of judgement requirements provided by the Corporate Bodies and Committees Regulation. In 2022 Spencer Stuart had some other professional relationships with the UniCredit Group of such relevance unable to compromise its independence.

In compliance with the provisions of the Corporate Bodies and Committees Regulation, the process also covers:

  • qualitative and quantitative composition, size, degree of diversity, professional training, experience (including managerial), seniority in the present post, a guaranteed balance of non-executive and independent members, adequacy of the appointments processes and selection criteria, and ongoing professional development;

Board of Directors

  • meeting sessions, frequency, duration, the degree and form of attendance, sufficient time available to dedicate to the assignment, a trust-based relationship, cooperation and interaction among members, awareness of the role covered, and the quality of debate on the Board.

With assistance from Spencer Stuart, the process has been broken down into the following stages:

  • examination: carried out in accordance with the provisions of the Corporate Bodies and Committees Regulation;
  • assessment of the outcome of the self-assessment process, in order to identify strengths and weaknesses that emerged and to draw up a proposal for actions deemed appropriate;
  • drawing up of the process outcome summary document: results from the analysis were set out in an ad hoc document which illustrates, among others, the methodologies used, the individuals involved and the results achieved, highlighting strengths and weaknesses, and any proposed necessary corrective action.

The 2022 Board review follows similar initiatives that have been conducted on an annual basis by the Board of Directors since the formal adoption of the 2006 Italian corporate governance code.

In said Board review, Directors were asked to give their views on the functioning of the Board, highlighting the main topics and issues that they consider significant strengths and/or areas of improvement.

The self-assessment process, carried out through an on-line questionnaire, was focused on a variety of topics concerning the composition and functioning of the Board of Directors and its Committees, with the aim of supporting Directors in identifying further areas in which to improve Board of Directors' performance. In addition to the completion of said questionnaire by all Directors, the process involved one-to-one interviews with Spencer Stuart consultants during which the most important aspects highlighted by each Director were discussed. The Spencer Stuart team were silent observers of the Board meeting on December 16, 2022. As part of the process also the Chair of the Board of Statutory Auditors and the Secretary of the Board were met.

In particular, the questionnaires and the interviews included different sections aimed at verifying:

  • the progress against the recommendations from the 2021 Board review and the mitigation plan put in place by the Chair
  • the effectiveness of the Board of Directors on key issues, such as, among others, the definition of corporate strategies, the internal control and risks management system, sustainability, etc.;
  • the organization and conduct of Board meetings, with particular regard to the thoroughness and promptness of the information flows, to the quality of the minutes and to the support provided by the Secretariat of the Board of Directors and by the top management;
  • the dynamic of the Board's discussions and the decision-making processes followed;
  • the role and responsibility of Directors, with a specific focus on the Chair and the Chief Executive Officer;
  • the Committee's functioning and the effectiveness of their activities in supporting the Board of Directors.

Within the Board review process, an analysis of the functioning of UniCredit's Board of Directors compared to international best practices was also carried out.

In 2022, the Board of Directors made good progress overall, despite the macro problems and challenges faced and the ongoing Group transformation under the Unlocked plan. Progress was also made possible thanks to the strengthening of the relationship between the Board members themselves and between the Board and management, which was fostered by the possibility of meeting in person again as the COVID restrictions were lifted. Directors attest to the resulting improving dynamics of the Board.

The results of the Board review for the 2022 financial year highlight a positive overall picture of the conduct of UniCredit's Board of Directors and its Committees, demonstrating that these bodies operate effectively and transparently, in accordance with the best national and international corporate governance practices, as confirmed by the consulting firm.

The following strengths arise from the analysis prepared by the advisory Company:

  • (i) Directors have a positive attitude, shared values and pride of belonging;
  • (ii) the quality of discussion is generally viewed as high, and all Directors feel they can freely express their views;
  • (iii) the relationship between the Board and management is viewed as positive, open and transparent;
  • (iv) there is clear recognition from the non-executive Directors for the great effort in deploying UniCredit Unlocked strategic plan by the Chief Executive Officer and the management team and the Board feels fully engaged in supporting the transformation;
  • (v) Board is fully informed, both in Board meetings and in-between Board meetings when necessary;
  • (vi) the relationship between the Chair and the Chief Executive Officer is constructive with the right amount of support and challenge;
  • (vii) the quality of the Committees' work and the support provided by them to the activity of the Board of Directors is highly appreciated.

The analysis carried out by the advisory Company also reveals a number of areas on which attention should be focused in order to make the Board of Directors' actions even more effective. Some of these require a further engagement by the Board to continue on previous year's recommendations, such as:

  • (i) organizing as many opportunities as possible for the Board to meet in person and spend time together both in the boardroom and in informal sessions, such as off-site or Company events;
  • (ii) plan a Strategy session to cover both an update on progress against UniCredit Unlocked and long term strategy. This strategy session would ideally be held off-site;
  • (iii) addressing the occasional delays on paper delivery also improving accessibility with a new online portal;
  • (iv) reflect on the current format of certain management presentations to make them shorter and more effective;
  • (v) in addition to the existing permanent induction program, carry out further trainings and development programmes for all Directors to be implemented in 2023.

Competitive business

At the Shareholders' Meeting held on April 15, 2021, when the Board of Directors was undergoing renewal, no request of general and prior authorisation was submitted regarding the exercise of competing business by Board members, pursuant to Article 2390 of the Italian Civil Code.

No relevant cases pursuant to this Article emerged during the Board's assessment of the requirements envisaged under law for Directors appointed by the above-mentioned Shareholders' Meeting.

Furthermore, while it is up to each Director to report any such situation arising pursuant to Article 2390 of the Italian Civil Code, the Board of Directors was not required to assess the merits of any situations during the Reference Period.

4.4 Executive Directors

Chief Executive Officers

The empowerment (and disempowerment) of Directors is the Board's responsibility. It is the Board that sets out the subject matter, limits and performance criteria for delegation of powers.

The only Board member with managerial powers is the Chief Executive Officer, Mr. Andrea Orcel, to whom the Board of Directors granted powers, within pre-defined limits and also with the faculty to sub-delegate them, across all sectors of Bank business.

For information on what powers have been granted, please consult the "Managerial powers" to this Report.

Board of Directors

Chair of the Board of Directors

The Chair has not been granted authorities for the management of the Company or power for the design of the corporate strategies and does not undertake operational functions, not even in a de facto manner, and therefore does not fulfil any executive role. The Chair does not hold a relevant share of the Company equity.

Other executive Directors

None of the Directors who sit on the UniCredit Board of Directors - besides the Chief Executive Officer - can be defined as executive pursuant to the Italian Corporate Governance Code's recommendations.

Reporting to the Board

Information flows among and within the corporate bodies is a prerequisite for achieving managerial efficiency and effective control objectives.

UniCredit has procedures to ensure adequate information flows among its corporate bodies. As regards in particular the internal controls system, these flows, their content and deadlines are identified in detail by the Board of Directors in its Document of corporate bodies and control functions approved by the Board itself. The Corporate Bodies and Committees Regulation identifies a list of parties required to dispatch information flows on a regular basis to corporate bodies, including an illustration of minimum content and the timing of the main flows.

In particular, in the exercise of all the proposal and decision-making powers and/or power to submit information to the Board of Directors, the Chief Executive Officer was the recipient of the information flows that Bank structures address to the body with supervisory functions, in compliance with the legal and regulatory provisions in force at the time.

Furthermore, the Chief Executive Officer, having been empowered by the Board to carry out activities the Company may undertake pursuant to Clause 4 of the Articles of Association, has provided the Board of Directors - with the methods and timeframe established - with adequate information flows on the exercise of delegated powers, specifically highlighting any relevant associated risk according to the terms and conditions defined by the Board itself. Information on such powers is contained in the "Managerial powers" Annex to this Report.

4.5 Independent Directors

In compliance with the provisions in force from time to time as well as in line with the criteria envisaged under the Italian Corporate Governance Code (corresponding with those envisaged under the UniCredit Articles of Association), non-executive Directors' independence shall be assessed by the Board of Directors upon their appointment, as well as during the mandate upon the occurrence of circumstances concerning their independence and, in any case, at least once a year, on the basis of information provided by the Directors themselves or however available to the Company, also considering any circumstance that affects or could affect such requirement. The outcome of these Board assessments shall be disclosed to the market after the appointment, through a press release and, subsequently, via the Corporate Governance Report.

In abidance with the assessment criteria identified by the Company for an overall evaluation of both objective and subjective aspects, since several years UniCredit deploys a structured process for gathering and analysing the information on the existence of direct or indirect relationships (credit, business/professional and employee

relationships, as well as significant offices held) that Directors and other connected subjects may have with UniCredit and Group companies.

The Corporate Governance & Nomination Committee and the Board of Directors assessed with a positive outcome the Directors' independence requirements based on statements made by the parties concerned and on information available to the Company. In 2022, the Board of Directors ascertained the Directors' independence requirements during its yearly evaluation (meeting held on July 5) and when it assessed the position of a single Director (meeting held on November 9).

With specific reference to the independence requirements laid down by the Italian Corporate Governance Code, information was taken into account relating to the existence of direct or indirect relationships (credit relationships, business/professional relationships and employee relationships, as well as significant offices held) that Directors and their other connected subjects may have with UniCredit and Group Companies.

In order to assess the potential significance of the above-mentioned relationships, the Board of Directors has decided not to proceed with merely identifying predefined economic targets, which if simply exceeded could automatically indicate that independence has been compromised, as such check requires an overall assessment of both objective and subjective aspects. Therefore, for this purpose, the following criteria should be taken into account: (i) the nature and characteristics of the relationship; (ii) the amount in absolute and relative terms of the transactions; and (iii) the subjective profile of the relationship.

More specifically, when assessing the significance of such a relationship, the following information, where available, is considered by the Board:

  • as far as credit relations are concerned, the amount in absolute value of the credit granted, its weighting in relation to the system and, where appropriate, the economic and financial situation of the borrower;
  • as far as professional/commercial relations are concerned, the characteristics of the transaction/relationship, the amount of the consideration and, where appropriate, the economic and financial situation of the counterparty;
  • as far as offices held in Group companies are concerned, the total amount of any additional remunerations.

The above-mentioned criteria and information were also taken into due consideration in assessing the independence of the Chair, designated to said role and qualified as independent candidate - pursuant to the Italian Corporate Governance Code and the TUF - within the slate presented by the Board of Directors.

In all the above cases, all the parties involved (Director or family member; UniCredit or Group Company) and, for relationships with companies/entities, the related kind of "connection" (post held/control participation) with the Director or the family member, were taken into account.

Also in view of the above, at its July 5, 2022, meeting, the Board checked that Directors met the independence requirements. In particular, with regard to Directors whose information acquired highlighted the existence of such relationships, the Board came to the conclusion that they were not of a nature such as to affect the Director's independence.

With reference to the Board of Directors' composition at the Report's approval date, credit relations with UniCredit and/or Group companies have been identified - and evaluated as being not significant on the basis of the abovementioned criteria adopted - for the Chairman Mr. Padoan and Directors Mr. Cariello, Ms. Carletti and Mr. Molinari and relations of a professional/commercial nature with UniCredit and/or Group Companies for Director Mr. Molinari. In detail:

  • Chairman Mr. Pietro Carlo Padoan has indirect credit relations of family members of low amount;
  • Director Mr. Vincenzo Cariello has indirect credit relations of family members;
  • Director Ms. Elena Carletti has direct and indirect credit relations of family members of low amount;
  • Director Mr. Luca Molinari has indirect credit relations and relations of a professional nature of family members.

Board of Directors

Furthermore, in the mentioned meetings held on July 5 and November 9, 2022, the Board of Directors reviewed the independence requirement for Director Ms. Wolfgring and Chairman Mr. Padoan:

  • acknowledging that Director Mr. Wolfgring is no longer independent according to the Italian Corporate Governance Code and the Decree as he has been a Director of UniCredit for more than 9 years in the last 12 years; and
  • assessing with a positive outcome the independence requirement of Chairman Mr. Padoan according to the Decree, as more than 2 years have passed since the withdrawal from his parliamentary office.

In view of the above, the number of independent Directors as defined in the Italian Corporate Governance Code provisions at the Report's approval date is equal to 9. The overall outcome of the assessments is stated below:

"Independent" Directors pursuant to the criteria envisaged under Section 2, recommendation 7, of the Code: Mr. Andreotti, Mr. Cariello, Ms. Carletti, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Mr. Padoan, Ms. Pierdicchi and Ms. Tondi.

"Independent" Directors pursuant to Section 26 of the TUB and the Decree issued by the Ministry of Economics and Finance no. 169/2020: Mr. Andreotti, Mr. Cariello, Ms. Carletti, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Mr. Padoan, Ms. Pierdicchi, Ms. Tondi and Ms. Wagner.

"Independent" Directors pursuant to Section 148 of the TUF: Mr. Andreotti, Mr. Cariello, Ms. Carletti, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Mr. Padoan, Ms. Pierdicchi, Ms. Tondi, Ms. Wagner and Mr. Wolfgring.

Also in line with the March 2021 theoretical profile of the Board, the number of the independent Directors according to the Italian Corporate Governance Code, the TUB, as well as to the TUF, respectively equal to 75%, 83% and 92% of the body's members, is deemed to be suitable both for the Company's needs, also in terms of the functioning of the Board of Directors and its Committees, and for an effective discussion within the body.

At its meetings held on July 15 and November 11, 2022, the Board of Statutory Auditors ascertained, with a positive outcome, the proper application of the criteria and procedures adopted by the Board of Directors to assess the independence of its own members.

Independent Directors' meeting

Independent Directors meet, without the other Directors, at least once a year and, in any case, when requested by one or more of the independent Directors, to assess matters deemed of interest, including those related to the functioning of the Board of Directors and to the corporate management.

The meetings of the independent Directors do not determine the taking of any decision.

In 2022, as a rule, a meeting among independent Directors was held following each Board of Directors' meeting.

The topics discussed during these meetings concern in-depth issues deemed of interest, as well as topics relating to the functioning of the Board of Directors and the relation between the Board and the management. Since all nonexecutive Directors of UniCredit in 2022 were independent according to the TUF, and that 11 out of 12 of them were also independent according to the TUB and 10 out of 12 of them were also independent according to the Italian Corporate Governance Code, all the Directors other than the Chief Executive Officer had been invited to such meetings.

4.6 Lead Independent Director

The UniCredit Board of Directors has not so far designated an independent Director as Lead Independent Director, considering that the conditions set forth by the Italian Corporate Governance Code for his/her appointment do not pertain:

  • (i) where the chair of the board of directors is the person in charge of managing the company (i.e., the chief executive officer) or holds significant managerial powers;
  • (ii) where the office of chair is held by the person controlling, also jointly, the company;
  • (iii) where requested by the majority of independent directors.

Board of Directors' internal Committees

In order to foster an efficient information and advisory system to enable the Board of Directors to better assess the topics for which it is responsible, also in accordance with the provisions of the Code, the Board has established five Committees, vested with research, advisory and proposal-making powers diversified by sector of competence: Internal Controls & Risks Committee, Corporate Governance & Nomination Committee, ESG Committee, Remuneration Committee and Related-Parties Committee. Their duties are undertaken based on terms of reference and procedures set out by the Board.

The Committees consist, as a rule, of a number of members from 3 up to 5. More specifically, the Internal Controls & Risks Committee, the Corporate Governance & Nomination Committee, the ESG Committee and the Remuneration Committee, all set up in compliance with the provisions contained in the Banca d'Italia Supervisory Regulations on banks' corporate governance, are composed of non-executive Directors, mostly independent. In particular, such Committees must be differentiated from each other by at least one member and, if a Director elected by the minorities is present, that Director is a member of at least one Committee. The Chair of each Committee shall be chosen from among the independent members. The Related-Parties Committee, set up for overseeing issues concerning transactions with related and associated parties, in compliance with relevant CONSOB regulatory provisions and Banca d'Italia Supervisory Regulations, consists only of independent Directors pursuant to the Italian Corporate Governance Code.

None of the functions of one or more specialist Committees on appointments, risks and remuneration envisaged under the Code has been reserved for the Board of Directors. Moreover, none of these Committees per se performs the multiple functions of two or more committees as envisaged under the Code. Committee functions have not been allocated amongst the various Committees in a manner that differs from the Code's provisions.

The Committee's tasks are coordinated by its Chair, who exercises all necessary powers for its proper functioning. Each Committee draws up an annual plan of activities to ensure the fulfilment of its tasks. Committee meetings are convened by the Chair with a frequency adequate to the fulfilment of its tasks and plan of activities, or when needed or requested in writing, with proper motivation, by at least two members of the Committee. The provisions set out for the Board of Directors' functioning shall apply, as compatible, to the Board Committees. With reference to the Related-Parties Committee's meetings, only for reasons of urgency, in specific cases dealing with transactions falling into the decision-making powers of the Board of Directors, a meeting may be convened at least twelve hours in advance.

Committee meetings are valid if attended by the majority of their members and their resolutions are taken with a majority of votes cast. Should the Chair be absent or impeded from attending, the meeting shall be chaired by the oldest Committee member. Should the Chair of each Committee consider it appropriate, meetings may be held via conference call or video conference.

The meetings of each Committee were minuted by its Secretary, who is not a member of the Committee, appointed on proposal of its Chair. The minutes gives proper account of any disagreements expressed by Committee members on specific topics and their motivations. Minutes signed by the Chair of the meeting and the Secretary are kept under the responsibility of the Secretary and are available for consultation by Committee members as well as any other Directors and Statutory Auditors who may wish to consult them.

With reference to the composition of the Board Committees, on April 15, 2021, the Board of Directors, appointed by the Shareholders' Meeting held on the same date, set the number of each Committee's members and appointed members to them, taking into account, inter alia, each Director's expertise and experience. More specifically, the Board set:

  • at four the number of members of the Internal Controls & Risks Committee, appointing the following Directors as members:
    • Ms. Elena Carletti (Chairwoman), Ms. Maria Pierdicchi, Ms. Francesca Tondi and Mr. Alexander Wolfgring;
  • at three the number of the members of the Corporate Governance & Nomination Committee, the ESG Committee, the Remuneration Committee and of the Related-Parties Committee, appointing the following Directors as respective members:
    • Mr. Lamberto Andreotti (Chairman), Ms. Jayne-Anne Gadhia and Mr. Alexander Wolfgring;
    • Ms. Francesca Tondi (Chairwoman), Ms. Beatriz Ángela Lara Bartolomè and Mr. Jeffrey Alan Hedberg;
    • Ms. Jayne-Anne Gadhia (Chairwoman), Mr. Luca Molinari and Ms. Renate Wagner;
    • Ms. Maria Pierdicchi (Chairwoman), Mr. Vincenzo Cariello and Ms. Elena Carletti.

Following the resignation of Director Ms. Jayne-Anne Gadhia, the Board of Directors, in its meeting held on February 16, 2023, appointed Mr. Jeffrey Alan Hedberg as Chair of the Remuneration Committee, immediately restoring its composition.

Committee members have the necessary knowledge, skills and experience to perform the duties assigned to them and ensure that any other corporate positions they hold in other companies or entities (including non-Italian ones) are compatible with their availability and commitment to serve as a Committee member.

The following chart shows Committee composition at the Report's approval date, and any changes that occurred during and/or after the 2022 financial year.

Internal
Controls & Risks
Committee		 Corporate
Governance &
Nomination
Committee		 ESG Committee
Remuneration
Committee		 Related-Parties
Committee
Members Exec. Non
exec.		 Indep. as
Code		 * ** * ** * ** * ** * **
Padoan Pietro Carlo X X
Andreotti Lamberto X X C 100%
Orcel Andrea X
Cariello Vincenzo X X M 100%
Carletti Elena X X C 100% M 100%
Hedberg Jeffrey Alan X X M 100% C (1) --
Lara Bartolomé Beatriz
Ángela		 X X M 100%
Molinari Luca X X M 85.71%
Pierdicchi Maria X X M 96% C 93.33%
Tondi Francesca X X M 96% C 100%
Wagner Renate X M 92.86%
Wolfgring Alexander X M 100% M 100%
----- Members who left during and after the Reference Period -----
Gadhia Jayne-Anne X X M (2) 90% C
(2)		 100%
No. of meetings held during the Reference Period
IC&RC: 25		 CG&NC: 10 ESGC: 10 RC: 14 RPC: 15
Note:

* A "C" (Chair) or an "M" (Member) in this column shows that the member of the Board of Directors belongs to the Committee and also indicates his/her position

** Meetings' attendance percentage (number of meetings attended/number of meetings held during the concerned party's term of office with regard to the Reference Period)

(1) Office held since February 16, 2023

(2) Office held until February 7, 2023

Board of Directors' internal Committees

At the invitation of each Committee Chair, the Chief Executive Officer, other Directors, the General Manager (when appointed), the Manager in charge of drafting the company financial reports, as well as personnel belonging to the Company and the Group, may attend Committee meetings on specific Agenda items. Without prejudice to the possibility for the other Statutory Auditors to attend the meetings, the Chair of the Board of Statutory Auditors - or any other Statutory Auditor designated by the latter - attends Board Committee meetings. Always at the invitation of each Committee Chair, personnel or externals appointed in the corporate bodies of the Group's subsidiaries may be called upon to attend Committee meetings.

During the Reference Period, the spending requirements of the Board Committees were met by an ad hoc budget. In fact, in order to perform their duties, Board Committees have access to the financial resources necessary to guarantee their operational independence and, within the limitations of the budget approved by the Board of Directors, may consult independent external experts and invite them to attend meetings; in the event of specific requirements, the relevant budget may be supplemented.

Furthermore, Committees are assured the necessary tools and information flows from the competent functions to enable them to conduct their evaluations.

Each Committee Chair reported to the Board of Directors during the first available meeting on activities carried out by the Committee, with the support of specific documentation.

Board Committees' functions and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation as resolved by the Board11. For information on Board Committees composition, please refer to the UniCredit website12.

* * *

The following charts highlight the means of attendance of Board Committees members (in office as at December 31, 2022) at meetings held during 2022. In 2022 the attendance to the meetings was allowed both in person and remotely. According to the precautionary health and safety measures adopted by UniCredit within the Covid-19 emergency, for the purposes of reporting on their attendance, the presence to the Board meetings held from January up to April 2022 was counted as physical one.

2022
Internal Controls & Risks
Committee		 Attendance % Means of attendance
Meetings physical by teleconference via phone
Carletti Elena (Chairwoman) 25 25 100% 25
Pierdicchi Maria 25 24 96% 18 6
Tondi Francesca 25 24 96% 16 8
Wolfgring Alexander 25 25 100% 14 11
average attendance 100 98 98% 73 25

11 The UniCredit website address where the Corporate Bodies and Committees Regulation is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies.html

12 The UniCredit website address where information on Directors is available is:

https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-directors.html

2022
Corporate Governance & Attendance
%
physical		 Means of attendance
Nomination Committee Meetings by teleconference via phone
Andreotti Lamberto (Chairman) 10 10 100% 6 4
Gadhia Jayne-Anne 10 9 90% 5 4
Wolfgring Alexander 10 10 100% 5 5
average attendance 30 29 96.67% 16 13
2022
ESG Committee Means of attendance
Meetings Attendance % physical by teleconference via phone
Tondi Francesca (Chairwoman) 10 10 100% 7 3
Hedberg Jeffrey Alan 10 10 100% 6 4
Lara Bartolomé Beatriz Ángela 10 10 100% 6 4
average attendance 30 30 100% 19 11
Remuneration Committee 2022
%
physical		 Means of attendance
Meetings Attendance by teleconference via phone
Gadhia Jayne-Anne (Chairwoman) 14 14 100% 9 5
Molinari Luca) 14 12 85.71% 8 4
Wagner Renate 14 13 92.86% 7 6
average attendance 42 39 92.86% 24 15
2022
Related-Parties Committee Meetings Attendance % Means of attendance
physical by via phone
teleconference
Pierdicchi Maria (Chairwoman) 15 14 93.33% 10 4
Cariello Vincenzo 15 15 100% 11 4
Carletti Elena 15 15 100% 11 4
average attendance 45 44 97.78% 32 12

5.1 Internal Controls & Risks Committee

The current "Internal Controls & Risks Committee" was established in June 2000; its name, structure and tasks have changed over the years, in line with the evolution of the regulatory and supervisory framework and industry best practices.

Since October 18, 2018, the Board of Directors has assigned to the Internal Controls & Risks Committee responsibilities over equities investments held by banks and banking groups allocated in Banca d'Italia Circular no. 285/2013 to independent Directors.

Board of Directors' internal Committees

Composition

According to the provisions in the Corporate Bodies and Committees Regulation, the Internal Controls & Risks Committee consists of four non-executive Directors.

The composition of the Internal Controls & Risks Committee as at February 24, 2023, is the following: Ms. Elena Carletti (Chairwoman), Ms. Maria Pierdicchi, Ms. Francesca Tondi and Mr. Alexander Wolfgring.

The majority of the members of the Committee complies with the independence requirements prescribed by Section 2, recommendation 7, of the Italian Corporate Governance Code and Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020; all the members are independent according to Section 148 of Italian Legislative Decree no. 58 dated February 24, 1998.

All members of the Committee have the experience required under applicable provisions, covering the provided areas of competence related to risk and control as well as accounting and audit.

Operations

Committee meetings are attended by the Chair of the Board of Statutory Auditors, Head of Internal Audit, the Group Compliance Officer and the Group Risk Officer. Upon invitation of the Committee Chair, the Chief Executive Officer, other Directors, the Manager in charge of drafting the Company financial reports, as well as personnel belonging to the Company and the Group, may attend Committee meetings. Furthermore, representatives from the external audit firm may also be invited.

During 2022, the following were involved in the Committee activities:

  • the Chair of the Board of Statutory Auditors in all the cases and another Statutory Auditor on a periodic rotation basis set by the Board of Statutory Auditors, as well as the entire Board of Statutory Auditors upon invitation of the Committee Chair;
  • the Heads of the corporate control functions (Internal Audit, Group Compliance and Group Risk Management) in all the 2022 meetings;
  • the Chair of the Board of Directors upon invitation of the Chair;
  • the Manager in charge of drafting the Company financial reports upon invitation of the Chair and in occasion of discussions dealing with accounting and linked topics;
  • the representatives of the external audit firm in 2 meetings for topics concerning its tasks upon invitation of the Chair;
  • corporate officers of the following additional Company functions/Group Companies, for the topics under their remit that from time to time are part of the Agenda:
    • Group Finance, in 13 meetings;
    • Group Regulatory Affairs, in 10 meetings;
    • Group Digital & Information, in 4 meetings;
    • Group Operations, in 3 meetings;
    • Italy, in 3 meetings;
    • Group People & Culture, in 3 meetings;
    • Group Strategy & ESG, in 4 meetings;
    • Group Legal, in 2 meetings;
    • Group Client Solutions, in 2 meetings;
    • Central Europe & Eastern Europe, in 2 meetings;
    • UniCredit Bank AG Research, in 1 meeting.

In 2022, the Committee was not supported by external consultants.

Roles and Responsibilities

The Internal Controls & Risks Committee supports the Board of Directors on risk management and control-related issues. Hereinafter, the main roles assigned in accordance with the current Corporate Bodies and Committees Regulation.

With a special focus on risk management and control-related issues, the Committee supports the Board of Directors in:

  • defining and approving strategic guidelines and risk management policies with specific reference to risk appetite and risk tolerance. For this purpose, it also examines the annual budget drafting guidelines;
  • verifying that risk strategies, management policies and the Risk Appetite Framework (RAF) have been correctly implemented;
  • defining policies and processes for evaluating corporate activities, including verification that the price and conditions of client transactions comply with the risk-related business model and strategies.

Furthermore, the Committee:

  • a) with the support of the Corporate Governance & Nomination Committee, identifies and proposes to the Board who should be appointed as Head of the corporate control functions or assesses the evaluation of their dismissal; for the Head of Internal Audit function, issues its opinion on setting the remuneration and the performance goals associated with its variable portion in line with the company policies;
  • b) pre-examines activity programmes (including audit plans) and annual reports from corporate control functions to be sent to the Board, as well as periodical reports prepared by these functions above and beyond legal or regulatory requirements;
  • c) evaluates and issues opinions to the Board on the compliance of the internal control system and corporate organisation with the applicable rules and regulations, and on the requirements that must be complied with by the corporate control functions, drawing the Board's attention to any weaknesses and consequent corrective actions to be implemented; for this purpose, it assesses proposals put forward by the Chief Executive Officer;
  • d) through evaluations and opinions, contributes to defining company policy on the outsourcing of corporate control functions;
  • e) verifies that the corporate control functions correctly comply with the Board's recommendations and guidelines, assisting the Board in drafting the coordination documents envisaged under Banca d'Italia Circular no. 285/2013;
  • f) examines and assesses the correct use of accounting principles and their uniformity with regard to drafting the main accounting documents (such as, by way of example, operating and consolidated financial statements, interim operating reports, etc.), for this purpose coordinating with the Manager in charge of drafting the company financial reports and with the Board of Statutory Auditors;
  • g) examines the work carried out by the Group's external auditors and the results stated in their reports or any letters and suggestions;
  • h) assesses any findings reported by Internal Audit and Group Compliance, or that may arise from enquiries and/or investigations carried out by third parties;
  • i) may seek specific audit interventions, at such time informing the Chair of the Board of Statutory Auditors;
  • j) analyses Group guidelines for the Group Compliance function that fall within its remit, monitoring that they have been adopted and implemented;
  • k) requests that the Head of Internal Audit draft any proposals for the qualitative and quantitative improvement of the function itself;
  • l) is involved, within its specific remit, in the process of identifying material risk takers on an ongoing basis.

Without prejudice to the competencies of the Remuneration Committee, the Committee checks that the incentives underlying the remuneration and incentive system comply with the RAF, particularly taking into account risks, capital and liquidity.

Moreover, the Committee reports to the Board of Directors on the status of the Group's internal controls system.

Board of Directors' internal Committees

Furthermore, as regards investments in non-financial equities, the Committee assesses, supports and puts forward proposals with regard to organising and enacting internal controls on the making and managing of equity investments in non-financial companies, in addition to verifying compliance within the framework of such equity investments in terms of strategic and operational guidelines.

Activities performed

In 2022, the Internal Controls & Risks Committee held 25 meetings. On average, Committee meetings lasted approximately 4 hours.

In 2022, the Committee has performed information-gathering, consultative and proposition-making functions with regard to the duties assigned to it by the Board of Directors. In addition to the execution of the ordinary activity (19 meetings), 6 extraordinary meetings have been held to allow a deeper evaluation of some important topics such as the impact of the conflict between Russia and Ukraine, the empowerment project of business in Italy and the simplification of the component of the Risk Appetite Framework.

Furthermore, in 2022, the Committee has established the necessary functional links with the Board of Statutory Auditors, in order to carry out the activities deemed to be common to the two bodies, and exchanging information of mutual interest within the sphere of their respective competencies.

For the 2023 financial year, 22 Committee meetings have been planned. As at February 24, 2023, 5 meetings had been held.

5.2 Corporate Governance & Nomination Committee

The current "Corporate Governance & Nomination Committee" was established in June 2000 under the name of "Nomination Committee". Its name and tasks have changed over the years, in line with the evolution of the regulatory framework and industry best practices.

From the end of the 2016 financial year up to April 15, 2021, its activities were expanded to also embrace the supervision of sustainability issues.

Composition

According to the provisions in the Corporate Bodies and Committees Regulation, the Corporate Governance & Nomination Committee consists of 3 non-executive Directors. At the Report's approval date, the Committee is made up of 2 Directors, following the resignation of Director Mr. Jayne-Anne Gadhia.

Therefore, the composition of the Committee as at February 24, 2023, is the following: Mr. Lamberto Andreotti (Chairman) and Mr. Alexander Wolfgring.

The members of the Committee comply with the independence requirements prescribed by Section 148 of Italian Legislative Decree no. 58 dated February 24, 1998; a member is also independent according to Section 2, recommendation 7, of the Italian Corporate Governance Code and Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020.

Operations

In 2022, 10 meetings of the Corporate Governance & Nomination Committee were held, each one with an average length of 1 hour and 30 minutes. For the 2023 financial year, 8 Committee meetings have been planned. As at February 24, 2023, 3 Committee meetings had been held.

In 2022, the meetings of the Corporate Governance & Nomination Committee were attended by the Chair of the Board of Statutory Auditors and - at the invitation of the Committee Chair - the Chair of the Board of Directors, the Secretary of the Board, the Chief Executive Officer as well as managers of the Company and external consultants for specific items on the Agenda. In particular, the functions involved in the Committee's activities are listed below, with an indication of the relative frequency:

  • Group Finance, 3 meetings;
  • Group Legal, 2 meetings;
  • Group Compliance. 1 meeting;
  • Group People & Culture, 7 meetings;
  • Group Stakeholders Engagement, 2 meetings;
  • Group Operations, 1 meeting.

Roles and Responsibilities

The Corporate Governance & Nomination Committee provides opinions and support to the Board regarding the definition of the UniCredit corporate governance system, corporate structure and Group governance models and guidelines.

Furthermore, the Committee;

  • a) drafts proposals to be submitted to the Board regarding the optimal qualitative and quantitative composition of the Board, and the maximum number of posts held by Directors in other companies considered compatible with effectively fulfilling these roles at UniCredit;
  • b) provides opinions and support regarding the Board self-assessment process, as directed by the Chair of the Board of Directors;
  • c) sets targets for the least well represented gender in corporate bodies as well as for management and staff belonging to the Group, and prepares a plan to bring this proportion up to set targets;
  • d) drafts proposals to be submitted to the Chair of the Board of Directors regarding the selection of staff appointed to conduct the Board's self-assessment process.

Moreover, the Committee provides opinions and support to the Board also regarding:

  • a) the verification that UniCredit Directors comply with the requirements provided by applicable laws and the Articles of Association (including the ban on interlocking directorships laid down by applicable laws), and that they collectively and individually ensure abidance with the qualitative and quantitative composition of the Board deemed to be optimal;
  • b) the selection of candidates for the post of Chair, Chief Executive Officer and Director of UniCredit, in the event of co-optation, and, should the Board present its own slate of candidates for the position of independent Director for approval by the UniCredit Shareholders' Meeting, taking into due account any recommendations from shareholders, as per the process for selecting candidates for the posts of Board of Directors' members (including the Chair and the Chief Executive Officer), approved by the Board itself;
  • c) the appointment of the Chief Executive Officer, General Manager, Deputy General Managers and other Executives with strategic responsibilities;
  • d) the verification that the General Manager and the Manager in charge of drafting the company financial reports comply with the requirements provided by applicable laws and the Articles of Association, if applicable;
  • e) the definition of appointment and succession plan policies for the Chief Executive Officer, General Manager, Deputy General Managers and other executives with strategic responsibilities, Senior Executive Vice Presidents, the Group Management Team (Executive Vice Presidents) and Leadership Team (Senior Vice Presidents);
  • f) the definition of the policy for the appointment of corporate officers (members of the Board of Directors, Board of Statutory Auditors and Supervisory Board) at Group companies;

Board of Directors' internal Committees

g) the designation of corporate officers (members of the Board of Directors, Board of Statutory Auditors and Supervisory Board) at the main companies.

Moreover, the Committee:

  • provides support, coordinating with the Internal Controls & Risks Committee, in proposing candidates or assessing dismissal for the roles of Heads of corporate control functions to the Board of Directors;
  • undertakes research to help the Board of Directors draft a succession plan for executive Directors.

Activities performed

In 2022 the Committee interacted with the management on two main issues: succession plans and managerial reorganization.

On the first point, the Committee requested the management to receive regular updates on the succession plans for the Chief Executive Officer and the Executives with strategic responsibilities, in order to be fully informed and prepared when it comes for reviewing and deciding on new hires and promotion at top-level. The Committee also approved a process for appointing the Executives with strategic responsibilities which clearly outlines the actors involved and ensures timeliness and efficiency in selecting managers.

On the second point, the Committee supported the Board in the managerial reorganization initiated by the Chief Executive Officer in 2021, with particular reference to the evolution of the organizational set-up of "Italy" and "Group Operations" and "Group Digital & Information" functions. In this context, the Committee requested the management to receive constant updates on the performance of the Executives with strategic responsibilities.

The Committee also examined possible actions aimed at strengthening the Bank's governance and aligning it with national and international best practices, as well as investor expectations. In particular, it reinforced that premeetings information to the Board has to be provided at least three days prior to meetings with the possibility of waiving this requirement only in the event of emergencies; in such cases, the Board Chair ensures that the Chief Executive Officer provides an adequate explanation of the topics at Board meetings.

Moreover, the Committee reviewed the "Emergency and Crisis Management Plan of UniCredit S.p.A.", focusing on the scope of delegation of extraordinary powers to the Chief Executive Officer and the role of the Board in the event of a crisis; supported the Board Chair in the Board self-assessment process; reviewed proposals for the designation of officers in the corporate bodies of the Group's main legal entities; monitored the application of the Group Policy on Diversity, Equity & Inclusion.

The Committee, through its Chair, carried out the activities within its remit with the support of the Company's structures and, where deemed necessary, external consultants.

5.3 ESG Committee

The ESG Committee was established in April 2021, taking over, inter alia, the responsibilities over sustainability matters previously assigned to the Corporate Governance, Nomination and Sustainability Committee (now called Corporate Governance & Nomination Committee).

Composition

According to the provisions in the Corporate Bodies and Committees Regulation, the ESG Committee consists of three non-executive Directors.

The composition of the ESG Committee as at February 24, 2023, is the following: Ms. Francesca Tondi (Chairwoman), Mr. Jeffrey Alan Hedberg and Ms. Beatriz Ángela Lara Bartolomé.

All members of the Committee comply with the independence requirements prescribed by Section 2, recommendation 7, of the Italian Corporate Governance Code and are independent according to Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020 and Section 148 of Italian Legislative Decree no. 58 dated February 24, 1998.

Operations

During 2022, the following were involved in the Committee activities:

  • the Chair of the Board of Statutory Auditors in all the cases and another Statutory Auditor on a periodic rotation basis set by the Board of Statutory Auditors;
  • the Chair of the Board of Directors;
  • the Head of Group Strategy & ESG in all the 2022 meetings;
  • corporate officers of the following additional Company functions, for the topics under their remit that from time to time are part of the Agenda:
    • Group Risk Management: in all the 2022 meetings;
    • Group Stakeholder Engagement: in 2 meetings;
    • Group Regulatory Affairs: in 2 meetings;
    • Group Compliance: in 2 meetings;
    • Group People & Culture: in 1 meeting;
    • Italy: in 1 meeting;
    • Group Operations: in 1 meeting.

In 2022, the Committee was not supported by external consultants.

Roles and Responsibilities

The purpose of the ESG Committee is to support the Board of Directors in fulfilling its responsibilities with respect to the ESG integral components on the Group's business strategy and sustainability.

The ESG Committee shall provide opinions and support to the other Board Committees to ensure the alignment of the Group's policies to UniCredit's ESG principles and objectives.

The Committee also oversees:

  • ESG and sustainability-related developments also considering international guidelines and principles and market developments, monitoring the positioning of the Group with respect to national and international best practices in the ESG field;
  • the preparation of the yearly Integrated Report, which constitutes a non-financial declaration pursuant to the provisions of Sections 3 and 4 of Legislative Decree no. 254/2016, as well as the preparation of the TCFD (Task force on Climate-related Financial Disclosures) report, and any other specific disclosure obligations required by future ESG commitments of the Bank.

Activities performed

In 2022, the ESG Committee held 10 meetings. On average, Committee meetings lasted approx. 2 hours and 15 minutes.

In 2022, the Committee performed information-gathering, consultative and proposition-making functions with regard to the duties assigned to it by the Board of Directors. During 2022 (on March 1 and September 19) two ESG Committee sessions were held jointly with the Internal Controls & Risks Committee focused on issues related to

Board of Directors' internal Committees

climate and environmental risk. The Committee has also been informed of the definition of the Policies on the socalled controversial sectors (such as Coal and Oil&gas, Weapons and Defence) also in the context of the geopolitical crisis triggered by the Russia-Ukraine war. Moreover, the Committee has been updated on the different commitments undertaken by UniCredit in various ESG-related areas (such as Net Zero).

During 2022 the Committee has organized n. 4 training sessions aimed to deepen the following topics: "Data as a foundation for Sustainable Finance", "Mobilising Climate Capital and Financing Transitions", "ESG Risk Strategy" and, lastly, Net Zero.

For the 2023 financial year, 9 Committee meetings have been planned. As at February 24, 2023, 2 Committee meetings had been held.

5.4 Remuneration Committee

For the required information on the Remuneration Committee's set-up, tasks and functioning, please refer to paragraphs "Role of the Remuneration Committee" and "Report on the Remuneration Committee" in the "2023 Group Remuneration Policy and Report", drawn up in accordance with Section 123-ter of the TUF, Section 84-quater of the CONSOB Issuers' Rules, and the provisions set forth under First Part, Title IV, Chapter 2, Policies and practices on remuneration and incentive of Banca d'Italia Circular no. 285/2013.

5.5 Related-Parties Committee

Set up in accordance with CONSOB Resolution no. 17221/2010 and Banca d'Italia Circular no. 285/2013 (Third Part, Chapter 11), the Related-Parties Committee oversees issues concerning transactions with related parties and riskrelated activities and conflicts of interest involving associated parties, conducting the specific role attributed to independent Directors by the aforementioned provisions. Furthermore, it carries out any other duty assigned to it under the Global Policy on transactions with related and associated parties, as applicable from time to time13.

Composition

The Related-Parties Committee consists of three Directors, all of whom qualify as independent pursuant to the Italian Corporate Governance Code.

The composition of the Related-Parties Committee as at February 24, 2023, is the following: Ms. Maria Pierdicchi (Chairwoman), Mr. Vincenzo Cariello and Ms. Elena Carletti.

Roles and Responsibilities

The Related-Parties Committee operates on a consultative and proposition-making basis. Pursuant to the current Global Policy, the Committee is in particular in charge of:

formulating prior, motivated and binding opinions for the purposes of the Board of Directors' resolution on the overall suitability of internal procedures and subsequent updates in order to achieve the objectives established

13 The UniCredit website address where the Global Policy Transactions with related parties, associated persons and corporate officers ex. Section 136 of the CBA is available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/related-parties-and-associated-persons.html

in the external regulatory framework. Said opinions are additional to those requested from the body entrusted with control functions;

  • formulating prior and motivated opinions, when expressly required, in the event of transactions with members of the Combined Perimeter14 either directly or indirectly with UniCredit, concerning the Company's interest in the performance of such transactions, as well as the profitability and substantial correctness of the conditions of such transactions;
  • becoming timely involved, in the event of transactions of "greater significance" with members of the Combined Perimeter - if deemed necessary by the Committee through one or more delegated members - in the negotiation phase and in the preliminary phase through the reception of an exhaustive and updated information flow, including the right to request information and issue observations to delegated bodies and the persons in charge of carrying out negotiations or the preliminary phase;
  • pursuant to section 4, paragraph 1, lett. e-bis) point (i) of the CONSOB Regulation, examining, on the basis of the periodic information flows, also through the use of sample selection methods, the application of the cases of voluntary exemption provided for by the above-mentioned Global Policy in order to examine the adequacy of the same - also in view of its periodic review - and to formulate any corrective measures;
  • pursuant to section 4, paragraph 1, lett. e-bis) point (ii) of the CONSOB Regulation, verifying the proper application of the exemption conditions to transactions of "greater significance" defined as "ordinary" and "concluded at market or standard conditions", notified to the Committee pursuant to Section 13, paragraph 3, letter c) of the CONSOB Regulation, as well as to the above Global Policy. Upon receipt of the report, the Chair of the Committee shall immediately call the Committee to conduct the relevant review.

Operations

Regarding each individual transaction subject to assessment, Committee members must be different from the counterparty, its associated parties and/or any entities related to it.

If a Committee member is a counterparty to the transaction under examination (or is related/associated with the counterparty), he/she must promptly inform the Chair of the Board of Directors and the Committee Chair (provided he/she is not in a conflict-of-interest situation) and abstain from attending further Committee proceedings with regard to the transaction in which the relationship exists. Having consulted with the Committee Chair (provided he/she is not in a conflict-of-interest situation), the Chair of the Board of Directors shall immediately take steps to replace the member who has this conflict of interest with another member from the Board of Directors who qualifies as independent pursuant to the Italian Corporate Governance Code, after contacting them beforehand, in order to restore the Committee to three non-related and non-associated independent Directors.

For transactions that need to be finalised urgently and require the intervention of the Related-Parties Committee during negotiations and due diligence and/or during the issue of opinions, having acknowledged the urgency and noted that the majority or all members are unable to meet or carry out the required activities in time to conclude the transaction, the Committee Chair shall promptly inform the Chair of the Board of Directors of this situation. In any event, these circumstances must be communicated no later than the day after the Committee Chair was informed that the majority or all Committee members was not available. Having consulted with the Chief Executive Officer and determined that the transaction cannot be delayed, the Chair of the Board of Directors immediately takes steps to find three Directors to sit on the Committee and follow the process for temporary substitutions in the event of conflicts of interest.

14 Persons at Group level subject to procedures - which apply jointly - as envisaged under the Global Policy Transactions with related parties, associated persons and corporate officers ex section 136 of the CBA, pursuant to both CONSOB Resolution no. 17221/2010 and Banca d'Italia Circular no. 285/2013 (Third Part, Chapter 11).

Board of Directors' internal Committees

Activities performed

In 2022, the Related-Parties Committee held 15 meetings (on average, each Committee meeting lasted 1 hour and 10 minutes).

Company and Group Managers and personnel, as well as advisors belonging to major Italian and foreign consultancy and law firms, attended Committee meetings to discuss specific items on the Agenda. In particular, the functions/Group Companies involved in the Committee's activities are listed below, with an indication of the relative frequency:

  • Group Risk Management, 3 meetings;
  • Group Compliance, 2 meetings;
  • Group Legal, in all meetings;
  • Group M&A and Corporate Development (Group Strategy & ESG), 9 meetings;
  • Internal Audit, 1 meeting;
  • UniCredit Services S.C.p.A., 2 meetings;
  • UniCredit Factoring S.p.A., 3 meetings.

A Statutory Auditor of UniCredit attended all 2022 Committee's meetings, on a periodic rotation basis as defined by the body entrusted with control functions.

In 2022, the Committee issued six opinions on transactions related to UniCredit S.p.A. and its subsidiaries. For the issuance of all said opinions, the Committee availed itself of the activity of experts, after having assessed the possession of the independence requirements (provided by Annex 4 of CONSOB Regulation) and of experience.

The activity carried out by the Committee in 2022 also concerned the analysis of the periodic information drafted by:

  • Group Risk Management, on the Group's overall exposure arising from transactions with components of the Combined Perimeter;
  • Presidio Unico, (i) on the transactions subject to a voluntary exemption of UniCredit and of the subsidiaries with components of the Combined Perimeter, consistently with the CONSOB Regulation and the Global Policy. The mentioned information flow, on a six-monthly basis, was functional to the performance by the Committee of the examination tasks on the correct implementation of voluntary exemption cases, with the support of the competent business structures, invited to attend n. 2 meetings devoted to the Committee's controls; (ii) on the topics which are relevant for the Combined Perimeter.

Lastly, the Committee received the following information "on a voluntary basis":

  • the outcomes of the second-line controls performed by the Compliance function, on the existence and completeness of the procedures which are appropriate to ensure the compliance with the requirements established by the legal framework and by the internal rules on the process for managing the transactions with components of the Combined Perimeter;
  • the analysis performed by Presidio Unico on the "correlation title" of the components of the Combined Perimeter, with specific reference to the companies which are associated directly and indirectly with UniCredit S.p.A.;
  • the monitoring performed by Presidio Unico on the operations with the main related parties in the last three years.

For the 2023 financial year, 10 meetings have been planned for the Related-Parties Committee. As at February 24, 2023, 1 meeting had been held.

Directors' Remuneration

For the required information on compensation for executive Directors, non-executive Directors and Executives with strategic responsibilities, as well as on indemnities to Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (as per Section 123/bis, sub-section 1, letter i), of the TUF), please refer to the section on "Compensation to Directors, Statutory Auditors and Executives with Strategic Responsibilities" in the "2023 Group Remuneration Policy and Report", drawn up in accordance with Section 123/ter of the TUF, Section 84/quater of the CONSOB Issuers' Rules, and the provisions set forth under First Part, Title IV, Chapter 2, Policies and practices on remuneration and incentive of Banca d'Italia Circular no. 285/2013.

Directors' interests and related-parties transactions

Risks arising from transactions with persons in a potential conflict-of-interest situation are governed, inter alia, by the Regulation CONSOB adopted in Resolution no. 17221/2010 and subsequent updates, by regulations on "Risk activities and conflicts of interest with associated parties" provided for under Third Part, Chapter 11 of Banca d'Italia Circular no. 285/2013, as well as regulations on the obligations of corporate officers at Banks pursuant to Section 136, Legislative Decree no. 385/1993.

Under this regulatory framework, with the unanimous and favourable opinion of the Related-Party Committee and the Board of Statutory Auditors, on June 16, 2021 the UniCredit Board of Directors adopted its "Global Policy Transactions with related parties, associated persons and corporate officers ex Section 136 of the CBA" (available on the UniCredit website) with the aim of defining principles and setting out rules for controlling risks that may arise out of a possible conflict of interest caused by a party's close ties with bank decision-makers.

Intended as an organic evolution towards unifying aspects of governance and areas of enforcement, procedural and organisational approaches (due to the significant similarities between CONSOB's regulations on related parties and the Banca d'Italia's on associated parties), this Global Policy details provisions to be complied with when managing transactions with persons in a potential situation of conflict of interest, as defined by the above-mentioned regulations.

Here below is the list of enforcement areas which are handled jointly by the provisions in the Policy:

  • governance issues and the associated roles of the Board of Directors, the Related-Parties Committee and the Board of Statutory Auditors;
  • organisational structures for overseeing and managing transactions with related and associated parties;
  • perimeter of CONSOB related parties and Banca d'Italia associated parties;
  • criteria for identifying and detecting transactions with related parties and associated parties, including those of greater relevance;
  • cases of exemption set out in the CONSOB Regulations and through Banca d'Italia provisions, and exemptions at UniCredit pursuant to the powers provided for under such provisions;
  • procedures for arranging and approving transactions with related and associated parties;
  • checks and rules for adoption of the Policy within the Group.

Taking into consideration the peculiarities that characterise these provisions, references are also provided on the following:

  • disclosure- and transparency-related obligations required by CONSOB with reference to transactions with related parties;
  • risk activities with associated parties pursuant to Banca d'Italia supervisory reporting terms;
  • monitoring prudential limits and risk appetite levels of associated persons.

The current version of the Global Policy is available on the UniCredit website15.

* * *

Compliance with legal requirements on the interests of company Directors and related-parties transactions being unaffected, through its Global Policy the Company must also comply with Section 136 of Legislative Decree no. 385/1993 concerning the obligations incumbent upon bank corporate officers, according to which such officers may not take on any obligation, directly or indirectly, with the bank that they manage, direct or control, unless it is approved unanimously by the supervisory body, and with the person concerned abstaining, and with the favourable vote of the controlling body's members. Accordingly, corporate officers are required to report the names of

15 The UniCredit website address where the Global Policy on Transactions with related parties, associated persons and corporate officers ex section 136 of the TUB is available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/related-parties-and-associated-persons.html

individuals or companies with whom entering into relations might constitute an indirect obligation that substantially refers to a corporate officer.

A transaction with a related party involving a bank's corporate officer or a party related to such individual falls under the provisions of Section 136 of the Legislative Decree no. 385/1993 and the relevant decision-making procedures. In such cases, the Related Parties Committee must be granted an early, timely and complete information flow for transactions of greater or lesser relevance not falling under the foreseen cases of exemption.

Internal controls and risks management system

The internal controls system is an essential part of the overall governance system at a bank. It plays a central role in their organisation, and can help to ensure the effective management of risks and how they interrelate, to ensure that the activities carried out complies with the corporate strategies and policies, and is founded on sound and prudent management principles.

An effective internal controls system is a prerequisite for value creation over the medium-to-long term, safeguarding asset quality, correctly perceiving risk and appropriately allocating capital.

The UniCredit Group internal controls system, in its ordinary governance setup, is based on:

  • control bodies and functions, in particular involving (each one within its respective sphere of competence) the Board of Directors, the Internal Controls & Risks Committee, the Chief Executive Officer, the Board of Statutory Auditors, as well as the functions and the managerial committees with specific tasks to that regard;
  • information flows and coordination procedures among parties involved in internal controls and risks management system;
  • Group Governance mechanisms.

8.1 Bodies and functions

The Board of Directors and the Internal Controls & Risks Committee

Guidelines for internal controls and the risks management system are defined by the Board of Directors, having verified their consistency with the strategic orientation and the risk appetite established by the Board. Consequently, the Board is able to guarantee that the main risks are properly identified, measured, managed and monitored in the appropriate manner, also taking into account how they evolve and interact and, furthermore, establishing criteria for the compatibility of such risks with sound and prudent management.

Within this context, on a yearly basis the Board of Directors defines and approves a Group Risk Appetite Framework that is consistent with the budget process timeline and definition of the financial plan, in order to ensure that business develops within the desired risk profile and in accordance with national and international regulations.

The Risk Appetite Framework summarises the Group's desired risk profile, including identification of significant risks to which the Group is exposed, by defining thresholds for the following indicators:

  • regulatory indicators to ensure compliance at all times with the Supervisory Authority requirements (e.g., the Common Equity Tier 1 Ratio and the Liquidity Coverage Ratio);
  • managerial indicators, to monitor the evolution of key variables from both a strategic and Risk Appetite point of view defined to ensure the steering of all key financial risks (e.g., Credit, Liquidity and Interest Rate Risk, Market and Sovereign Risk), Profitability, Non-Financial Risks (e.g., Operational Risk, ICT, Cyber Risk, Compliance Risk) and Climate and Environmental Risks.

In the second half of the 2022, the Group Risk Appetite Framework has been set for the 2023 to sustain the way towards the Company's strategic objectives in a controlled risk environment. The key elements have been re-defined and re-evaluated, including the macro scenario underlying the 2022-2024 Strategic Plan, key risks and risk trends. Enhancements of the framework included setting the 2023 thresholds for several KPIs that were subject to monitoring only, as well as cascading of some of them from Group level also to the Group Companies.

The Board approved the new Group Risk Appetite Framework for 2023.

The Group Risk Appetite Framework, which includes both the quantitative component (i.e., RAF dashboard) and the qualitative component (i.e., Risk Appetite Statement), is consistently implemented at relevant Group Legal Entities. The quantitative component includes for each KPI the definition of relevant target, trigger and limit: (i) the targets represent the amount of risk the Group is willing to take on in normal conditions, and they form the reference thresholds for development of the business, (ii) the triggers represent the maximum acceptable level of deviation from the defined target thresholds. They are set so as to assure that even under stress conditions the Group can operate within the maximum level of acceptable risk; the managerial committee Group Executive Committee and the Board of Directors shall be informed of trigger breaches; (iii) the limits are hard points that represent the maximum level of risk acceptable for the Group; if a limit is breached, the Board of Directors must be involved in assessing and deciding upon possible corrective measures.

The Board of Directors is supported by the Internal Controls & Risks Committee in its decision-making activities relating to the internal controls and risks management system.

Within its sphere of competence, the UniCredit Board of Directors approves the establishment of corporate control functions, defining their relevant roles and responsibilities, forms of coordination and collaboration, and the information flows between them and the corporate bodies. Additionally, as part of its support of the Internal Controls & Risks Committee, it draws up coordination documents envisaged under Banca d'Italia Circular no. 285/2013, and has mandated the Chief Executive Officer to execute the Board's directions by designing, managing and monitoring the internal controls and risks management system. Within the scope of this, the Board of Directors ensures that corporate control functions are stable and independent, and that they may access all Bank and Group Companies' activities and any data relevant for performing their respective duties.

At least once a year, after considering the opinion issued by the Board of Statutory Auditors, the Board of Directors assesses the organisational structure's adequacy and the number and skills of staff working at the compliance (Group Compliance) and risk management functions (Group Risk Management). Furthermore, the Board resolves on any possible amendments necessary to the internal audit function's (Internal Audit) organisation and staffing.

Moreover, the Board of Directors approves the following strategies.

Credit Strategies

Under Basel II Pillar II, Group Credit Risk Strategies represent an advanced credit risk management instrument, targeted at ensuring consistency between budget targets and the Risk Appetite Framework. Taking into consideration the macroeconomic and credit scenario, projections in the economic and industry sector, as well as business initiatives and strategies, Credit Strategies provide a set of guidelines and operational limits broken down by the countries and business segments in which the Group operates, with the goal of identifying the desired risk profile and business line positioning in order to ensure growth consistent with the Group Risk Appetite Framework, while at the same time optimising the overall credit risk impact without precluding profitable business opportunities.

Financial Risk Strategies

At Group level, the UniCredit "Group Financial Risk" function manages the setting of overall limits on the Group's financial risks (i.e., liquidity, interest rate, market, counterparty and trading credit risks).

To this end, the Holding Company's "Group Financial Risk" function acts in tight coordination with:

the Group Companies' Market Risk functions, which in accordance with the Group business model are entitled to take on exposures to market risks either in the trading or in the banking book and liquidity. Within the defined overall business model, the relationship with the Market Risk functions, within the overall process of negotiating operational limits alongside the business functions is designed to ensure consistency of the limits with the returns assigned to them in the budget, taking into account dynamics associated with risk indicators, based on historically observed data, expected market developments and proposed business initiatives;

Internal controls and risks management system

the "Risk Appetite" Group Risk Management function in charge of the Group Risk Appetite, with the aim of verifying the limits-related impact on Regulatory and Economic Capital within an iterative process conceived to ensure that limits are consistent with the capital allocation approved at Group level, taking into consideration income goals defined in the annual and strategic plans.

The UniCredit Board sets out the guidelines for the internal controls system, verifying its consistency with established strategic orientations and risk appetite, as well as its capacity to detect the evolution of corporate risks and how they mutually interact, ensuring that the main risks are properly identified, measured, managed and monitored in the appropriate manner, through Internal Controls & Risks Committee activities, in particular, on the basis of:

  • reports by the Heads of corporate control functions: the compliance function (Group Compliance), the risk management function (Group Risk Management), the internal audit function (Internal Audit), the anti-money laundering function (Anti-Financial Crime Compliance) and the validation function (Group Internal Validation);
  • information from the Manager charged with preparing the company financial reports in compliance with the international accounting standards and with regulations relevant to preparing the consolidated financial statements;
  • any useful information related to monitoring overall corporate risks provided by the relevant Company structures and/or the by the audit firm assigned to undertake statutory accounting supervision.

At least yearly, the Board approves the activities programme prepared by the corporate control functions, including the yearly audit plan, and examines their annual reports. Moreover, it approves the multi-year audit plan.

In addition, the Board ensures that the internal controls system and corporate organisation are constantly in harmony with the principles enshrined in laws and regulations applicable from time to time, verifying at least yearly on an basis the exhaustiveness, adequacy, effectiveness and proper functioning of the internal controls and risks management system; should shortcomings or discrepancies emerge, the Board promptly fosters adoption of appropriate corrective measures, the efficacy of which should subsequently be assessed.

Chief Executive Officer

Notwithstanding the Board of Directors' authority over the establishment of corporate control functions and the definition of related roles and responsibilities, the Chief Executive Officer manages the internal controls and risks management system, with support from relevant functions. This includes:

  • (i) identifying the Company's risks and submitting them to the Board of Directors. To that end, the Chief Executive Officer must have in-depth knowledge about all corporate risks and, as part of an integrated managementoriented approach, their reciprocal relationships, taking into account how external circumstances (including macroeconomic risks) evolve;
  • (ii) putting into practice the strategic guidelines, RAF and risk management policies defined by the Board. He does this by planning, managing and monitoring the internal controls and risks management system. In the supervision of these activities, the Chief Executive Officer is supported by the managerial committee Group Executive Committee and the Group Risks/Controls Committee (i.e., Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee), chaired by the Chief Executive Officer, in which sessions topics related to the system of internal controls, related remedial plans, as well as issues related to risk management and monitoring are addressed.

The Chief Executive Officer is responsible for taking all necessary steps to ensure that the organisation and internal controls system comply with the principles and requirements envisaged under applicable legal provisions. Furthermore, on an ongoing basis and with assistance from the competent functions (as well as directly sitting on ad hoc managerial committees aimed at overseeing and/or controlling risks), he supervises the proper management of overall corporate risks and the adequacy, and the effectiveness and efficiency of associated protective structures, including by means of defining optimal policies for managing such risks. To that end, at all levels he facilitates dissemination of an integrated risk culture spanning the various types of risk.

With specific reference to the non-compliance risk, the Chief Executive Officer ensures that compliance risk is adequately managed. As such, the Chief Executive Officer:

  • defines adequate compliance procedures and policies;
  • establishes effective communication channels to ensure that all levels of staff are aware of the compliance safeguards for their tasks and duties;
  • ensures that the policies and procedures are followed at the bank and, should any violation occur, makes sure the appropriate corrective measures are taken;
  • sets out the information flows designed to ensure the top company bodies are fully aware of how compliance risk is being managed.

In addition, the Chief Executive Officer must, in collaboration with the Group Compliance function:

  • identify and assess, at least once a year, the key compliance risks that the Bank is exposed to and then plan related action/responses. Planning must include weaknesses (in policies, procedures, implementation or execution) that arise during company operations and the need to face any new compliance risks that are picked up following the annual risk assessment;
  • report (either on his/her own imitative or further to a request) to the Board of Directors and the Board of Statutory Auditors on whether the bank's current management of compliance risk is adequate;
  • promptly inform both the Board of Directors and the Board of Statutory Auditors on any major compliance breaches.

Upon the Internal Controls & Risks Committee Chair's invitation, the Chief Executive Officer attends the meetings of such Committee on specific Agenda items. At these meetings, the Chief Executive Officer reports to the Committee on the relevant issues pertaining to items on the Agenda, providing clarifications when necessary and following up on any requests for the Committee to undertake further investigation.

As for third-level controls carried out by the Internal Audit function, the Chief Executive Officer is informed of guidelines for auditing activities, may make suggestions to integrate the annual control plan, and may request specific auditing not foreseen in the annual plan.

Within this field, the Chief Executive Officer makes sure that the Board of Directors engages in effective, ongoing dialogue and exchange, with support from the corporate functions that report to him as Head of the internal structure, in order to allow him to review the choices and decisions they adopt over time. To that end, the Chief Executive Officer receives information from corporate functions necessary to assure the supervision required of him, especially at managerial committees meetings which he attends as Chair, and meetings by committees of which he is not a member, through specific, systematic information flows.

Moreover, the Chief Executive Officer promotes initiatives and actions that are necessary to ensure the ongoing exhaustiveness, adequacy, functionality and reliability of the internal controls system, reporting to the Board of Directors on the outcome of checks, arranging and carrying out any necessary corrective measures, and implementing such measures should there be any deficiencies or anomalies, or should relevant new products, activities, services and processes be introduced.

Internal controls and risks management system

Board of Statutory Auditors

The UniCredit Board of Statutory Auditors is responsible for overseeing the completeness, adequacy, functionality and reliability of the internal controls system and the RAF, as well as the risks management and control process. With regard to the variety of corporate functions and structures that have control roles and responsibilities within the Company, the Board of Statutory Auditors is called to check the efficacy of all structures and functions involved in the controls system, the proper performance of duties, proper coordination of such duties, and promoting any corrective actions aimed at remedy any shortcoming or irregularities detected.

Drawing on the contribution of the corporate control functions, as part of its more general overall review of the risks management process, the Board of Statutory Auditors supervises compliance with ICAAP process provisions and the completeness, adequacy, functionality and reliability of the advanced internal risks measurement systems for determining capital requirements, as well as compliance with requirements envisaged under the relevant provisions.

The Board of Statutory Auditors supervises the processes adopted for the proper implementation of the corporate governance rules set forth by the Italian Corporate Governance Code, the financial disclosure process and compliance with provisions on the disclosure of non-financial information, external auditing of the annual individual and consolidated accounts, the independence of the external audit firm, in particular with regards to carrying out nonauditing activities, and periodically meets with the external audit firm for a reciprocal exchange of information.

With specific regard to the assignment of Supervisory Body functions to the Board of Statutory Auditors pursuant to Legislative Decree no. 231/2001, it should be noted that at its February 6, 2019, meeting, the UniCredit Board of Directors resolved to entrust these tasks to the control body starting from its renewal for the 2019-2021 financial years (see following paragraph 8.5 Organisation Model as per Legislative Decree no. 231/2001).

The Board of Statutory Auditors is responsible for establishing appropriate functional links with the Internal Controls & Risks Committee and the Remuneration Committee, in accordance with their specific skills.

Control functions

In compliance with applicable laws and drawing inspiration from international best practice, the types of control at UniCredit are structured on three levels:

  • line controls (so-called first-level controls), in charge of the corporate functions responsible for business/ operational activities, aimed at ensuring the proper carrying out of the transactions;
  • risk and compliance controls (so-called second-level controls), in charge of the Group Compliance and Group Risk Management functions, each regarding the matters in their sphere of competence;
  • internal audit (so-called third-level controls), in charge of the Internal Audit function.

The Group Compliance, Group Risk Management and Internal Audit functions are separated and hierarchically independent from the corporate functions that carry out the activities subject to their control. The Board of Directors has exclusive competence - based on a proposal made by the Internal Controls & Risks Committee, as well as after hearing the Board of Statutory Auditors - over the appointment and removal of the Heads of said corporate control functions.

As per Banca d'Italia Circular no. 285, corporate control functions also include the anti-money laundering and validation functions, both independent and set up within Group Compliance and Group Risk Management, respectively.

In addition to the corporate control functions, in compliance with regulatory provisions, control functions also include the functions charged with control tasks pursuant to legal, regulatory or self-regulatory provisions (e.g., the Manager charged with preparing the company financial reports).

The Compliance function

The mission of Group Compliance, under the responsibility of the Group Compliance Officer, role covered by Ms. Serenella De Candia, is to monitor the management of the non-compliance risk16 as well as to assist the Group, its Management, the corporate bodies and employees in carrying out their activities in compliance with mandatory rules, internal procedures and applicable best practices.

Bank and Group's companies' Compliance function are independent, drawing on human and technological resources that are qualitatively and quantitatively adequate to the tasks to be performed, reporting directly to Senior Management and the corporate bodies, and with access to all corporate information and participates to decisionmaking processes; when necessary, it can elevate an issue directly up the hierarchical higher levels.

Group Compliance has a proactive role in advising the Bank functions on regulatory requirements, especially on new products, processes, business initiatives, commercial campaigns, marketing materials, and sets rules of conducts, guidelines, and standards - for its perimeter of competence - to be observed.

Group Compliance monitors the management of the non-compliance risk according to a risk-based approach, i.e., an approach that, based on the ongoing assessment of Group activities and the regulatory framework and corporate environment, focuses its activities and priorities on the areas, standards, processes and procedures most at risk of non-compliance.

Consistently with this approach, the non-compliance risk monitoring, with respect to all corporate activities (with the exception of laws and regulations falling within the scope of Group Risk Management) is carried out directly17, through the organizational units that are part of Group compliance, on most relevant regulations with regards to non-compliance risk like the ones concerning banking and financial activities, conflicts of interests management, transparency to customers and consumer safeguard regulation.

As far as other regulations are concerned (e.g.: tax laws, Law on Health and Safety at Work) and with reference to UniCredit S.p.A. only, the Compliance function monitors indirectly18, by providing/validating compliance risk assessment methodologies and procedures to/for the so-called "Presidi specialistici", in place within other business structures, and verifying that they are correctly implemented.

Group Compliance pursues these objectives in particular by:

  • promoting a culture that encourages compliance with the law, internal regulations, Global Rules and the ethical principles which underlie the corporate culture;
  • identifying, assessing and monitoring non-compliance risk, including the development and monitoring of compliance with Global Rules whose aim is the mitigation of those risks;
  • establishing relationships with the Authorities (Supervisory Authorities, Trade Associations, Legislator, etc.) together with other relevant structures and promoting a continuous dialogue with such Authorities for the area of competence;
  • cooperating with other Competence Lines within the Group, and especially with other structures that oversee the management and control of risk (specifically, Internal Audit, Group Risk Management) in order to improve the overall consistency and ensure adequate and continuous mutual information flows;

16Non-compliance risk can be defined as the risk of incurring legal or administrative penalties, financial losses, or damage to reputation as a result of non- compliance with mandatory rules regulating financial and banking undertakings, codes of conduct and standards of "good practice managing."

17Compliance has a direct oversight on the thematic areas defined in the IR 995/5 of March 31, 2022 - Group Compliance Framework (App. 1) as well as on the corporate responsibility for crime committed by employees in the interest of company (Legislative Decree no. 231/2001).

18 As envisaged in the "Indirect Model for the supervision of compliance risk" approved by a specific resolution of the Board of Directors.

Internal controls and risks management system

  • periodically communicating with and providing assistance to the senior management and the Board of Directors on non-compliance risk management, including by participating in the Group Executive Committee and other managerial Committees;
  • providing guidelines on compliance significant topics to business representatives and other Competence Lines, through proactive advice and upon request, i.e., by providing advice on laws, regulations, codes, practices, products, business lines and organizational structures also at local level;
  • fulfilling legal requirements concerning anti-money laundering reporting for UniCredit S.p.A., through the appointment of a AML Responsible (AML Officer), in accordance with Banca d'Italia Provision of March 10, 2011, laying down implementing provisions concerning anti-money laundering organization, procedures and internal controls, such AML officer being tasked with promoting a unified anti-money laundering approach in Italy and coordinating the anti-money laundering managers appointed by other centralized Italian Group Companies;
  • fulfilling legal requirements regarding the personal data processing for UniCredit S.p.A., through the appointment of a Data Protection Officer, in compliance with Regulation (EU) 2016/679 of April 27, 2016, laying down provisions on the organization, procedures and evaluation of the impact of data protection, playing a coordinating role at Group level.

Group Compliance is in charge of guiding, coordinating and monitoring compliance matters at Group level; as part of these responsibilities, Group Compliance can perform centralized functions with regard to Compliance matters on behalf of the Italian Group Companies.

The Group Risk Management function

Under the responsibility of the Group Risk Officer, the Group Risk Management structure's mission is to:

  • optimise the quality of the Group's assets, minimising the risk cost in accordance with the risk/profitability goals set for the business areas;
  • ensure the strategic steering and definition of the Group's risk management policies;
  • define and provide the Heads of the Business Functions and Group Companies with the criteria for assessing, managing, measuring, monitoring and communicating risk. It also ensures that the procedures and systems designed to control risk at Group and individual Group Company level are coherent;
  • help build a risk culture across the Group by training and developing, together with the competent Group People & Culture;
  • help to find ways to rectify asset imbalances, where needed in conjunction with the Group Financial Officer;
  • help the Business Functions achieve their goals, including by assisting in the development of products and businesses (e.g., innovation of credit products, competitive opportunities linked to the Basel accords, etc.);
  • support the Chief Executive Officer in defining the Group Risk Appetite proposal, to be shared in the managerial committee Group Risk Committee and submitted for approval to the Board of Directors, as preliminary and preparatory step for the yearly and multi-yearly budget plan pertaining to the Group Financial Officer. The Group Risk Appetite includes a series of parameters defined by the Group Risk Officer, with the contribution of the Group Financial Officer and of other relevant Group functions; each parameter can be complemented by limits and thresholds proposed by the Group Risk Officer and targets proposed by the Group Financial Officer and/or by the relevant Group functions, each respecting their mission and internal regulations. The Group Risk Officer is responsible for ensuring the overall coherence of the proposed parameters and values. Furthermore, the Group Risk Officer is responsible for ensuring to the Chief Executive Officer and the Board of Directors the coherence of the Group Risk Appetite with the Group strategic guidelines, as well as the coherence of the budget goals with the Group Risk Appetite setting and the periodical monitoring of the RAF. The Group Financial Officer remains responsible for monitoring the performances of the Group and of the business functions, in order to identify possible underperforming areas and the related corrective measures.

Such mission is accomplished by coordinating the Group's risks management as a whole. More specifically, it involves carrying out the following macro-functions:

governing and checking credit, cross-border, market, balance sheet, liquidity, operational and reputational risk at Group level as well as any other risks relating to Basel II Pillar II (e.g., strategic, real estate, financial investment,

business risks), by defining risk strategies and limits, developing risk measurement methodologies, performing stress tests and portfolio analysis;

  • supervising, on a Group level and for UniCredit S.p.A., Basel accord related activities;
  • coordinating the internal capital measurement process within the "Internal Capital Adequacy Assessment Process" ("ICAAP") and coordinating activities for drawing up the "ICAAP Regulatory Report";
  • performing internal validation activities, at Group level, on systems for measuring, credit, operating and market risks, or Basel II Pillar II risks on related processes and data quality and IT components, as well as on models for pricing financial instruments, in order to check that they conform to regulatory requirements and in-house standards, overseeing consequently the non-compliance risk regarding to such regulatory requirements;
  • ensuring that the competent Bodies/Functions get adequate reports;
  • developing the strategy and oversee the management, process, targets and disposals of Non-Performing Exposures/NPE, repossessed assets and any other distressed assets for the entire Group. The Group Risk Officer defines the criteria/rules for identifying the exposures and assets for sale and portfolio targets;
  • drafting and managing risk policies, both at Group level (Group Rules) and at Parent Company level, on the performance of risk-related activities for which UniCredit S.p.A. is competent as well as ensuring the related monitoring;
  • performing second-level controls on the risks of the treasury and credit treasury portfolios within the Group and the Parent Company;
  • assigning ratings for banks and for the Group's major exposures, carrying out the relevant mapping, at Group level, and managing the "rating override" process with regard to Group-wide rating systems as well as those for measuring the credit risk of UniCredit S.p.A.'s counterparts;
  • defining the minimum standards and guidelines for validating IT infrastructures and data quality, credit risks, operating risks and Basel II Pillar II risks, for feeding Group and Parent Company reports on credit risk and for feeding credit risk measurement models;
  • analysing and controlling, at Italian perimeter level, credit, operating and reputational risks generated by the activities of Italy Division;
  • carrying out the functional coordination of the Group Companies in its area of competence.

Moreover, the Group Risk Officer has direct responsibilities for UniCredit S.p.A., in particular for:

  • releasing "risk opinions" by assessing creditworthiness of the counterparties under the responsibility of Italy following defined processes to support the decisions of the competent functions/body (and, in relation to the delegated powers, coordinate and manage the underwriting and credit granting activity);
  • coordinating and handling the post-decision phase and ensuring that outstanding positions and the credit portfolio of UniCredit S.p.A. are properly monitored;
  • coordinating and managing restructuring and workout files including the Debt to Equity and Debt to Asset transactions and the related equity participations/assets;
  • evaluating, monitoring and supervising, at Group level, of the Large Credit Transactions and managing the Global Credit Model of Financial Institutions, Banks and Sovereigns (FIBS). Furthermore, the Group Risk Officer is responsible for the assessment, approval and daily management of Country Risks and Cross-Border credit risktaking;
  • contributing to the management of risks through the definition and improvement of credit processes (e.g., underwriting, monitoring, collection e loan administration) for the perimeter of UniCredit S.p.A., in line with strategic guidelines and credit policies;
  • performing second level controls on risks.

In order to strengthen the capacity of independent steering, coordination and control of Group risks, to improve the efficiency and the flexibility on the risk decision process and to address the interaction among the relevant risk stakeholders, specific Committees are in place:

The managerial committees Group Executive Committee, Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee support the Chief Executive Officer in the role of steering, coordinating and monitoring the strategic and all categories of risks (included compliance risk), at Group level, as well as defining the Group Recovery Plan.

Internal controls and risks management system

The Group Risk Management function sets up specific information flows to ensure full knowledge about the Group's risks exposure and underlying factors, as well as trends for significant variables included in the Risk Appetite Framework. This information, of which the Chief Executive Officer is aware, in part through chairing the managerial committee Group Executive Committee and the Group Risks/Controls Committee (i.e., Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee), chaired by the Chief Executive Officer, also with a view to draft proposals/reports for the Board of Directors, mainly relates to the topics summarised below:

  • Risk Appetite Framework, liquidity risk management adequacy (ILAAP) and capital adequacy (ICAAP);
  • activities performed, checks carried out and related outcomes of all covered risk types
  • development, validation and maintenance of the risks measurement and control system, also through the assessment performed by internal validation function.

The UniCredit Group Risk Officer is Mr. Thiam Joo Lim.

The Internal Audit function

The UniCredit Internal Audit function, which reports to the Board of Directors, steers, coordinates and monitors the Group's internal audit activities, and performs third-level control activities as well as on-site inspections on the Parent Company and on the Group's Companies that have outsourced internal audit activities to UniCredit on an inservice company basis ("In service Companies"). In addition, as the Group's Internal Audit function it may conduct on-site controls on any Group Company.

The Internal Audit function acts in compliance with the Internal Audit Group Charter, which defines its mission, responsibility, organisational reporting, tasks and authority.

As independent function, Internal Audit plays an integral part in the internal controls system, carrying out assurance and consulting to evaluate, add value to and improve the internal controls system of UniCredit and its Group.

Internal Audit adheres to the International Professional Practices Framework (Definition of Internal Audit, Core Principles for the Professional Practice of Internal Auditing, and Code of Ethics and International Standards).

The Officer in charge of the Internal Audit function

The Head of the Internal Audit function is Mr. Guglielmo Zadra and he reports, either directly or via the Internal Controls & Risks Committee, to the Board of Directors at least once a year, and, in particularly important cases, at the next available meeting, on the adequacy, effectiveness and efficiency of the internal control system.

The Head of the Internal Audit function is not in charge of any operational areas and reports hierarchically to the Board of Directors.

In addition, after hearing the Internal Controls & Risks Committee's opinion, the Board of Directors has exclusive competence over determining the variable portion of remuneration for the Head of the Internal Audit function, based on criteria and parameters not connected to Bank performance.

In compliance with the Internal Audit Group Charter, the Head of the Internal Audit function performs the following activities:

develops and executes an annual audit plan and a multi-year audit plan using an appropriate risk-based methodology with a view to the future, taking into account trends and emerging risks. In this context, organisational changes and projects identified by Senior Management and/or governing bodies are considered to be relevant. Both plans are submitted for approval to the Board of Directors after examination by the Internal Controls & Risks Committee;

  • ensures adequate audit coverage, taking into account the competencies of the external auditors and Supervisory Authorities, including a reasonable overview of expenses;
  • issues periodic reports to the Board of Directors and to the Internal Controls & Risks Committee, that summarise the main findings of audit activities at Group level;
  • undertakes special investigations, including on its own initiative, at UniCredit S.p.A. and within the Group, reporting the results to Senior Management and corporate bodies;
  • maintains a professional audit staff with sufficient knowledge, skill, experience and professional certification to meet the requirements stated in the Internal Audit Group Charter;
  • reports to the Board of Directors on matters designed to assess Internal Audit performance, including emerging trends and best practices in internal auditing;
  • ensures fair and transparent communication with Supervisory Authorities on audit activities;
  • establishes a quality assurance and improvement programme to make it possible to assess internal audit activities and promote professional development.

Specifically, the Head of the Internal Audit function prepares a quarterly report to provide corporate bodies and Senior Management with an overall assessment of the internal controls system. This report includes not only an assessment of the internal controls system, but also summary information on what activities audit has performed, the main risks emerged, and the implementation status of Management action plans.

Updates are also provided on a regular basis regarding the progress status of the annual plan.

Detail is provided of information flows from the Head of Internal Audit to the corporate bodies in a dedicated internal regulation.

The Head of the Internal Audit function arranges the Audit Plan, based on the Risk Assessment results and in compliance with the Group Audit guidelines. The Audit Plan takes into consideration requests made by the Supervisory Authorities and the corporate bodies.

The Board of Directors has empowered the Internal Audit function to have unlimited access to all corporate functions, records, minutes of all consultative and decision-making committees, Company property and staff.

The Head of the Internal Audit function may draw on an appropriate annual budget, which is submitted to the competent corporate bodies for approval.

In 2022, pursuant to the guidelines approved by the Board of Directors, the Head of the Internal Audit function performed checks both on the central structure of the Parent Company and on its subsidiaries, in line with the methodology outlined in the Group Audit Regulations. Appropriate and timely information was sent to corporate bodies in all cases deemed particularly significant, in addition to the above-mentioned periodic report. The Head of the Internal Audit function also played a role in steering, coordination and control, managing, coordinating and monitoring the audit activities carried out by the Group's Companies Audit functions, and continued updating the existing internal regulation framework in order to better support the audit process during its implementation, reporting and monitoring phases.

In 2022, UniCredit had no total or partial outsourcing agreements in place for the Internal Audit function.

The Manager charged with preparing the company financial reports and other company roles and positions

The Manager charged with preparing the company financial reports is Mr. Stefano Porro, the Group Financial Officer (Group CFO), Head of the Group Finance area at UniCredit.

Internal controls and risks management system

In compliance with Clause 34 of the UniCredit Articles of Association, the Manager charged with preparing the company financial reports is appointed by the Board of Directors - subject to the mandatory favourable opinion of the Board of Statutory Auditors, and for a maximum term of three years - to carry out the tasks attributed to this role under laws and regulations in force, establishing his/her powers, resources and remuneration; this person is chosen from among company executives who possess all of the following professional qualifications:

  • a) a degree (or equivalent) in economics, business administration or finance, obtained in Italy or abroad;
  • b) at least three years' experience as head of an internal structure devoted to preparing the financial statements, or as Chief Financial Officer (or equivalent) at a listed Italian or foreign joint stock company (including UniCredit and its subsidiaries);
  • c) an employment rank at the time of appointment of Executive or higher.

In performing his duties, the Manager charged with preparing the company financial reports may count on cooperation from all UniCredit Group structures.

The Board of Directors ensures that the Manager charged with preparing the company financial reports is granted with the powers and resources necessary to perform the duties attributed under the laws and regulations in force, and shall comply with all the relevant administrative and accounting procedures.

The Manager charged with preparing the company financial reports issues certifications and declarations, when requested, also jointly with the bodies delegated thereto, as per laws and regulations in force.

8.2 Financial reporting process, including on a consolidated basis

As regards the main features of the internal control system in relation to the financial reporting process of consolidated and non-consolidated information, in accordance with the provisions of Section 154-bis of Italian Legislative Decree no. 58/1998, the UniCredit Manager charged with preparing the company financial reports draws up, and ensures effective application of adequate administrative and accounting procedures for drafting the UniCredit S.p.A. individual and consolidated financial statements.

Jointly with the Chief Executive Officer, through appropriate certification of the annual and consolidated financial statements and the consolidated half-year financial report, the Manager in Charge is required to certify:

  • the adequacy and effective application of administrative and accounting procedures;
  • compliance with applicable international accounting standards recognised by the European Community under Regulation (EC) no. 1606/2002 of the European Parliament and the Council dated July 19, 2012;
  • correspondence to the results of accounting books and records;
  • suitability to provide a fair and correct representation of the economic and financial situation of the company and all consolidated companies;
  • inclusion in the report on operations of a reliable analysis of the operating trend and results, as well as the circumstances of the company and consolidated undertakings, and a description of the main risks and uncertainties to which they are exposed.

To fully comply with regulatory requirements, the Board of Directors approved a specific Global Policy - "Internal control system on financial reporting (Law no. 262/05 - Manager in Charge)", in which general rules are laid out along with a description of responsibilities and relationships between the Holding Company and the Companies belonging to the Group in assessing the status of the internal controls system for Financial Reporting, in compliance with the Italian Law on savings (Law no. 262/2005).

Furthermore, a Global Process Regulation, governing processes and procedures for applying the above-mentioned general criteria, was approved and sent to companies within the consolidation area and subject to certification pursuant to Italian Law no. 262/2005, on the basis of criteria as resolved from time to time.

The adopted internal control system aims at ensuring correct and complete Financial Reporting through:

  • reinforcement and enhancement of Corporate Governance in relation to risks, by ensuring:
    • the take-up of responsibilities for risk monitoring at executive level;
    • a set of rules and behaviours established and implemented by Top Management;
    • raising of awareness at operational level of risks associated with producing Financial Reporting;
  • the systematic monitoring of significant risks by the relevant functions for compliance with the abovementioned Law.

The internal controls system for Financial Reporting adopted by the Company includes the application of a common methodological framework, based on:

  • using a consistent, centrally-developed internal controls system model based on internationally-acknowledged methodological standards, the "Internal Control - Integrated Framework (CoSO)" and the "Control Objective for IT and Related Technologies (Cobit)";
  • updating and broadcasting within the Group on the basis of centrally-established parameters.

Operational implementation of the adopted model envisages:

  • the definition of parameters for identifying subsidiaries required to implement the internal controls system over Financial Reporting in accordance with the provisions of Italian Law no. 262/2005;
  • the identification, for the Holding Company and subsidiaries involved in activities envisaged under Law no. 262/2005, of administrative and accounting, business, governance and support processes that have a significant impact on financial statement items;
  • the detection for such processes of the existing controls and the owners in charge of first-level controls at individual companies and support units, including Back-office and Information Technology (IT); owners are required first and foremost to ensure assessment of the effectiveness of controls, pointing out any possible action necessary to reduce levels of associated risk. Therefore, each and every procedure and control must be documented, assessed, tested and validated, and individual managerial responsibility must be defined for carrying out the activities involved.

For the Group subsidiaries, a flow of internal certifications is in place for the internal controls system on Financial Reporting, following the approach adopted by the Holding Company. This entails:

  • giving the governing bodies of Companies responsibility for certifying adequacy and the effective application of both administrative and accounting procedures as well as controls on the Information System to the Holding Company;
  • setting roles for the local Manager in Charge and the Chief Executive Officer within the Companies involved, assigning them responsibility for systematically reporting to their respective governing bodies on the status of the internal controls system on Financial Reporting, along with any improvement action plan;
  • sharing a data repository in order to facilitate consolidation of risk and control values within the Group and support take-up of a common language and approach for describing, assessing, testing and monitoring internal control system adequacy.

Moreover, the Global Policy provides for the involvement of Holding Company governing bodies, in particular:

  • at Board of Directors' meetings where individual and consolidated annual financial statements and the consolidated half-year financial report are presented, the Chief Executive Officer and the Manager in charge of preparing the company financial reports provide a report regarding the internal control system on Financial Reporting and the text to be signed to ensure compliance with the requirements laid down in the regulations;
  • at the Internal Controls & Risks Committee and at the Group Non-Financial Risks and Controls Committee, with reference to the individual and consolidated annual financial statements and the consolidated half-year financial report, the Manager in charge of preparing the company financial reports provides a report on the results of the analysis of the internal control system on Financial Reporting of the Companies with such a system in place; in addition, with reference to the first and the third quarter consolidated interim reports, the Manager in charge of preparing the company financial reports provides an update on the status of any remediation actions identified.

Internal controls and risks management system

8.3 Coordination procedures among parties involved in the internal controls and risks management system

According to Banca d'Italia provisions, the UniCredit S.p.A. "Document of corporate bodies and control functions" is drafted to define the control bodies' and functions' tasks and responsibilities, information flows among different functions/bodies and between the latter and corporate bodies, and coordination and cooperation procedures to implement when sectors to be controlled have potentially overlapping areas or allow the development of synergies.

The UniCredit means of cooperation and coordination among its control functions range from mutual information flow exchange to the attendance at managerial committee meetings focused on control-related topics.

In addition, interactions between second and third level corporate control functions are part of what is overall a steady and active cooperation framework, for the most part formalised via specific internal regulations, and performed through the functions of:

  • participation in defining and/or updating internal regulations on risk and control-related matters;
  • mutual exchange of information flows, documents or data, e.g. relating to planning controls and monitoring the results thereof, and control functions access to any internal resource or corporate information in line with their specific control-related needs;
  • attendance at Board Committee and managerial Committee meetings (systematically or on demand);
  • attendance on an ad hoc basis at Work Groups set up from time to time on risk and control topics.

Enhanced interaction among control functions and the provision of constant activity updates to corporate bodies have the ultimate goal of building a corporate governance environment that, over time, is able to safeguard sound corporate management also through the more efficient supervision of risks at all levels of the Company.

8.4 Group governance mechanisms

An effective internal controls system is also based on appropriate governance mechanisms through which UniCredit, as a Holding Company, conducts its management and coordination of Group Companies, in accordance with the law and regulations in force19.

In particular, UniCredit acts through:

  • indicating "trusted persons" at corporate bodies (Board of Directors members at companies with a traditional system, or Supervisory Board members) and at key management positions within Group companies;
  • a management/functional system ("Group Managerial Golden Rules") that defines mechanisms for coordinating Group management, assigning specific responsibilities and powers to the Heads of UniCredit functions for corresponding functions at the Group Companies as described below;
  • the definition, enactment and monitoring of Group rules take-up (the "Global Rules") by companies;
  • disseminating best practice, methods, procedures and developing IT systems to standardise operating procedures within the Group and achieve the most effective risk management and wider operational efficiency.

Group's managerial and functional system cuts across existing corporate structures. One example is the Competence Lines, which create a strong functional link between the Holding Company's structures and corresponding structures at companies, as an expression of responsibilities assigned by local law and regulations to members of corporate bodies and employees, as well as the hierarchical relationships within each company.

19 Specifically, Section 61 of the TUB and the Supervisory Regulations for banks issued by Banca d'Italia.

Based on the above managerial and functional system, Heads of Competence Lines (and Heads of business/service functions in their respective areas of expertise) have specific powers in relation to budget issues, defining policies and guidelines/competence models to ensure monitoring of Global Rules implementation by the Group Companies.

In accordance with the Group Managerial Golden Rules guidelines, UniCredit issues Global Rules to regulate, among others, relevant activities for the purposes of compliance with law and/or risk management to foster Group stability and ensure a unique approach to corporate planning and overall efficiency.

8.5 Organisation Model as per Legislative Decree no. 231/2001

To ensure the adequacy and effectiveness of the "Organization and Management Model pursuant to Legislative Decree no. 231/2001" of UniCredit S.p.A. (hereinafter the "Model 231/2001") its continuous update is carried out, both by integrating and modifying the parts that constitute it. Indeed:

  • on January 18, 2022, the UniCredit Board of Directors approved an updated version of the Model 231/01, following the positive evaluation of the Supervisory Body (meeting held on December 17, 2021), as follows: (i) revision of the structures following the re-organization of UniCredit S.p.A. as of August 2021; (ii) clarification of the Whistleblowing process in order to update it with the activities performed by the Supervisory Body and by the Function that manages the process, in particular with reference to the evaluation phase of the reports;
  • on September 20, 2022, the UniCredit Board approved an updated version of the Model 231/20 following a positive evaluation of the Supervisory Body (June 22, 2022) as follows: (i) revision in line with the re-organization of UniCredit S.p.A. as of December 2021 and subsequent modifications until April 2022; (ii) changes aimed at integrating regulatory changes in accordance with the latest legislative updates until March 2022; (iii) minor changes and alignments proposed by the Compliance and Audit departments after the periodic review processes (as an example update on Employees' Outside Business Interests management process).

Finally, during the second half of the year 2022, specific activities were carried out aimed at updating and integrating the Model 231/2001 in the light of the evolution of the reference regulatory context (for example the introduction of the new offences relating to payment instruments other than cash and against cultural heritage) and in consideration of the merger of UniCredit Services S.C.p.A. into UniCredit S.p.A. (effective from October 1, 2022). The results of the activities carried out were presented to the Supervisory Body on December 20, 2022, and the new Model 231/2001 will be adopted in the first months of 2023.

At the Report's approval date, the Model 231/2001 consists of:

  • a General Section: composed of seven chapters, describing the purpose and perimeter of the Model 231/2001, the regulatory framework, the Supervisory Body, the disciplinary system, staff information and training, and keeping the Model 231/2001 up to date. The following documents are attached to the General Section of the Model 231/2001:
    • a "List of predicate offences and illegal conduct", containing a description of crimes and offences referred to under Legislative Decree 231/2001 and regarding banking activity in general;
    • the "Code of Ethics pursuant to Legislative Decree no. 231/2001" that contains the rules with which all Model recipients must comply in order to ensure that their conduct is always guided by the criteria of fairness, collaboration, loyalty, transparency and mutual respect, as well as to avoid conduct that may constitute a crime or an offence pursuant to the Italian Legislative Decree no. 231/2001;
  • a Special Section, the "Decision Protocols", containing principles of conduct and control to be complied with in performing "activities at risk", that is to say activities where the risk of committing a crime was signalled;
  • the "Information Note", which refers to the main internal regulation on the at risk activities described in all Decision Protocols.

Internal controls and risks management system

The Model 231/2001's principles and contents are addressed to members of the corporate bodies, to all UniCredit personnel and to third parties who, although not being part of UniCredit pursuant to contract relationships, within the scope of existing relationships take part in carrying out the Bank's activities.

The Model 231/2001 recipients are therefore required to abide by the principles contained in the Model 231/2001 and to report to the Supervisory Body any breaches of rules in the Model 231/2001 or relating to criminal activities.

8.6 Whistleblowing

In July 2015, during an update to its Supervisory Regulations for banks (Circular no. 285/2013), Banca d'Italia established specific requirements on whistleblowing by employees on illegal actions or breaches of the applicable provisions and internal processes, some of which are additional to those currently implemented at UniCredit.

These additional requirements (among which there is the identification of a Head of the whistleblowing system, an obligation to inform the whistle-blowers and reported persons about developments of any investigation set up following the whistleblowing, and formalisation of the investigation time frame) have been set out and the whole whistleblowing system was submitted to the Board of Directors for its approval.

Supervisory regulations also require banks to prepare an annual report on the proper functioning of internal systems for reporting violations, which contains "aggregate information on the results of the activities carried out as a result of the reports received".

Law no. 179, published on December 14, 2017, introduced provisions to protect whistle-blowers who report crimes or irregularities that have come to their attention within the context of public or private employment relationships. In particular for the private sector, Section 2 of the Law covers organisational and management models for entities pursuant to Italian Legislative Decree no. 231/2001.

The Law also established that retaliatory or discriminatory dismissal of a whistle-blower (whose identity cannot be disclosed) is void, as are changes to duties or other retaliatory or discriminatory measures taken against a whistleblower.

The UniCredit internal whistleblowing process is already compliant with the Law, and has been reviewed and extended to third parties.

On 26 November 2019, Directive (EU) no. 2019/1937 on the protection of persons who report violations of the law in the European Union was published and all Member States are required to transpose it.

On 9 December 2022, the Italian Government approved the legislative decree transposing the Directive, which, by means of the coordination and abrogation of the regulations in place, transposes into a single text the rules on the whistleblowing matter.

The main innovations borrowed from the Directive concern, inter alia:

  • the subjective scope of application, extended also to persons whose employment relationship has not yet started (selection or pre-contractual stages) or who are in a testing period, as well as to former employees;

  • the extension of the protection measures and their application to other subjects;

  • the conditions for internal and external reporting.

8.7 Auditing firm

Having heard the Board of Statutory Auditors' proposal, for financial years 2022-2030, the UniCredit Shareholders' Meeting held on April 9, 2020, resolved to appoint the audit firm KPMG S.p.A. for statutory accounting supervision of the UniCredit separate and consolidated financial statements and a limited review of brief interim separate and consolidated financial statements. In addition, the firm was commissioned to check that the Company's accounting records are properly maintained and that its operations are correctly reflected in the accounting records, pursuant to Section 13, sub-section 1, and Section 16 of Legislative Decree no. 39/2010.

The External Auditing firm's report expresses its opinion on the consistency of the report on operations and of specific information included in the report on corporate governance and ownership structure with the financial statements, as well as their compliance with legal provisions pursuant to Section 14, sub-section 2, letter e), of Legislative Decree no. 39/2010 (as last amended by Legislative Decree no. 135/2016) and Section 123-bis, subsection 4, of Legislative Decree no. 58/1998.

Under a separate engagement, KPMG S.p.A. separately issued the independent auditor's report on consolidated nonfinancial statements drafted by UniCredit in accordance with Legislative Decree no. 254/2016.

Handling of corporate information

The Corporate Bodies and Committees Regulation designates the body with supervisory functions to define procedures for internal management and the public disclosure of documents and information concerning the Company, including inside information.

In particular, in June 2018 the Bank adopted a dedicated procedure to evaluate, manage and disclose insider information to the market. This procedure was reviewed in February 2022 to ensure alignment with the recent reorganisation.

In detail, the process:

a) assigns to a dedicated working group created for the insider information management (the "Working Group") the responsibility for the assessment of the inside nature of the specific information, the decision to disclose inside information and, if applicable, the decision to delay public disclosure about inside information. The Working Group members are the Head of Group Strategy & ESG, the Head of Group Stakeholder Engagement, the Group Compliance Officer, the Group Legal Officer and the Group Financial Officer. The Working Group takes its decisions also with the support of other relevant functions if requested.

Moreover, any employee who believes he/she is in possession of specific relevant information regarding the UniCredit Group, disclosure of which could affect the price of UniCredit S.p.A. shares or other financial instruments issued by UniCredit, is required to promptly report this to Group Compliance, so that the assessment of the inside nature of the information conveyed can be carried out, and to take all steps necessary for proper management of such information, including its potential timely disclosure to the market or delay of such communications in accordance with the conditions provided for by law;

b) puts in place appropriate and effective measures to ensure the confidentiality of relevant/inside information, as long as it has not been disclosed to the public.

To this end, upon receipt of a notification the Working Group, initiates the evaluation of the specific relevant information. If required, this may include starting up a Relevant Information List pursuant to CONSOB Guidelines.

Dedicated IT tools are used in a process which is designed to enter, update and maintain such lists;

  • c) describes monitoring the origination and evolution of the specific relevant information until it takes on the characteristics of inside information. Once inside information is flagged, the Working Group triggers the process for preparing a draft press release informing the competent department and Group Media Relations, which will subsequently take over drafting and public disclosure. Alternatively, after a preliminary evaluation of the existence of regulatory requirements, the Working Group may decide to delay disclosure of inside information to the public. In such cases, the Working Group requests the timely opening of an insider list in order to properly monitor circulation of the information and ensure its confidentiality. Once the conditions for delaying communication of such information to the public cease to exist, the Working Group triggers the abovementioned process for preparing the draft press release and formally informing CONSOB of the delay to the public disclosure of inside information in accordance with provisions of law;
  • d) assigns Group Media Relations the responsibility of publishing the press release to the market through the "S.D.I.R.-N.I.S." system, to Borsa Italiana and CONSOB. Press agencies will have access to the system directly.

Under the procedure, it is envisaged that if the press release relates to an event of major importance, supported by Group Compliance, the Head of Group Media Relations announces to CONSOB and Borsa Italiana its submission in advance.

Press releases are published on the Company's website during market opening time on the day after their disclosure.

Press releases are available on the UniCredit website for at least five years after disclosure.

Since UniCredit is listed also on the Frankfurt and Warsaw Stock Exchanges, in order to ensure harmonised information, public disclosure of inside information is made according to procedure in a synchronised manner to all categories of investors and in all Member States where UniCredit shares are traded;

e) introduces a specific escalation process to UniCredit for Group Legal Entities with respect to this information which directly regards these companies but may also have an impact on the price of financial instruments issued by UniCredit. Rules are provided for such cases to evaluate and manage possible inside information.

All Directors and Statutory Auditors are duty-bound to maintain the confidentiality of documents and information obtained while performing their duties and to comply with the procedures UniCredit has adopted for its internal management and external disclosure of such documents and information.

In particular, to monitor and ensure correct internal management of documentation sent to Board members and Statutory Auditors prior to Board meetings, it is specifically envisaged that they acquire such documentation exclusively via an IT platform protected by two-level access keys.

This procedure ensures not only greater speed in sharing documents and information, as well as faster delivery and traceability of individuals who have access to them, but also confidential document delivery via a system of personal, protected passwords given to each Director and Auditor.

Appointment of Statutory Auditors

In accordance with applicable legal and regulatory provisions, permanent and substitute members of the UniCredit Board of Statutory Auditors are appointed on the basis of slates submitted by legitimate parties in compliance with the composition criteria, inter alia, regarding the appointment of the Chair of the Board of Statutory Auditors by minority shareholders and gender balance (for more on this, please refer to Clause 30 of the Articles of the Association, available on the UniCredit website)20.

The legitimate parties who are entitled to submit slates are Shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at an Ordinary Shareholders' Meetings. Each party entitled to file a slate of candidates may submit or contribute to the submission of just one slate (including via proxies or trustee companies). Shareholders belonging to the same group or Shareholders who are parties to a Shareholders' agreement concerning UniCredit shares cannot submit more than one slate (including via proxies or trustee companies). Candidates must be included in one slate only, otherwise they are ineligible.

At least the first two candidates for the role of permanent Auditor and at least the first candidate for the role of substitute Auditor must be enrolled with the Legal Auditors Register and must have practiced legal auditing of accounts for a period of three years in total experience. Furthermore, in order to allow the composition of the Board of Statutory Auditors to comply with the provisions of applicable provisions, the first candidate for the role of permanent Auditors as well as at least one candidate for the role of substitute Auditor shall meet the professional requirements to hold the position of Chair of the Board of Statutory Auditors. All candidates should be suitable for the office in accordance with applicable laws and regulations.

At least one permanent Statutory Auditor must be appointed by the minority Shareholders not connected, not even indirectly, with the Shareholders who filed or voted for the majority slate. The UniCredit Articles of Association provide that two permanent Statutory Auditors and two substitute Statutory Auditors must be appointed by minorities.

In compliance with the provisions of Section 147-ter of the TUF, UniCredit has established that the slates of candidates for the position of Statutory Auditor featuring the names of candidates listed with a progressive number, should be filed at the Registered Office no later than the twenty-fifth day prior to the date of the Shareholders' Meeting called to resolve on the appointment of members of the Board of Statutory Auditors. These slates must be made publicly available at the Registered Office, on the Company's website and through other channels provided for under applicable laws, at least twenty-one days prior to the date of the Shareholders' Meeting. As regards the minimum percentage of share capital needed to submit a slate, Clause 30 of the Articles of Association specifies that the percentage must be equal to 0.5% of share capital in the form of shares with voting rights at the ordinary Shareholders' Meeting, consistent with the minimum shareholding percentage established by CONSOB on the basis of the provisions of said Section 147-ter of the TUF (Section 144-quater of CONSOB Issuers' Rules). Ownership of the minimum number of shares required to file a slate is calculated with regard to the shares registered for each individual Shareholder, or for several Shareholders together, on the day on which the slates are filed with the Company.

In accordance with applicable regulations and with the aim to facilitate the best possible identification of candidates to be proposed to the April 8, 2022 Shareholders' Meeting called to renew the control body for the 2022-2024 financial years, Company's Shareholders were invited to take into account the results of the analysis carried out by the outgoing Board of Statutory Auditors, on the body's composition deemed to be optimal to ensure the proper performance of the duties assigned to it, contained in the "Qualitative and quantitative composition of the UniCredit

20 The UniCredit website address where the Articles of Association are available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/articles-association-code-ethics.html

S.p.A. Board of Statutory Auditors" (for more on this, please refer to this document available on the UniCredit website)21.

21 The UniCredit website addresses where the "Qualitative and quantitative composition of the UniCredit S.p.A. Board of Statutory Auditors" is available are:

https://www.unicreditgroup.eu/en/governance/shareholders/archive/2022/shareholders-meeting.html https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-statutory-auditors.html

Board of Statutory Auditors' composition and functioning

Pursuant to Clause 30 of the UniCredit Articles of Association, the ordinary Shareholders' Meeting appoints five permanent Statutory Auditors, among whom the Chair, and four substitute Statutory Auditors.

The Board of Statutory Auditors' term in office is three financial years and ends on the date of the Shareholders' Meeting called for the approval of the financial statements relating to the last financial year in which they are in office.

The ordinary Shareholders' Meeting held on April 8, 2022, appointed the Board of Statutory Auditors' members for the financial years 2022-2024, whose term runs until the date of the Shareholders' Meeting called to approve the 2024 financial statements.

Their appointment took place pursuant to Clause 30 of the Articles of Association and in accordance with applicable laws and regulatory provisions.

During the process, two slates were submitted, filed and published by the deadline and under the terms provided for in applicable provisions and the Articles of Association, i.e.:

Slate no. was 1 submitted by Allianz Finance II Luxembourg S.à.r.l., with a shareholding equal to 3.2% of the share capital:

Permanent Statutory Auditors (1) Mr. Claudio Cacciamani, (2) Ms. Benedetta Navarra and (3) Mr. Guido Paolucci

Substitute Statutory Auditors (1) Ms. Raffaella Pagani, and (2) Ms. Paola Manes

  • Slate no. 2 was jointly submitted by several Funds, with an overall shareholding equal to 1.1% of the share capital:
    • Permanent Statutory Auditors (1) Mr. Marco Giuseppe Maria Rigotti, and (2) Ms. Antonella Bientinesi Substitute Statutory Auditors (1) Mr. Vittorio Dell'Atti and (2) Ms. Enrica Rimoldi.

Along with the two slates, the following documentation was also filed and disclosed, pursuant to the envisaged terms and conditions:

  • a statement from the Shareholders (other than those holding, even jointly, a control or relative majority shareholding), attesting that no connection, direct or indirect, exists with the latter, and no significant relationships crucial for existence of the above connections exist;
  • exhaustive information on the personal and professional characteristics of the candidates on the slate (curriculum vitae), as well as a list of management and controlling offices held at other companies;
  • statements from each candidate irrevocably accepting his/her office (subject to his/her appointment) and attesting, under his/her own responsibility, that there was no reason for his/her ineligibility, forfeiture or incompatibility, as well as his/her fulfilment of the requirements set out under applicable laws and regulatory provisions, in particular those regarding professional experience, integrity and independence, together with information on the knowledge/experience gained in the areas envisaged by the theoretical profile.

Information on the personal and professional characteristics of each candidate, as shown on their curriculum vitae, a list of management and controlling offices held at other companies, and the statements required under applicable provisions, also of a regulatory nature, or those required in the profile, were made available on the UniCredit website (https://www.unicreditgroup.eu/en/governance/shareholders.html).

The Shareholders' Meeting held on April 8, 2022, appointed the new Board of Statutory Auditors, comprised of five permanent Statutory Auditors and four substitute Statutory Auditors, as follows:

from Slate no. 1, which obtained the majority of Shareholders' votes, Mr. Claudio Cacciamani, Ms. Benedetta Navarra and Mr. Guido Paolucci were appointed as permanent Statutory Auditors, while Ms. Raffaella Pagani and Ms. Paola Manes were appointed as substitute Statutory Auditors;

from Slate no. 2, which obtained the minority of Shareholders' votes, Mr. Marco Giuseppe Maria Rigotti (Chairman) and Ms. Antonella Bientinesi were appointed as permanent Statutory Auditors, while Mr. Vittorio Dell'Atti and Ms. Enrica Rimoldi were appointed as substitute Statutory Auditors.

Moreover, the Shareholders' Meeting also resolved on the annual remuneration to which members of the Board of Statutory Auditors are entitled to for the entire term of their office, also on the basis of information given by the outgoing Board of Statutory Auditors with regard to the commitment required for its members, in order to allow both the Shareholders and the candidates to evaluate the adequacy of such remuneration.

Without prejudice to fulfilment of the requirements currently in force, the Board of Statutory Auditors' composition resulting from the appointment process, including on the basis of the declaration provided by the Statutory Auditors, qualitatively corresponded to the theoretical profile for the Statutory Auditors made available to Shareholders in 2022 in the run-up to the Board of Statutory Auditors' renewal and was suitable also pursuant to the ECB "Guide to fit & proper assessment".

The Statutory Auditors personal qualities and gender diversity (the female component was equal to 40%) comply with the principles of the theoretical profile.

All the Statutory Auditors (both permanent and substitute) had experience in at least three of the competencies envisaged under the profile [banking business, banking corporate governance, risk management, internal control systems and internal audit, corporate legal and compliance, financial and non-financial disclosure], and stated that they had specific experience in the legal field and proper knowledge of corporate organisation and processes, thus allowing the Board of Statutory Auditors to carry out its 231 Supervisory Body functions. The additional qualifying but not necessary competencies identified by the theoretical profile (digital technology and sustainability - ESG) were represented in the collective composition.

With reference to the time commitment recommended for an appropriate attendance of the permanent Statutory Auditors to the Board of Statutory Auditors meetings, the Statutory Auditors declared their ability to commit sufficient time to duly perform their functions. In particular, the commitments that the Board of Statutory Auditors' members declared were found to be suitable with the commitment required to carry out their duties at UniCredit, including conducting activities related to their functions as a 231 Supervisory Body.

With regard to the maximum number of offices to be held, the permanent Auditors complied with the specific limits envisaged in the applicable provisions.

With regard to "collective suitability", the composition fully complies with the applicable provisions and the principles set in the theoretical profile, ensures a balanced mix of profiles and experiences (legal auditing of accounts, control activities in the banking sector and/or in listed companies; professional activities in fields relating to the banking, financial and securities industries; teaching, at university level, on subjects in the field of banking operations, business economics, accountancy, running of the securities markets) as well as is adequate for ensuring functionality and avoiding redundancy.

The outcomes of the check on the matching between the qualitative and quantitative composition deemed to be optimal and the one resulting from the appointment process were disclosed to Shareholders via a press release (on May 5, 2022), to allow them to take the proper measures, in due time before the March 31, 2023, Shareholders' Meeting, the first Shareholders' Meeting called for the approval of the financial statements following the renewal of the body.

As at February 24, 2023, the Board of Statutory Auditors has the following composition.

Board of Statutory Auditors' composition and functioning

In office Slate Independent
as per Code		 %
**		 Number
of other
Position Members until (M/m)
*		 positions
***
Chairman Rigotti Marco Giuseppe
Maria		 08-04-2022 Approval of
2024 financial
statements		 m X 100% --
Permanent Statutory
Auditor		 Cacciamani Claudio 08-04-2022 Approval of
2024 financial
statements		 M X 100% --
Permanent Statutory
Auditor		 Navarra Benedetta 08-04-2022 Approval of
2024 financial
statements		 M X 100% 1
Permanent Statutory
Auditor		 Paolucci Guido 08-04-2022 Approval of
2024 financial
statements		 M X 100% --
Permanent Statutory
Auditor		 Bientinesi Antonella 08-04-2022 Approval of
2024 financial
statements		 m X 100% --
Substitute Statutory
Auditor		 Pagani Raffaella) 08-04-2022 Approval of
2024 financial
statements		 M X
Substitute Statutory
Auditor		 Manes Paola 08-04-2022 Approval of
2024 financial
statements		 M X
Substitute Statutory
Auditor		 Dell'Atti Vittorio 08-04-2022 Approval of
2024 financial
statements		 m X
Substitute Statutory
Auditor		 Rimoldi Enrica 08-04-2022 Approval of
2024 financial
statements		 m X
----- Statutory Auditors who left during the Reference Period ----
Permanent Statutory
Auditor		 Bonissoni Angelo Rocco 11-04-2019 08-04-2022 M X 100% 2
Substitute Statutory
Auditor		 Di Carluccio Ciro (1) 15-04-2021 08-04-2022 -- X
Quorum required for submission of slates for the latest appointment: 0.5%
No. of meetings held during the Reference Period: 57
NOTE

*		 M = Member elected from the slate that obtained the majority of Shareholders' votes
m = Member elected from the slate voted for by the Shareholders' minority
Meetings attendance percentage (number of meetings attended/number of meetings held during the concerned party's term of office over the
Reference Period)
***		 Number of positions as Director or Auditor held by the concerned party pursuant to Section 148-bis of the TUF and to the relevant implementing
provisions contained in the CONSOB Issuers' Regulation. A list of such positions is published by the CONSOB on its website pursuant to Section 144-
quinquiesdecies of the CONSOB Issuers' Rules.

(1) Appointed by the April 15, 2021, Shareholders' Meeting in place of Mr. Roberto Franchini, who resigned as Substitute Statutory Auditor, effective from April 28, 2020.

The Board of Statutory Auditors' members comply with the requirements envisaged under applicable provisions. Statutory Auditors' personal qualities comply with the indications of the theoretical profile approved in January 2022 and meet the suitability requirements called for by the ECB's "Guide to fit and proper assessments".

For any further details on the composition of this corporate body and each Statutory Auditors' personal and professional characteristics, please refer to the information published on the UniCredit website22. With regard to the requirements UniCredit Directors must meet, in addition to those envisaged under applicable laws and regulatory provisions, please refer to the Board of Statutory Auditors' theoretical profile published on the Company's website.

The following chart shows the seniority in office since their first appointment of current members of the Board of Statutory Auditors at the Report's approval date.

Member of the Board of Statutory
Auditors		 First appointment date
Rigotti Marco Giuseppe Maria Chairman April 2019
Cacciamani Claudio Permanent Statutory Auditor April 2022
Navarra Benedetta Permanent Statutory Auditor April 2016
Paolucci Guido Permanent Statutory Auditor May 2017 (1)
Bientinesi Antonella Permanent Statutory Auditor October 2017 (2)

(1) Mr. Paolucci was in office as a Permanent Statutory Auditor pursuant to Article 2401 of the Italian Civil Code between May 2, 2017, and December 4, 2017

(2) Ms. Bientinesi was in office as a Permanent Statutory Auditor pursuant to Article 2401 of the Italian Civil Code between October 26, 2017, and December 4, 2017

The Board of Statutory Auditors broken down by age and gender is detailed below.

22 The UniCredit website address where the information concerning the Auditors is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-statutory-auditors.html https://www.unicreditgroup.eu/en/press-media/press-releases.html

Board of Statutory Auditors' composition and functioning

During the Reference Period the Board of Statutory Auditors met 57 times.

Board of Statutory Auditors meetings lasted on average approximately 3 hours and 30 minutes.

For the 2023 financial year, 60 meetings of the Board of Statutory Auditors have been planned. As at February 24, 2023, 13 meetings had been held.

* * *

On February 20, 2023, the Board of Statutory Auditors finalized the self-assessment process focused on the Body's adequacy in terms of composition as well as correct and efficient functioning. The self-assessment process has been performed in accordance with the provisions of the Corporate Bodies and Committees Regulation, adopted in compliance with Supervisory Regulations on banks' corporate governance, and in line with the recommendations in the document "The self-assessment of the Board of Statutory Auditors" issued by Consiglio Nazionale dei Dottori Commercialisti ed Esperti Contabili (the National Council of Chartered Accountants) in May 2019.

The Board of Statutory Auditors assessed its composition to be adequate, also considering its development over time and its diversity in terms of skills, knowledge, experience, and gender, that has ensured the ongoing proper functioning of the Body.

* * *

In compliance with the provisions in force from time to time as well as in line with the criteria envisaged under the Italian Corporate Governance Code, the Statutory Auditors' independence shall be assessed by the Board of Statutory Auditors upon their appointment, as well as during the mandate upon the occurrence of circumstances concerning their independence and in any case at least once a year, on the basis of information provided by the Statutory Auditors themselves or however available to the Company, also considering any circumstance that affects or could affect such requirement. The outcome of these assessments shall be disclosed to the market after the appointment, through a press release and, subsequently, via the Corporate Governance Report.

The Board of Statutory Auditors checked the meeting of the independence requirements upon the assessment carried out for the renewal of the body during its meeting held on July May 5, 2022, based on statements made by the permanent and substitute Statutory Auditors and on information available to the Company.

With specific reference to the independence requirements laid down by the Italian Corporate Governance Code, information was taken into account relating to the existence of direct or indirect relationships (credit relationships, business/professional relationships, and employee relationships, as well as significant offices held) that the Statutory Auditors, and their connected subjects, may have with UniCredit and Group Companies.

In order to assess the potential significance of the above-mentioned relationships, the Board of Statutory Auditors, in compliance with the criteria already adopted by the Board of Directors, decided not to proceed with the merely identification of pre-defined economic targets, which - if exceeded - could automatically indicate that their independence was compromised. To guarantee an objective and subjective assessment of aspects, the following criteria were taken into account: (i) the nature and characteristics of the relationship; (ii) the total amount, in absolute and relative terms, of the transactions; and (iii) the subjective profile of the relationship.

More specifically, for the purposes of assessing the significance of such relationship, the following information, where available, is considered by the Board of Statutory Auditors:

  • credit relations: the amount in absolute value of the credit granted, its weighting in relation to the system and, where appropriate, the economic and financial situation of the borrower;
  • professional/commercial relations: the characteristics of the transaction/relationship, the amount of the consideration and, where appropriate, the economic and financial situation of the counterparty; and
  • offices held in Group Companies: the total amount of any additional remunerations.

In all of the above cases, all the parties involved (Statutory Auditor or family member; UniCredit or Group Company) and, for relationships with companies/entities, the related kind of "connection" (post held/control participation) with the Statutory Auditor or the family member, were taken into account.

Also in view of the above, at its May 5, 2022, meeting, the Board of Statutory Auditors checked that permanent and substitute Statutory Auditors comply with the independence requirements. In particular, with regard to Statutory Auditors whose information acquired highlighted the existence of such relationships, the Board of Statutory Auditors came to the conclusion that they were not of a nature such as to affect the Statutory Auditors' independence.

* * *

The Board of Statutory Auditors meets annually with the Chair of the Board of Directors and the Chief Executive Officer for mutual exchanges of information.

In performing its duties, the Board of Statutory Auditors constantly coordinated its activities with the Internal Audit function and the External Auditing firm. Appropriate functional links were established in their respective areas of competence with Board Committees, in accordance with the provisions of the UniCredit Corporate Bodies and Committees Regulation. More in detail, in 2022 the Chair of the Board of Statutory Auditors attended at the meetings of the Internal Controls & Risks Committee, Corporate Governance & Nomination Committee and ESG Committee as well as some meetings of the Remuneration Committee.

Individual members of the Board of Statutory Auditors attended (on a rotating basis) the meetings of the Related Parties and Remuneration Committees. Another Statutory Auditor also attended the Internal Controls & Risks Committee and the ESG Committee meetings (on a rotating basis). Furthermore, the entire Board of Statutory Auditors attended the Internal Controls & Risks Committee meetings when topics of common interest were examined (namely, the annual and half-year financial reports, and accounting issues).

* * *

The special authorisation procedure set out in Section 136 of the TUB applies to obligations of any kind or to purchase or sale agreements executed by the Board of Statutory Auditors members, either directly or indirectly, with the bank for which they perform their duties.

Statutory Auditors should also comply with the provisions laid down in Section 36 of Law Decree no. 201/2011 (interlocking prohibition), as amended by Law no. 214/2011, which prohibits office-holders in management, supervisory and controlling bodies and top executives of companies or groups of companies operating in credit, insurance and financial markets from taking or holding similar offices in competing companies or groups of companies.

* * *

Board of Statutory Auditors' composition and functioning

The Board of Statutory Auditors' members benefit from the permanent induction program active for the Board of Directors' members, based on three-year cycles connected to the Board mandate and put in place with the support of an external consultant.

More specifically, in 2022, training initiatives focused on topics linked to ICT and ESG strategies and risks as well as legal/regulatory deep-dives were prepared and implemented for Statutory Auditors.

Relations with Shareholders

In order to foster dialogue with institutional and private investors, analysts and rating agencies, as well as to maintain a constant flow of market-bound information, UniCredit has special, readily-recognisable, easy-to-access sections on its website (Governance and Investors sections) where it provides information on its governance structure and on the Company's internal organisation in order to ensure that Shareholders stay informed as they exercise their rights. The site also offers economic/financial information, data and up-to-date documents of interest to Shareholders as a whole.

All documents and information are available in both Italian and English.

Also, in line with the Italian Corporate Governance Code provisions, ad hoc structures were set up to handle relations with Shareholders in general and with investors, in particular, in compliance with provisions, also of internal kind, on corporate information. In detail:

  • within the Group Stakeholder Engagement department, Group Investor Relations is in charge of managing dialogue with institutional investors, whether or not they are Shareholders, financial analysts and proxy advisors in general, providing the market with timely, transparent and consistent information to support a fair valuation of the Group;
  • within the Group Corporate Affairs structure, Corporate Governance and Shareholders Relations, in the capacity of Corporate Law Advice & Shareholders' Relations, is in charge of overseeing and managing relations with Italian and foreign private (i.e. non-institutional) Shareholders and managing their requests.

The following dedicated channels are available:

  • a dedicated e-mail address ([email protected]) for institutional investors;
  • a toll-free number, 800 307 307 (only for calls within Italy); dedicated e-mail ([email protected]) for noninstitutional Shareholders.

The Head of Group Investors Relations is Ms. Magdalena Palczynska.

Shareholders may also communicate with the Company via its website, albeit not in real time.

For specific matters related to corporate governance-related topics, remuneration policies and ESG (Environmental, Social & Governance) matters, Group Investor Relations has involved and coordinated itself with Group Corporate Affairs, Group People & Culture and Group Strategy & ESG departments to strengthen long-term constructive dialogue with institutional investors and their proxy advisors on such matters. In particular, within the Group People & Culture department, the Group Performance & Rewards structure is in charge of managing the dialogue with investors on remuneration-related matters, enabling an exchange on mutual expectations and needs when drawing up remuneration policies. For information on the annual dialogue process with institutional investors and proxy advisors managed by the Group People & Culture department, please refer to the Group Remuneration Policy and Report.

Furthermore, it should be noted that during the course of 2022, the Group Corporate Affairs structure also kept up a calendar of contacts with institutional investors and their proxy advisors oriented towards long-lasting and constructive dialogue on corporate governance-related topics as well as on composition and functioning of the Board of Directors. In the same year, the Group Strategy & ESG department was involved in meeting with institutional investors aimed at discussing sustainability issues and, more specifically, Group ESG strategy, its integration into the Bank overall strategy and the definition of the path towards carbon neutrality (NET Zero) by 2050.

* * *

In regard of the engagement, since March 2019 the Board of Directors adopted a specific internal policy to govern any possible request for meetings and/or for information addressed to Board of Directors' non-executive member by UniCredit Shareholders, both institutional or non-, and/or any related proxy advisor, given the growing number of requests from institutional investors who hold stakes in Italian listed companies and seek direct contact not only

with company offices in charge of managing such issues, but also with the Board of Directors and, more specifically, with the Chairs of Board Committees.

More specifically, according to the above internal policy, dialogue with Shareholders and/or any related proxy advisor is conducted by (i) the Chair of the Board of Directors, in agreement with the Chief Executive Officer, if related to strategic corporate governance topics or to the functioning of the Board of Directors; (ii) the Chief Executive Officer, in agreement with the Chair of the Board, if related to strategic business topics or to the bank's management.

Each Chair of the Committees may directly maintain the meetings only for specific requests falling under the Board Committee's competencies, and on previous agreement with the Chair of the Board. In such cases, the Chairs of the Board Committees report to the Chair of the Board of Directors and to the Chief Executive Officer on any discussed topic and on the meetings' outcomes. Also the Board of Directors will be informed at its first available meeting.

Dialogues occurs in full compliance with the applicable laws, such as, for example, the rules on the inside information, in observance of any constraints resulting, in particular, from the market abuse regulation and the principle dealing with the Shareholders' equal treatment (on an information basis).

In 2022, the Chair and the Chief Executive Officer informed the Board of Directors, during its first available meeting, on the key points of the Shareholders' engagement and related updates.

The engagement policy of UniCredit is available on the Company's website in the Governance/Corporate Bodies section23.

23 UniCredit website address where the engagement policy (annex E of the Corporate Bodies and Committees Regulation) is available is: http://www.unicreditgroup.eu/en/governance/governance-bodies.html

Positions held by UniCredit Directors at other listed companies or large companies

POSITIONS HELD Company belonging to
the UniCredit Group
YES NO
Pietro Carlo Padoan
Chairman		 -- --
Lamberto Andreotti
Deputy Vice Chairman		 Member of the Board of Directors at Corteva Agriscience X
Andrea Orcel
Chief Executive Officer Director of EIS Group Ltd. X
Vincenzo Cariello
Director		 Member of the Board of Directors of A2A S.p.A. X
Elena Carletti
Director		 -- --
Jeffrey Alan Hedberg
Director		 Member of the Board of Directors of Wind Tre S.p.A. X
Member of the Board of Directors of Wind Tre Italia S.p.A. X
Member of the Board of Directors of 3lettronica Industriale S.p.A. X
Member of the Board of Directors of Wind Tre Retail S.r.l. X
Beatriz Ángela Lara
Bartolomé
Director		 Sole Director of the AHAOW Moment S.L. X
Luca Molinari
Director		 Member of the Board of Directors of Sanad Group X
Maria Pierdicchi
Director		 Independent Member of the Board of Directors at Autogrill S.p.A. X
Member of the Board of Directors of Aidexa Holding (previous PBI S.p.A. X
Member of the Board of Directors of HUBLAB Eccellenze d'Impresa S.r.l. X
Francesca Tondi
Director		 Member of the Board of Directors of Piraeus Financial Holdings SA X
Member of the Board of Directors of Piraeus Bank SA X
(further) POSITIONS HELD Company belonging to
the UniCredit Group
YES NO
Renate Wagner
Director		 Member of the Management Board of Allianz SE X
Member of the Supervisory Board of Allianz Holding Eins GmbH X
Alexander Wolfgring
Director		 Chairman of the Supervisory Board at Österreichisches Verkehrsbüro AG X
Member of the Board of Directors at AVZ GmbH X

Delegations of powers

Without prejudice to the authorities assigned to the Board of Directors by laws and the Articles of Association, the Board has granted the Chief Executive Officer the following powers, within pre-defined limits and also with the faculty to further sub-delegate, across all sectors of the Bank's business:

  • credit activities;
  • equity capital market transactions with an underwriting risk;
  • appointment of corporate officers to the governing bodies of companies (including non-investee companies), entities and other bodies as well as assignment of related remuneration;
  • management of shareholdings, concerning in particular (i) transactions on shareholdings already held or to be acquired; (ii) instructions for the exercise of voting rights at the Shareholders' Meetings (both ordinary and extraordinary) of its direct investee companies (control/joint control or non-controlled shareholdings); (iii) entering into and/or amending Shareholders' agreements related to (direct and indirect) controlling or noncontrolling shareholdings;
  • funds transactions of any kind, regardless of whether they belong to the Group;
  • short and medium/long term liquidity management activities for UniCredit and the Group;
  • management of Banking and Trading Book positions, not attributable to debt capital market activities on the Trading Book and to equity capital markets transactions;
  • activities connected to the marketing of products and services, including of third parties, and to the identification of conditions;
  • powers to authorise expenses and investments for Bank management, within the limits set by the annual Boardapproved strategies and cost estimate;
  • powers over staff management, in compliance with the collective responsibility principle during the set-up phase;
  • definition of and amendments to organisational structures and the organisational book, without prejudice to the Board's remit for (i) changing the powers and responsibilities of structures/roles belonging to the first reporting line to the Board itself and to the Chief Executive Officer; and (ii) setting up/amending/cancelling Managerial Committees where the Chief Executive Officer is an ordinary member that modify mission, members and quorum;
  • decision-making powers on matters pertaining to "restructuring" or "non-performing exposures";
  • decision-making powers on matters pertaining to expected losses and waivers due to capital and/or capitalised interests, disbursements and settlement offers, arising from proceedings of any nature (including administrative and tax), either on the active or passive side, judicial or extrajudicial (including mediation/conciliation proceedings), incidents or customer complaints;
  • selling/disposal and management of the Bank's real-estate and movable assets;
  • decision-making powers with regard to activities related to debt capital markets on the trading book, for the definition of limits to be assigned for each counterpart (single issuer/economic group), in reason of counterparty credit standing and the transaction's characteristics;
  • deciding the limits for overall individual issuer exposure on the trading book (single counterparty/economic group), regardless of the type of instruments on the trading book, based on the creditworthiness of the counterparty and transaction's characteristics;
  • entries on the profit and loss account for the settlement of outstanding items;
  • transactions related to firms, going concerns and/or "en-bloc" legal relationships.

* * *

In order to ensure proper management of and effective control over these delegated powers, the Chief Executive Officer has provided the Board of Directors, according to the ways established by the Board itself, with adequate information flows specifically highlighting any relevant associated risk.

More from Unicredit

Regulatory Filings 2026
May 29
Report Publication Announcement 2026
May 29
Report Publication Announcement 2026
May 29
Report Publication Announcement 2026
May 29
Report Publication Announcement 2026
May 29
Declaration of Voting Results & Voting Rights Announcements 2026
May 29
Governance Information 2026
May 29
Governance Information 2026
May 29
Regulatory Filings 2026
May 29
Capital/Financing Update 2026
May 21
View all filings →