2023 Report on corporate governance and ownership structure

pursuant to Section 123/bis of the TUF (Italian traditional management and control system)

Approval date: February 29, 2024

Index

Glossary	4
1. Issuer profile	6
2. Information on the ownership structure	17
2.1 Share capital structure	17
2.2 Restrictions on stock transfers	17
2.3 Relevant equity holdings	18
2.4 Restrictions on voting rights	20
2.5 Changes to control clauses and by-laws provisions on
public purchase offers	20
2.6 Delegation of power to increase share capital and
authorisations to purchase own shares	21
3. Shareholders' Meetings	22
4. Board of Directors	25
4.1 Appointment and replacement	25
4.2 Composition	28
4.3 Board of Directors' role	37
4.4 Executive Directors	43
4.5 Independent Directors	44
4.6 Lead Independent Director	46
5. Board of Directors' internal Committees	47
5.1 Internal Controls & Risks Committee	50
5.2 Corporate Governance & Nomination Committee	53
5.3 ESG Committee	55
5.4 Remuneration Committee	57
5.5 Related-Parties Committee	57

6. Directors' remuneration	61
Indemnities to Directors in the event of resignation, dismissal or
termination of employment following a public purchase offer
7. Directors' interests and related-parties transactions	62
8. Internal controls and risks management system	64
8.1 Bodies and functions	64
8.2 Financial reporting process, including on a consolidated basis 74
8.3 Coordination procedures among parties involved in the
internal controls and risks management system	75
8.4 Group governance mechanisms	76
8.5 Organisation Model as per Legislative Decree no. 231/2001	77
8.6 Whistleblowing	77
8.7 Auditing firm	78
9. Handling of corporate information	79
10. Appointment of Statutory Auditors	81
11. Board of Statutory Auditors' composition and functioning	83
12. Relations with Shareholders	90

ANNEXES:

-	Positions held by UniCredit Directors at other listed
	companies or large companies	92
-	Delegation of powers	94

Glossary

Banca d'Italia	Bank (also the Holding Company or Company)	Borsa Italiana
The Italian Republic's central bank, it is part of the Eurosystem, comprising the European Central Bank and the national central banks of the European Union States that have adopted the Euro	UniCredit S.p.A.	The company responsible for managing and overseeing the proper functioning of the Italian financial market in which financial instruments are exchanged and traded
Circular no. 285/2013	CONSOB	CONSOB Issuers' Rules
Circular no. 285, dated December 17, 2013, issued by Banca d'Italia, regarding prudential Supervisory Regulations for banks and banking groups, as subsequently amended	Commissione Nazionale per le Società e la Borsa, the Italian Supervisory Authority that oversees transparency and correctness in conduct of subjects operating in the Italian financial markets	Regulation implementing the Italian Consolidated Law on Finance governing issuers, adopted by CONSOB through Resolution no. 11971, dated May 14, 1999, as subsequently amended
CONSOB Regulations on transactions with related parties (also CONSOB Resolution no. 17221/2010)	Consolidated Law on Banking (also the TUB)	Consolidated Law on Finance (also the TUF)
The regulation governing transactions with related parties by companies that make use of the risk capital market directly or via subsidiaries, adopted by CONSOB through Resolution no. 17221, dated March 12, 2010, as subsequently amended	Legislative Decree no. 385, dated September 1, 1993, as subsequently amended	Legislative Decree no. 58, dated February 24, 1998, as subsequently amended
Corporate Governance Code (also the Code)	CRD V	European Central Bank (ECB)
The Italian "Corporate Governance Code" for listed companies approved in January 2020 by the Italian Corporate Governance Committee, made up of ABI, Ania, Assogestioni, Assonime, Confindustria and Borsa Italiana S.p.A.	Capital Requirements Directive V, the European Parliament and Council's Directive 2013/36/EU, dated June 26, 2013, regarding access to the activity of credit institutions and the prudential supervision of credit institutions	The central bank of the twenty European Union Member States that adopted the Euro

Financial year to which the Report refers (also Reference Period)	Group Remuneration Policy and Report	Italian Civil Code
January 1, 2023/December 31, 2023	The Group Remuneration Policy and Report, drawn up in accordance with Section 123/ter of the TUF, Section 84/quater of the CONSOB Issuers' Rules and with Supervisory Provisions on remuneration	Royal Decree no. 262, dated March 16, 1942, as subsequently amended
Legislative Decree no. 231/2001	Manager in Charge	Ministry of Economy and Finance Decree no. 169 dated November 23, 2020 (also Decree)
Legislative Decree no. 231, dated June 8, 2001, containing the framework that governs the administrative responsibility of legal persons, companies and associations, with or without legal liability, as subsequently amended	The Manager in charge of drafting the company financial reports (pursuant to Section 154/bis of the Consolidated Law on Finance)	The Regulation on the requirements and suitability criteria for corporate officers of banks, financial intermediaries, "confidi", electronic money institutions, payment institutions and depositor guarantee schemes to carry out their duties
Report	Supervisory Authority	Supervisory Regulations on corporate governance
This "Report on corporate governance and ownership structure", referring to the 2023 financial year, made available on the Company's website	The European Central Bank, Banca d'Italia, CONSOB, as defined above, and/or any other independent authority and/or administration at national or EU level	Provisions on banks' corporate governance, laid down in Circular no. 285, dated December 17, 2013 (First Part, Title IV, Chapter 1)
Supervisory Regulations on remuneration	UniCredit website
Provisions on remuneration and incentive policies and practices at banks and banking groups, as laid	The Company's website, www.unicreditgroup.eu

down in Circular no. 285, dated December 17, 2013 (First Part, Title

IV, Chapter 2)

Issuer profile

Foreword

The overall corporate governance framework of UniCredit S.p.A. has been defined in compliance with applicable national and European provisions, as well as the recommendations contained in the Italian Corporate Governance Code approved by the Italian Corporate Governance Committee, made up of ABI, Ania, Assogestioni, Assonime, Confindustria and Borsa Italiana S.p.A..

Moreover, UniCredit is subject to the provisions contained in the Supervisory Regulations issued by Banca d'Italia and, specifically with regards to corporate governance issues, to regulations on banks' corporate governance (Circular no. 285/2013, First Part, Title IV, Chapter 1). In compliance with the aforementioned Supervisory Regulations, as a significant bank subject to the direct prudential supervision of the ECB as well as being a listed bank, UniCredit qualifies as a bank of large size or operational complexity, and consequently complies with provisions applicable to such banks.

As an issuer of shares that are also listed on the Frankfurt and Warsaw regulated markets, UniCredit also fulfils legal and regulatory obligations related to listings on said markets, as well as provisions on corporate governance stipulated under the Polish Corporate Governance Code issued by the Warsaw Stock Exchange.

The Italian Corporate Governance Code

In line with practice on major international markets, the Italian Corporate Governance Code identifies goals for a sound corporate governance, as well as the behaviours deemed appropriate for their achievements recommended by the Italian Corporate Governance Committee to companies listed in Italy, to be applied according to the "comply or explain" principle that requires explanation in the corporate governance report of any reasons for failure to comply with one or more recommended best practices.

To ensure the ongoing consistency of the corporate governance code's recommendations against a backdrop of a changing market and investor expectations, in 2019 the Italian Corporate Governance Committee launched a review of the code, approved in its final version in January 2020. The adoption of this new version, based on principles of flexibility, proportionality also calibrated according to the company's size and ownership structures and neutrality with respect to the national provisions and the governance model specifically adopted, came into force starting from the 2021 financial year. Information on its implementation shall be included in corporate governance reports published during 2022.

Since 2001, UniCredit has adopted the Italian Corporate Governance Code, which is publicly available on the Italian Corporate Governance Committee website (https://www.borsaitaliana.it/comitato-corporate-governance/codice/codice.en.htm).

UniCredit, being a large company, applies the recommendations addressed to the category of "large companies".

The Code assigns the Italian Corporate Governance Committee the task of periodically monitoring the level of compliance with its provisions by the companies with listed shares that have stated their adherence to it.

Any possible area of improvement for listed companies' governance is highlighted in the annual Report on compliance with the Code and disclosed to the companies concerned. This practice is intended to encourage a more effective adoption of Code recommendations, and to promote an ongoing development of corporate governance at all listed companies on the Italian regulated market, regardless of whether companies have formally adopted the Code or not.

The last letter sent by the Chair of the Italian Corporate Governance Committee, dated December 14, 2023, identified some areas with the aim of strengthening the application of the "comply or explain" principle, focusing on:

business plan;
pre-meeting information;
guidelines on the optimal composition of the board of directors (specifically addressed to companies not qualifying as "companies with concentrated ownership");
increased voting rights (so-called "voto maggiorato") (specifically addressed to companies which would resolve on its adoption).

Said recommendations were submitted to the attention of the UniCredit Board Committees, in particular of the Corporate Governance & Nomination Committee (at its meeting held on January 29, 2024), as well as of the Board of Directors (at its meetings held on December 14, 2023, and February 29, 2024) and of the Board of Statutory Auditors (at its meeting held on December 19, 2023).

It should be noted that all the above highlighted areas of improvement have been subject to in-depth analysis and discussion by the Board and its Committees to strengthen the Company's corporate practices and to meet the growing expectations of the market.

As to the examination and approval of the business plan, the Board of Directors is informed on an ongoing basis by the Chief Executive Officer on the Group strategy evolution, also leveraging on the contribution of the ESG and the Internal Controls & Risks Committees, which carry out in-depth studies on issues with potential impacts on business sustainability. Furthermore, the Chair and the Chief Executive Officer ensure timely information flows to the Board of Directors on the key points of the Shareholders' expectations for a long-term value creation raised during shareholders' engagement activities.

Regarding pre-meeting information addressed to the Board, the Corporate Bodies and Committees Regulation is in line with best practices and provides for information to be made available to Directors at least three days before the Board meetings, unless there are exceptional events which prevent the documentation to be made available within said deadline. In such cases, the Chair ensures that the Chief Executive Officer provides an appropriate presentation of the relevant topic during the Board meeting. In 2023, such circumstances only occurred in some instances.

Issuer profile

As to the guidelines on the optimal composition of the board of directors, UniCredit complies with the regulations of the Supervisory Authorities, as well as with the recommendations of the Italian Corporate Governance Committee. Specifically, in the run-up of the Board of Directors' renewal, the Board:

(i) determines its optimal qualitative and quantitative composition for the effective performance of the tasks and responsibilities entrusted to it by law, by the provisions of the Supervisory Authority and by the UniCredit Articles of Association. Such theoretical composition is determined also taking into account the results of the self-assessment process which focuses on the adequacy of the composition and functioning of the Board and its Committees;
(ii) informs Shareholders about this composition by publishing the theoretical profile at the latest when the notice convening the Shareholders' Meeting called to resolve on the body's renewal is published. Given that this notice is published well in advance of the legal deadlines, this timing is considered appropriate to enable Shareholders to identify their candidates taking into account the required skills.

Shareholders may obviously carry out their own assessment of the optimal Board composition and submit candidacies consistent with that assessment, giving reasons for any difference from the analyses made by the Board. Notwithstanding the fact that the outgoing Board of Directors, in the event of renewal, has the faculty to submit its own list of candidates, the Company requires Shareholders submitting a list for the renewal of the body to provide appropriate information on the consistency of their list with the recommendations provided in the theoretical profile.

Lastly, with reference to the increased voting rights, the Company has so far not considered its adoption.

Overall - in view of the above - no critical issues emerged on the areas of improvement highlighted in the letter of the Italian Corporate Governance Committee considering the good quality of the UniCredit corporate governance, which is already compliant with the recommendations outlined in the letter and in the Italian Corporate Governance Code. Nonetheless, there could be still room for improvement regarding the timeliness of the information flows to Directors prior to the meetings.

The Report on corporate governance and ownership structure

On an annual basis, UniCredit draws up this Report for its Shareholders, institutional and non-institutional investors, and the market. The Report conveys appropriate information about the UniCredit corporate governance system.

Consistently with applicable legal and regulatory obligations, and in line with the Code's provisions, in its version as approved as at January 2020, this UniCredit Report on corporate governance and ownership structure was drafted in accordance with Section 123-bis of the TUF.

The Report approved by the Company's Board of Directors at its February 29, 2024, meeting is disclosed at the same time as the Report on Operations via the UniCredit website¹ and on the website of the authorised "eMarket STORAGE" storage mechanism managed by Teleborsa S.r.l. (www.emarketstorage.it).

¹ The UniCredit website address where the Report on corporate governance and ownership structure is available is: https://www.unicreditgroup.eu/en/governance/our-governance-system.html

Unless expressly specified otherwise, the information contained in this Report refers to the date of December 31, 2023. Therefore, unless otherwise specified, the information refers to the Italian traditional management and control system in force in the reference Period.

The Report was submitted to independent audit firm KPMG S.p.A. for its audit and its opinion on the consistency of certain specific information included in the Report itself with the financial statements, as well as their compliance with the legal provisions pursuant to Section 14, sub-section 2, letter e), of Legislative Decree no. 39/2010 (as last amended by Legislative Decree no. 135/2016) and Section 123-bis, sub-section 4, of the TUF. The results of the audit firm's activities are outlined in its reports attached to the 2023 UniCredit individual and consolidated financial statements.

It should be noted that the Report on Operations in the Consolidated Reports and Accounts contains a section entitled "Corporate Governance", in which the UniCredit corporate governance system is briefly described.

It should further be noted that the Company also draws up the yearly Integrated Report, which constitutes a non-financial declaration to fulfil the obligations under Sections 3 and 4 of the Legislative Decree no. 254/2016, implementing in Italy the Directive 2014/95/EU of the European Parliament and the Council dated October 22, 2014, as well as the Report TCFD (Task force on Climate-related Financial Disclosures)².

Profile and structure

UniCredit S.p.A. is a company whose shares are listed on the Milan, Frankfurt and Warsaw regulated markets. As a bank, parent company of the UniCredit banking Group, pursuant to the provisions of Section 61 of the TUB, in addition to banking activities, it carries out guidance and coordination as well as control functions vis-à-vis its banking, financial and instrumental subsidiaries which compose the banking Group. UniCredit also carries out governance and coordination activities pursuant to Article 2497 and following of the Italian Civil Code with reference to Italian subsidiaries belonging to the UniCredit Group, directly and indirectly controlled by the same.

The Company is not subject to guidance and coordination by other legal entities.

The UniCredit organisation³ reflects an organisational and business model which maintains a divisional structure for the governance of business/products, as well as global control over Digital & Information and Operation functions, while ensuring the autonomy of countries/local banks on specific activities to ensure increased proximity to the client and more efficient decision-making processes.

²The UniCredit website address where the Company's Integrated Report and the Report TCFS are available is: https://www.unicreditgroup.eu/en/esg-and-sustainability/sustainability-reporting.html

³ The UniCredit website address where the Company's organisation structure is available is: https://www.unicreditgroup.eu/en/unicredit-at-a-glance/organizational-structure.html

Issuer profile

Shareholder structure

As at December 31, 2023, UniCredit share capital amounted to Euro 21,277,874,388.48, divided into 1,784,663,080 ordinary shares of no nominal value. The shares are issued in a dematerialised form and are indivisible as well as freely transferable.

At the same date, Shareholders were about 217,000; 93.80% of its share capital was owned by legal persons, and the remaining 6.20% by physical persons. UniCredit's Shareholders' composition is the result of analyses conducted on data deriving from the contents of the Shareholders' Register.

The representation provided by the Shareholders' Register is the best estimate of the composition of UniCredit's Shareholders base; however, its updating procedures are not such as to ensure that the composition represented corresponds to the actual Shareholder base at any given time.

Corporate governance model

UniCredit has adopted the traditional Italian management and control system based on the existence of two corporate bodies appointed by the Shareholders' Meeting: a Board of Directors, which is in charge of the strategic supervision and management of the Company, and a Board of Statutory Auditors, which is responsible for the supervision of management. In accordance with applicable provisions, legal accounting supervision is entrusted by the Shareholders' Meeting to an external audit firm, on proposal of the Board of Statutory Auditors.

Traditional system

UniCredit believes that this governance model has proven to be suitable for managing the business efficiently, while ensuring effective controls. That is, it creates the conditions for the Company to be able to guarantee the sound and prudent management of a complex and global banking group like the UniCredit Group.

Since its incorporation, UniCredit had adopted the traditional governance model, which is the default option envisaged by Italian law for companies. Although the model had been efficient over time, there were a number of factors which grounded the need for reassessing the Company's governance model. For instance, the developments in the economic and regulatory context, the challenges that banks face today, and the demands from market players and regulators for an effective corporate governance.

Following the assessments performed, the Board of Directors resolved on the adoption of the one-tier corporate governance system in lieu of the traditional one. The one-tier model was deemed suitable to improve the quality of the governance, ensuring a greater effectiveness of controls through the integration of the control body within the Board.

Moreover, the one-tier model would have enhanced the role of the members of the control body through their direct participation in the Board's decision-making processes. The Board of Directors therefore submitted to the approval of the UniCredit Shareholders' Meeting the adoption of the one-tier corporate governance system and the related amendments to the Articles of Association. The Shareholders' Meeting approved the above on October 27, 2023.

It should be recalled that the one-tier governance model features the presence of a Board of Directors, which performs the strategic supervision and management functions, and an Audit Committee - established within the Board - which performs control functions.

The above amendments to the Articles of Association become effective upon the first renewal of the corporate bodies to which they apply following the mentioned Shareholders' Meeting, except for Clause 20. The latter concerns the procedures for the appointment of corporate bodies, and applies from the date of the notice convening the Shareholders' Meeting called to resolve on said appointments. More specifically, the renewal of the Board of Directors will be resolved upon during the Shareholders' Meeting called to approve the financial statements for the financial year 2023.

Shareholders' Meeting

The Shareholders' Meeting is empowered to resolve both in ordinary and extraordinary session, albeit with different constitutive and resolving quorum depending on the specific topics on the Agenda.

In particular, in its ordinary session, the Shareholders' Meeting approves the financial statements, the allocation of net profits, the appointment of Directors and Statutory Auditors, and the assignment of the mandate for external auditing to an audit firm, resolving on the connected fees. Furthermore, it resolves on the remuneration and incentive policies and practices provided for under applicable provisions, and on criteria to determine compensation to be granted in the event of early termination of employment or early retirement from office.

In extraordinary session, the Shareholders' Meeting is empowered to resolve on amendments to the Articles of Association and on transactions of an extraordinary nature such as increases in share capital, mergers and de-mergers.

Those entitled to attend the Shareholders' Meeting are the holders of voting rights about whom the Company has received notification from the broker holding their accounts by

Governance evolution

Ordinary Shareholders' Meeting

Extraordinary Shareholders' Meeting

Record date

Issuer profile

the deadline stated under applicable provisions (i.e., the "record date", which is seven market trading days prior to the date set for the Shareholders' Meeting).

For more information on the Shareholders' Meeting, please see Section no. 3

Board of Directors

The UniCredit Board of Directors may be comprised of between a minimum of nine and to a maximum of twenty-four members. As at February 29, 2024, the number of Directors is twelve.

At the Report's approval date, 42% of the Board members are Directors from the lessrepresented gender, and the 33% of them come from countries other than Italy.

Board members shall be appointed on the basis of a proportional representation mechanism ("voto di lista"). Legitimate parties entitled to submit slates are the Board of Directors and shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at ordinary Shareholders' Meetings.

The UniCredit Articles of Association envisage that, regardless of the total number of Board members, two Directors shall be appointed from the second slate receiving the highest votes, without any connection with the Shareholders who, jointly or severally, filed or voted for the slate that came first by number of votes, to ensure that the minority Shareholders have a greater presence on the Board of Directors.

In the appointment process, Shareholders are invited to take into account the qualitative and quantitative composition that the Board has deemed to be optimal for the effective fulfilment of the duties and responsibilities entrusted to the body with supervisory functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association, according to applicable provisions applicable on such topics also as concerning time commitments and the limits upon the maximum number of offices UniCredit Directors may hold.

Board members comply with the professional experience, integrity and independence requirements envisaged under applicable provisions, also of a regulatory nature, and under the Articles of Association.

Pursuant to the provisions of the Articles of Association, the Board of Directors has appointed a Chief Executive Officer, to whom it has entrusted the management of the Company within the terms and limits set by the Board itself.

The Board of Directors' function and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation⁴.

For more information on the Board of Directors, please see Section no. 4

Number of members

Gender diversity

Directors' appointment

Directors appointed by minorities

Qualitative and quantitative composition

Requirements

Chief Executive Officer

⁴ The UniCredit website address where the Corporate Bodies and Committees Regulation is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies.html

Board Committees

Also in line with the provisions of the Italian Corporate Governance Code, the Board of Directors has established five Committees, vested with research, advisory and proposal-making powers diversified by sector of competence: Internal Controls & Risks Committee, Corporate Governance & Nomination Committee, ESG Committee, Remuneration Committee and Related-Parties Committee. Their duties are undertaken based on terms of reference and procedures set forth by the Board.

The Board Committees' composition, functioning and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation.

For more information on the Board Committees, please see Section no. 5

Board of Statutory Auditors

Pursuant to the UniCredit Articles of Association, the ordinary Shareholders' Meeting appoints five permanent Statutory Auditors, among whom the Chair, and four substitute Statutory Auditors. As at February 29, 2024, the Board of Statutory Auditors is comprised of five permanent members.

At the Report's approval date, 40% of the Board of Statutory Auditors members are Auditors from the less-represented gender.

Board of Statutory Auditors' members shall be appointed on the basis of a proportional representation mechanism ("voto di lista"). The legitimate parties entitled to submit slates are shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at an ordinary Shareholders' Meetings.

The UniCredit Articles of Association establish that two permanent Statutory Auditors and two substitute Statutory Auditors shall be appointed by minorities. The Chair of the Board of Statutory Auditors shall be appointed by the Shareholders' Meeting among the Auditors elected by the minority.

In the appointment process, Shareholders are invited to take into account the qualitative and quantitative composition that the Board of Statutory Auditors has deemed to be optimal for the effective fulfilment of the duties entrusted to body with control functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association, according to applicable provisions.

The members of Board of Statutory Auditors in office are enrolled with the Italian Legal Auditors Register and meet the professional experience, integrity and independence requirements envisaged under applicable laws and regulatory provisions.

The Board of Statutory Auditors' functioning and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation.

For more information on the Board of Statutory Auditors, please see Sections nos. 10 and 11

Auditors' appointment

Gender diversity

Auditors appointed by minorities

Qualitative and quantitative composition

Requirements

Issuer profile

Diversity Policies

The Board of Directors' composition ensures the gender balance envisaged under the applicable provisions.

In the run-up of the Board of Directors' renewal for the 2021-2023 financial years, the outgoing Board of Directors made available to Shareholders a theoretical profile to allow the best choice of directors' candidates to be presented to the 2021 Shareholders' Meeting called for their appointment. More in detail, in the theoretical profile specific recommendations were formulated to ensure a balanced composition of knowledge, skills and experience and to promote inclusion and diversity across age, gender and geographic areas, as well as to adequately reflect UniCredit's status as Italy's only G-SIB (Global Systemically Important Bank).

It should be noted that UniCredit already recommended that its Shareholders abided by the above provisions on gender balance in its 2015 and 2018 qualitativequantitative profiles.

On the topic of diversity, when formulating its recommendations for the renewal of the Board of Directors for the 2021-2023 financial years, UniCredit reiterated the relevance of the following factors: (i) the international nature of the UniCredit Group, which suggests that proper consideration should be given to the presence of Directors with an international training and professional experience (regardless of nationality), (ii) the presence of members having knowledge, skills and technical experience that also allow them to understand the activities and main risks to which the UniCredit Group is exposed as well as (iii) different age of the members of the body. Furthermore, some areas of competence have been selected, with the recommendation that candidates preferably possess two or more of them.

Compliance with the diversity composition requirements identified in the 2021 qualitative-quantitative profile was checked by the Board at the end of the Directors' appointment process. Directors' personal qualities and gender diversity fully complied with the principles set in the theoretical profile. Furthermore, with reference to professional expertise accrued in the areas of competence envisaged under the profile, all the areas of competence were represented in the Board and the experience gained by all Directors was in line with the requirements provided for under the profile, considering that they possess good understanding of and experience in more than two of the required areas of competence. At the Report's approval date, the Board composition fully complies with the principles set in the theoretical profile; in particular, as to the gender diversity, the female component is above the quota established under the applicable provisions.

Directors' gender

Training, professional experience, age

The Board of Statutory Auditors' composition ensures the gender balance envisaged under the applicable provisions. Compliance with this requirement was achieved both during the appointment process of the body, and in the event of other changes to its composition.

In the run-up of the Board of Statutory Auditors' renewal for the 2022-2024 financial years, the outgoing Board of Statutory Auditors made available to Shareholders a theoretical profile to allow the best choice of statutory auditors' candidates to be presented to the 2022 Shareholders' Meeting called for their appointment.

When formulating its recommendations on the composition of the Board of Statutory Auditors, UniCredit recommended that its Shareholders filed slates of candidates in which at least two-fifths of candidates were drawn from the least-represented gender, in line with the relevant provisions.

Furthermore, on the topic of diversity, specific recommendations were formulated to ensure a balanced composition of profiles and experiences and further promoting the diversity characteristics, in particular with regards to training, professional experience, gender diversity and age. Some areas of competence were also selected, with the recommendation that candidates preferably possess two or more of them.

It should be noted that UniCredit already recommended that its Shareholders abided by the applicable provisions on gender balance in its 2019 qualitative-quantitative profiles, even though there was no specific provision requiring the identification of the qualitative and quantitative composition deemed to be optimal also for the control body.

Compliance with the diversity composition requirements stated in the theoretical profile was checked by the Board of Statutory Auditors at the end of the Statutory Auditors' appointment process. The Statutory Auditors' personal qualities and gender diversity comply with the principles set in the theoretical profile. The body's composition fully comply with the applicable provisions and the principles set in the theoretical profile, is adequate for ensuring functionality and avoiding redundancy as well as ensures a balanced mix of profiles and experiences (legal auditing of accounts, control activities in the banking sector and/or at listed companies; professional activities in fields relating to the banking, financial and securities industries; teaching, at university level, on subjects in the field of banking operations, business economics, accountancy, and management of securities markets); all Statutory Auditors possess more than three of the areas of competence envisaged under the profile.

Moreover, it should be noted that in UniCredit there is an active and permanent induction program for the Board members, also to the benefit of the Board of Statutory Auditors members, consisting, inter alia, of recurring trainings sessions to preserve over time the expertise needed for the proper fulfilment of their duties.

* * *

The October 27, 2023, UniCredit Shareholders' Meeting resolved to adopt the one-tier administration and control system - which provides for the appointment within the Board of Directors of an Audit Committee performing controls functions, in place of the Board of Statutory Auditors - effective upon the renewal date of the corporate bodies in Statutory Auditors' gender

Training, professional experience, age

Governance evolution

Issuer profile

office at the Report's approval date. Thus, in the run-up of the Board of Directors' renewal for the 2024-2026 financial years, the outgoing Board of Directors made available to Shareholders a new theoretical profile to allow the best choice of directors' candidates to be presented to the April 12, 2024, Shareholders' Meeting called for their appointment.

In the theoretical profile specific recommendations were formulated to ensure a balanced composition of knowledge, skills and experience and to promote inclusion and diversity across age, gender and geographic areas, as well as to adequately reflect the UniCredit Group size and operational complexity.

When formulating its recommendations on the composition of the Board of Directors and its Committees, UniCredit recommended that its Shareholders filed slates of candidates in which at least two-fifths of candidates were drawn from the leastrepresented gender, in line with the relevant provisions. Moreover UniCredit encourages Shareholders to submit slate with a view to meet a percentage of Directors belonging to the less represented gender more than 40% towards 50%.

With reference to the measures adopted by the Company to promote equal opportunities and treatment between genders within the whole organisation, it should be highlighted that at UniCredit, Diversity, Equity, and Inclusion (DE&I) are key tenets to be fulfilled in every key moment of its' employees' journey, from recruiting and onboarding, to learning and development, performance management and compensation, in line with the Group's Values - Integrity, Ownership and Caring - that guide all actions and behaviours. Through the Diversity, Equity, and Inclusion Global Policy, UniCredit further enhances inclusion within the whole organisation, to ensure that internal procedures, policies and practices promote such principles and nurture a supportive working environment where individual differences are respected and valued.

Moreover, UniCredit is committed to promote gender parity across all organisational levels and to ensure equal pay for equal work, providing equal opportunities and fair treatment.

UniCredit is accountable for the Diversity, Equity, and Inclusion progress, setting up a monitoring process that includes relevant DE&I metrics and KPIs in the Group People Analytics Dashboard as well as data on gender diversity alongside indicators related to the diversity of people. UniCredit also makes available, both internally and externally, relevant data, commitments and initiatives leveraging on the Group Integrated Report.

* * *

For further information on the UniCredit corporate governance structure, in addition to the specific Sections contained in this Report, please see the Company's website where such information is available alongside information of an economic and financial nature, data, and documents of interest to Shareholders in general.

Gender in UniCredit

Information on the ownership structure

2.1 Share capital structure

As at December 31, 2023, the UniCredit fully subscribed and paid-in share capital amounted to Euro 21,277,874,388.48, divided into 1,784,663,080 ordinary shares of no nominal value.

UniCredit shares are listed on the Milan, Frankfurt and Warsaw regulated markets, respectively on Borsa Italiana S.p.A. (Euronext Milan), on the Frankfurt Stock Exchange and on the Warsaw Stock Exchange. The shares traded on the aforesaid markets have the same characteristics and offer the same rights.

No other types of shares, equity instruments or convertible or exchangeable bonds have been issued.

As at February 29, 2024, the UniCredit fully subscribed and paid-in share capital amounts to Euro 21,367,680,521.48, divided into 1,719,651,093 ordinary shares of no nominal value, following (i) the cancellation of treasury shares on January 16, 2024, without reduction of the share capital, pursuant to the resolutions passed by the Shareholders' Meeting on March 31 and October 27, 2023 and (ii) the free share capital increase aimed at servicing the Group Incentive System resolved by the Board of Directors on February 4, 2024, by virtue of the powers granted to it pursuant to Article 2443 of the Italian Civil Code by the Extraordinary Shareholders' Meetings of April 11, 2019, April 9, 2020, April 15, 2021 and March 31, 2023.

Rights and obligations

Each ordinary share entitles holders to the right to cast one vote at ordinary and extraordinary Shareholders' Meetings. Shares give holders all the administrative and economic rights and obligations envisaged by law.

No stocks granting special controlling rights or special powers have been issued.

Other financial instruments granting the right to subscribe new shares

At the Report's approval date, there are no financial instruments granting the right to subscribe new shares linked to incentive systems.

For the sake of completeness, it should be noted that with regard to the capital increase approved by the Extraordinary Shareholders' Meeting of UniCredit S.p.A. on November 14, 2008, no. 967,564,061 ordinary shares, subscribed by Mediobanca - Banca di Credito Finanziario S.p.A. pursuant to the guarantee agreement executed with UniCredit S.p.A. were used to service the issue of and underlie Convertible and Subordinated Hybrid Equity-linked Securities ("Cashes") financial instruments. These Cashes were subscribed in full by institutional investors. Mediobanca gave the right of usufruct over such shares to UniCredit, maintaining bare ownership ("nuda proprietà") of the shares. As a result of reverse-split transactions on these shares conducted in December 2011 and January 2017, at the Report's approval date the number of the aforesaid ordinary shares is equal to 9,675,640.

2.2 Restrictions on stock transfers

At the Report's approval date, there are no restrictions on stock transfers, taking into account the 9,675,640 shares used to service the Cashes of which Mediobanca holds bare ownership (see the previous section on Share capital structure).

2.3 Relevant equity holdings

On the basis of the communications received in accordance with Section 120 of the TUF, direct and indirect relevant equity holdings as at December 31, 2023, registered on the Shareholders Register are stated below.

The Shareholders listed below hold more than 3%, and do not qualify for disclosure exemptions (as provided under Section 119/bis of CONSOB Rule no. 11971/99).

Declarant	Direct Shareholder	% of ordinary capital	% of voting capital
BlackRock Group		6.439%	6.439%
	BlackRock Fund Advisors	1.768%	1.768%
	BlackRock Institutional Trust Company, National Association	1.689%	1.689%
	BlackRock Advisors (UK) Ltd	1.024%	1.024%
	BlackRock Asset Management Deutschland Ag	0.844%	0.844%
	BlackRock Investment Management (UK) Ltd	0.416%	0.416%
	BlackRock Investment Management, Llc	0.307%	0.307%
	BlackRock Advisors, Llc	0.132%	0.132%
	BlackRock Asset Management Canada Ltd	0.090%	0.090%
	BlackRock Japan Co. Ltd	0.069%	0.069%
	BlackRock Investment Management (Australia) Ltd	0.053%	0.053%
	BlackRock Financial Management, Inc.	0.039%	0.039%
	BlackRock Asset Management North Asia Ltd	0.004%	0.004%
	Aperio Group Llc	0.002%	0.002%
	Blackrock (Singapore) Ltd	0.000%	0.000%
	Blackrock International Limited	0.000%	0.000%
Allianz SE Group		3.901%	3.901%
	Allianz Finance II Luxembourg S.à.r.l.	3.770%	3.770%
	Allianz S.p.A.	0.109%	0.109%
	Investitori Società di Gestione del Risparmio Società per Azioni	0.009%	0.009%
	Allianz Lebensverischerungs Ag	0.009%	0.009%

Information on the ownership structure

Allianz Life Luxembourg Sa	0.002%	0.002%
Allianz Benelux Sa	0.001%	0.001%
Allianz Vie	0.001%	0.001%

The table below shows the relevant equity holdings in share capital as resulting following:

the cancellation of treasury shares on January 16, 2024, without reduction of the share capital, pursuant to the resolutions passed by the Shareholders' Meeting on March 31 and October 27, 2023. Specifically, the remaining shares purchased in execution of the 2022 Buy-Back Programme and not previously cancelled, and the shares purchased in execution of the First Tranche of the 2023 Buy-Back Programme up to December 29, 2023, for a total of no. 72,239,501 treasury shares, were cancelled;
the free share capital increase aimed at servicing the Group Incentive System resolved by the Board of Directors on February 4, 2024, by virtue of the powers granted to it pursuant to Article 2443 of the Italian Civil Code by the Extraordinary Shareholders' Meetings of April 11, 2019, April 9, 2020, April 15, 2021, and March 31, 2023.

Declarant	Direct Shareholder	% of ordinary capital	% of voting capital
BlackRock Group		6.682%	6.682%
	BlackRock Fund Advisors	1.835%	1.835%
	BlackRock Institutional Trust Company, National Association	1.753%	1.753%
	BlackRock Advisors (UK) Ltd	1.062%	1.062%
	0.876%	0.876%
	Ag BlackRock Investment Management (UK) Ltd
	BlackRock Investment Management, Llc
BlackRock Advisors, Llc		0.137%	0.137%
	BlackRock Asset Management Canada Ltd		0.093%
BlackRock Japan Co. Ltd		0.072%	0.072%
	BlackRock Investment Management (Australia) Ltd	0.055%	0.055%
	BlackRock Financial Management, Inc.	0.041%	0.041%
	BlackRock Asset Management North Asia Ltd	0.004%	0.004%
	Aperio Group Llc	0.002%	0.002%
	Blackrock (Singapore) Ltd	0.000%	0.000%
	Blackrock International Limited	0.000%	0.000%
Allianz SE Group		4.049%	4.049%

Allianz Finance II Luxembourg S.à.r.l.	3.913%	3.913%
Allianz S.p.A.	0.113%	0.113%
Investitori Società di Gestione del Risparmio Società per Azioni	0.010%	0.010%
Allianz Lebensverischerungs Ag	0.009%	0.009%
Allianz Life Luxembourg Sa	0.002%	0.002%
Allianz Benelux Sa	0.001%	0.001%
Allianz Vie	0.001%	0.001%

At the Report's approval date, the information concerning the above-mentioned significant shareholdings in the share capital is unchanged.

There is no employee equity holding system in place whereby voting rights may be exercised by employee representatives.

2.4 Restrictions on voting rights

At the Report's approval date, there is no limitation on the exercise of voting rights.

At the Report's approval date, the voting rights of the 9,675,640 UniCredit shares subscribed by Mediobanca pursuant to the guarantee agreement executed with UniCredit S.p.A. and used to service the Cashes, in relation to which the aforementioned party granted a usufruct right to UniCredit, do not have voting rights (see the previous section on Share capital structure).

The Company knows of no Shareholders' agreements among relevant Shareholders as defined by Section 122 of the TUF.

2.5 Changes to control clauses and by-laws provisions on public purchase offers

UniCredit S.p.A. is not a Company controlled by any Shareholder or subject to any Shareholder agreement, as provided for under Italian law.

No UniCredit subsidiaries executed agreements that may be considered relevant pursuant to Section 123/bis of the TUF.

* * *

The UniCredit Articles of Association do not envisage exceptions to the provisions on the passivity rule envisaged under Section 104, sub-sections 1 and 1-bis, of the TUF.

The Articles of Association do not envisage the application of the counteracting rules envisaged under Section 104/bis, sub-sections 2 and 3, of the TUF.

Information on the ownership structure

2.6 Delegation of power to increase share capital and authorisations to purchase own shares

The Board of Directors was empowered by the Shareholders' Meeting to execute free share capital increases, with the exclusion of option rights, to service incentive plans for UniCredit Group employees (see Clause 6 of the Articles of Association). The Board of Directors was not granted any authority to issue other equity instruments.

The UniCredit Shareholders' Meeting, with the resolution adopted in its meetings held on March 31 and October 27, 2023, authorised the Board of Directors to lunch two programmes for the purchase of treasury shares and their consequent cancellation without reduction of the share capital aimed at increasing remuneration in favour of Company's Shareholders (i.e., respectively the "2022 Buy-Back Programme" and the "First Tranche of the 2023 Buy Back Programme").

On September 29, 2023, the "2022 Buy-Back Programme" was concluded and at the Report's approval date the "First Tranche of the 2023 Buy Back Programme" is still ongoing.

At the end of the financial year to which this Report refers, the number of treasury shares held was equal to 72,239,501. Such treasury shares were cancelled on January 16, 2024.

At the Report's approval date, the treasury shares held in the portfolios by UniCredit was equal to 31,728,738, following the daily purchase of ordinary shares under the "First Tranche of the 2023 Buy Back Programme" and the cancellation of treasury shares on January 16, 2024.

Shareholders' Meetings

In compliance with the applicable provisions, the UniCredit Articles of Association envisage that the ordinary Shareholders' Meeting is convened at least once a year, within 180 days of the end of the financial year, to resolve upon the issues for which it is responsible pursuant to applicable laws and the Articles of Association. An extraordinary Shareholders' Meeting is convened, instead, whenever it is necessary to resolve upon any of the matters that are exclusively attributed to its jurisdiction by applicable laws.

Shareholders' Meetings are held on single call, in accordance with the provisions of law. However, to maintain adequate organisational flexibility, the Articles of Association retain the option for the Board to issue more than one call for single meetings.

In accordance with legal and regulatory requirements, Shareholders' Meetings are convened via a notice published on the Company's website, as well as through other channels provided for under applicable laws and regulatory provisions, including publication in daily newspapers in extract form. The Agenda of the Shareholders' Meeting is established in accordance with legal requirements and the Articles of Association by whomever exercises the power to call a Meeting.

By the deadline for publication of the Shareholders' Meeting call of notice provided for each item on the Agenda - or by any other deadlines envisaged under other legal provisions - the Board of Directors shall make publicly available a report on each of the items on the Agenda.

The right to ask for the integration of the Agenda may, according to the cases, methods and terms outlined in the applicable provisions, be exercised by Shareholders who individually or jointly represent at least 0.50% of share capital. Shareholders requesting additions to the Agenda shall prepare a report stating the reason for their resolution proposals on the new matters they propose for discussion. Shareholders may also submit further resolution proposals on items already on the Agenda, stating the reasons thereof.

The Shareholders' Meeting shall take place at the Company's Registered Office in Milan or at another location in Italy, as indicated in the Meeting call notice. The Meeting resolves with the majorities envisaged under applicable laws.

The Articles of Association do not provide for particular quorum. Relevant legal and regulatory provisions must be complied with for a Shareholders' Meeting and the resolutions it takes, to be valid.

In compliance with the provisions set forth in Article 2365 of the Italian Civil Code, Clause 23 of the Articles of Association grants the Board of Directors authority over resolutions on the following:

changes made to the Articles of Association to comply with legal requirements;
merger through incorporation of companies in situations envisaged under Articles 2505 and 2505-bis of the Italian Civil Code;
de-merger of companies in situations envisaged under Article 2506-ter of the Italian Civil Code;
the reduction of share capital in the event of a Shareholder withdrawing;
decisions on which Directors, in addition to those indicated in the Articles of Association, may represent the Company.

In compliance with the Articles of Association and pursuant to applicable provisions issued by Banca d'Italia concerning the remuneration and incentive policies and practices for banks and banking groups, in addition to establishing the compensation payable to the corporate bodies appointed by the Shareholders' Meeting, in its ordinary session the Shareholders' Meeting approves: (i) remuneration and incentive policies for members of the supervisory, management and controlling bodies, as well as for remaining employees; (ii) equity-based compensation schemes; (iii) the criteria for determining the compensation to be granted in the event of early termination of employment or early retirement from office including the limits set for said compensation in terms of number of years of fixed remuneration as well as the maximum amount deriving from their application. Furthermore, during approval of remuneration and incentive policies, the ordinary Shareholders' Meeting may

exercise the faculty to determine a ratio of variable-to-fixed remuneration for employees higher than 1:1, but in any case not exceeding a ratio of 2:1. In accordance with Section 123-ter of the TUF, the Shareholders' Meeting resolves on the Group Remuneration Policy and Report, explaining, inter alia, the Company's policy on the remuneration of Board of Directors members, the General Manager (when appointed), Executives with strategic responsibilities and, without prejudice to the provisions set forth by Article 2402 of the Italian Civil Code, Board of Statutory Auditors members, as well as the procedures used to adopt and implement this policy.

The Shareholders' Meeting is informed about the ways in which the Remuneration Committee may exercise its functions and on the activities it has carried out via the "Group Remuneration Policy and Report".

Legitimation, how to attend and voting rights

Pursuant to applicable provisions, the holders of voting rights from whom the Company has received notification through the broker holding their accounts by the deadline established by law are entitled to attend the Shareholders' Meeting. Those who hold voting rights may be represented at the Shareholders' Meeting via a written proxy. Since 2011 UniCredit identifies for each Shareholders' Meeting a "Designated Proxy-Holder" to whom the holders of voting rights may grant a proxy inclusive of voting instructions regarding all, or some of, the items on the Agenda free of charge.

The UniCredit Articles of Association provide an option for voting rights holders to participate remotely at Shareholder's Meetings via means of telecommunications, and to exercise their voting rights using electronic methods, referring the decision to activate such instruments to the Board of Directors on a single meeting basis.

As a rule, all Directors attend the Shareholders' Meeting.

The Board reports to the Shareholders' Meeting on the activities performed and planned within the framework of the management report. Furthermore, it makes every effort to ensure adequate information on all relevant items so as to enable Shareholders to take informed decisions on matters within their sphere of competence, in particular by ensuring that Directors' Reports and any additional information has been made available within the time frame established by law and by regulatory provisions in force.

Information on the functioning of the Shareholders' Meeting and on the exercise of Shareholders' rights is available on the Company's website (https://www.unicreditgroup.eu/en/governance/shareholders.html).

Shareholders' Meetings conduct

Since 1998 the Shareholders' Meeting has adopted rules oriented towards ensuring the orderly and effective conduct of ordinary and extraordinary meetings. The Regulations governing general meetings, most recently approved in April 2018, are available online at the UniCredit S.p.A. website under the Governance/Shareholder Section⁵.

Clause 7 of the Regulations on general meetings states that those entitled to attend the Shareholders' Meeting are entitled to take the floor in respect of each of items presented for discussion. Shareholders intending to exercise this right must ask the Chair for permission, via the Notary or the Secretary, providing the Chair with a written request containing details of the issue or the issues to which the request refers to, up until he declares discussions regarding the issue or the issues the request to take the floor refers to are closed. The Chair usually allows persons to take the floor as per the chronological order in which they have submitted their requests. The Chair may moreover authorise the submission of requests to take the floor by a show of hands.

⁵ The UniCredit website address where the Regulations governing general meetings are available is:

http://www.unicreditgroup.eu/en/governance/shareholders.html

Shareholders' Meetings

* * *

In 2023, UniCredit's market capitalisation increased by ca. 18 billion, reaching 43.8 billion. In a positive trend for the European banking sector, UniCredit's stock price performance was +85.1%, overperforming (+65%) the sector benchmark (the performance of SX7P index, comprising the 600 largest banks in Europe, was +20.3% over the reference period).

As to changes that affected the Shareholder structure, during 2023, taking into account the threshold of market disclosure obligations that qualify as relevant shareholdings according to the TUF, BlackRock Inc. stayed above the 5% threshold.

No proposals were put to the Shareholders' Meeting to amend the Articles of Association with regard to the percentages set for exercising rights and prerogatives to safeguard minorities.

Board of Directors

4.1 Appointment and replacement

In accordance with applicable legal and regulatory provisions, UniCredit Directors are appointed on the basis of a proportional representation mechanism ("voto di lista") in compliance with composition criteria concerning, among others, minority and independent Directors, and gender balance (for more on this, please see Clause 20 of the Articles of Association, available for consultation on the UniCredit website⁶).

The legitimate parties who are entitled to submit slates are the Board of Directors and Shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at the ordinary Shareholders' Meetings. Each party entitled to file a slate of candidates may submit or contribute to the submission of just one slate (including via proxies or trustee companies). Shareholders belonging to the same group or Shareholders who are parties to a Shareholders' agreement concerning UniCredit shares may not submit more than one slate (including via proxies or trustee companies). Candidates must be included in one slate only, otherwise they are ineligible.

The UniCredit Articles of Association envisage that, regardless of the total number of the Board members, two Directors shall be appointed from the second slate receiving the highest votes, without any connection with the Shareholders who, even jointly, filed, or voted for, the slate first by number of votes, to ensure to the minority Shareholders a greater presence on the Board of Directors.

In compliance with the provisions of Section 147-ter of the TUF, UniCredit established that slates of candidates for the position of Director should be filed at the Registered Office no later than the twenty-fifth day prior to the date of the Shareholders' Meeting called to resolve on the appointment of members of the Board. Slates must be made publicly available at the Registered Office, on the Company's website and via other channels provided for under applicable laws, at least twenty-one days prior to the date of the Shareholders' Meeting. As regards the minimum percentage of share capital needed to submit a slate, Clause 20, sub-section 5, of the Articles of Association specifies that the percentage must be equal to 0.5% of the share capital in the form of shares with voting rights at an ordinary Shareholders' Meetings, consistent with the minimum shareholding percentage established by CONSOB on the basis of the provisions of Section 147-ter of the TUF (Section 144-quater of the CONSOB Issuers' Rules). Ownership of the minimum number of shares required to file a slate is calculated with regard to the shares registered for each individual Shareholder, or for several Shareholders together, on the day on which the slates are filed with the Company.

Other than those set out under law, no particular rules apply to amending the Articles of Association.

In compliance with applicable provisions, the Board of Directors establishes its qualitative and quantitative composition deemed to be optimal for the effective fulfilment of the duties and responsibilities entrusted to the body with supervisory functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association. The Board also establishes requirements for UniCredit Directors to meet, in addition to the possession of requirements envisaged under applicable provisions. The Board has also adopted a procedure for identifying candidates for the posts of member of the Board of Directors, including the Chair and the Chief Executive Officer, to be applied in the event of the possible presentation by the Board of a list of candidates to be submitted to the Shareholders' Meeting, or the identification by the Board of the potential candidates suitable to cover the post of director on the occasion of the publication of the theoretical profile on the Company's website, and of a co-optation⁷,

⁶ The UniCredit website address where the Articles of Association are available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/articles-association-code-ethics.html

⁷ The UniCredit website address where the "Process for selecting candidates" approved by the Board of Directors is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies/selection-and-composition.html

Before appointing new members Shareholders, and at the latest when the notice convening the Shareholders' Meeting called to resolve on their appointment is published, the Board shall inform Shareholders on the composition deemed to be optimal in order that the expertise required may be taken into consideration in the choice of candidates. Shareholders may obviously carry out their own assessment of the optimal composition of the body with supervisory functions, and submit candidacies consistent with that assessment, giving reasons for any difference from the analyses made by the Board. The outcomes of the check on the matching between the qualitative and quantitative composition deemed to be optimal and the one resulting from the appointment process are disclosed to Shareholders, to allow them to take the proper measures, in due time before the first Shareholders' Meeting called for the approval of the financial statements following the renewal of the body or of the majority of its members.

With regard to the qualitative and quantitative composition of the Board of Directors and the profile necessary for candidates to the position of Director, and in particular the time commitment and limits upon the maximum number of offices Directors may hold, as well as the diversity composition criteria for the body with supervisory functions, reference is made to the document⁸ "Qualitative and Quantitative Composition of the UniCredit S.p.A. Board of Directors", published on the Company's website, and in the information provided in Section 4.2 "Composition".

* * *

The October 27, 2023, UniCredit Shareholders' Meeting resolved to adopt the one-tier administration and control system, which provides for the appointment within the Board of Directors of an Audit Committee performing controls function. The abovementioned one-tier system will be effective upon the renewal of the Company's corporate bodies.

In the run-up of the Board of Directors' renewal, the outgoing Board of Directors made available to Shareholders a new theoretical profile to allow the best choice of directors' candidates to be presented to the 2024 Shareholders' Meeting called for their appointment.

More in detail, in said theoretical profile specific recommendations ensure (i) a balanced composition of knowledge, skills and experience, (ii) the inclusion and (iii) diversity across age, gender and geographic areas. Such profile also recommends quantitative composition for Board as well as Committees including the Audit Committee.

Furthermore, according to Clause 20 of the Company's Articles of Association concerning the procedures for the appointment of the new corporate bodies for the 2024-2026 financial years, each list shall include two sections: one referred to the candidates for the Board of Directors and the other one referred to the candidates for the Audit Committee.

Succession plans

With reference to the recommendations in CONSOB Resolution no. DEM/11012984 dated February 24, 2011, and to the provisions of Article 4, recommendation 24, of the Italian Corporate Governance Code, please be informed that, since 2006, UniCredit has in place a structured process, aimed at managing and developing the leadership pipeline across the Group, called Succession Planning related to all Group Executives (approximately 2,200), including the Chief Executive Officer position.

⁸ The UniCredit website address where the "Qualitative and Quantitative Composition of the UniCredit S.p.A. Board of Directors" is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies/selection-and-composition.html

Board of Directors

UNICREDIT BANDING SYSTEM	VALIDATION
CEO-GEC	Corporate Governance & Nomination Committee / BoD			GROUP
EVP	Head of Group P&C / CEO*	Above		SUCCESSION PLANNING
SVP	Head of Group P&C		PERFORMANCE MANAGEMENT
FVP	Managers	GEC-2 & Below		LOCAL SUCCESSION
BAND 0-3	Managers			PLANNING 8 TALENT MANAGEMENT
			GEC-1 &	ORGA LEVEL PROCESS

Process

Performance Management and Succession Planning are integrated processes starting with individual appraisal and managerial appraisal, the latter followed by a number of calibrations at local and Group level, ultimately aiming at having a consistent Group view of each Executive.

Consolidated outcomes are presented to the Chief Executive Officer and to the Head of the Group People & Culture function to define career/succession plans for Executives holding top positions at Group level, as well as for key players in positions below them.

Timing wise, the update of the succession plans occurs on a yearly basis. As a rule, at the end of each cycle, a results summary is discussed by the Committee specifically devoted to corporate governance issues (the Corporate Governance & Nomination Committee), which reports to the Board of Directors on the main points discussed.

During the year, the Corporate Governance & Nomination Committee regularly analyses the evolution of the succession planning for the Chief Executive Officer and his first reporting line.

Moreover, the Chief Executive Officer succession planning is reviewed on a periodical basis, with regular processes of internal and external scouting for potential successors identification. Outcomes of this processes are shared with the Corporate Governance & Nomination Committee and/or with the Chair of the Board of Directors.

Content

Performance Management and Succession Planning are based on the Group values and foster Group Leaders growth, ensuring business continuity and sustainability through an identification of short, medium and long-term successors for all key managerial positions.

In the event of early or unforeseen replacement of Executives, including the Chief Executive Officer, the Succession Planning's results serve as the reference point for the evaluation of possible candidates and decisions on new appointments.

4.2 Composition

Pursuant to the Articles of Association, the UniCredit Board of Directors may be comprised of between a minimum of nine up to a maximum of twenty-four members. As at February 29, 2024, the number of Directors is twelve.

Directors' term in office is three financial years, unless a shorter term is established at such time as they are appointed and ends on the date of the Shareholders' Meeting called to approve the financial statements relating to the last year in which they are in office.

The ordinary Shareholders' Meeting held on April 15, 2021, appointed Directors for financial years 2021-2023, whose term runs until the date of the Shareholders' Meeting called to approve the 2023 financial statements.

According to Clause 20 of the Articles of Association and pursuant to applicable laws and regulations, the Board submitted a proposal to the abovementioned ordinary Shareholders' Meeting to establish the number of Directors and appoint them. In such circumstance, the Board recommended that when submitting slates of candidates Shareholders should take into account the document on the Board of Directors' qualitative and quantitative composition deemed to be optimal for the effective fulfilment of its duties and responsibilities, as approved by the Board in March 2021.

As expressly provided for in the Articles of Association, with reference to the faculty held by the Board of Directors to submit its own slate of candidates, on March 3, 2021, the outgoing Board unanimously approved its own slate of candidates to the post of Director. In execution of its March 2021 resolutions, the Board submitted a proposal to the Shareholders' Meeting to set the number of the Board of Directors' members at thirteen, including one Chair and one Deputy Vice Chair. Slate candidates were chosen via the procedure for identifying candidates approved by the Board. The criteria adopted for issuing this slate complied with the requirements highlighted in the qualitative and quantitative profile approved by the Board.

Board of Directors

Two slates were submitted, filed and published according to the deadline and in the terms provided for under applicable provisions and the Articles of Association, specifically:

Slate no. 1 was submitted by the outgoing Board of Directors:
Mr. Pietro Carlo Padoan (designated as Chairman), Mr. Andrea Orcel (designated as Chief Executive Officer), Mr. Lamberto Andreotti, Ms. Elena Carletti, Ms. Jayne-Anne Gadhia, Mr. Jeffrey Alan Hedberg, Ms. Beatriz Ángela Lara Bartolomé, Mr. Luca Molinari, Ms. Maria Pierdicchi, Ms. Renate Wagner and Mr. Alexander Wolfgring;
Slate no. 2 was submitted by several Funds, with an overall shareholding equal to 1.55% of the share capital: Ms. Francesca Tondi and Mr. Vincenzo Cariello.

In addition to the above slates, the following documentation was submitted and published in accordance with prescribed deadlines and procedures:

the statement of Shareholders, others than those who, also jointly, hold a controlling or relative majority shareholding, stating that there is no connection with the latter, even indirectly, pursuant to Section 144 quinquies of CONSOB Issuers' Rules, taking into account the recommendations issued by CONSOB in Communication no. DEM/9017893, dated February 26, 2009;
an exhaustive information on the personal and professional characteristics of the candidates indicated on the slate (such as: curriculum vitae and a list of the supervisory, managerial and controlling offices held in banks and other commercial companies);
the statements where each candidate accepts the position (subject to their appointment) and attests, under their own responsibility, the absence of ineligibility, forfeiture or incompatibility situations, and that they meet the requirements established under the applicable provisions, also of a regulatory nature;
the statements by each candidate concerning their fulfilment or not of the independence requirements pursuant to Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020, Section 148 of the TUF, the UniCredit Articles of Association and the Italian Corporate Governance Code as well as information on knowledges and expertise gained in the areas covered by the theoretical profile.

Information on the personal and professional characteristics of each candidate, as shown in their curriculum vitae, statements envisaged under applicable laws and the UniCredit Articles of Association as well as those provided for in the theoretical profile, and, more specifically, statements certifying their compliance or otherwise with the independence requirements prescribed by law and in the Italian Corporate Governance Code, may be found on the UniCredit website (https://www.unicreditgroup.eu/en/governance/shareholders.html). In particular, when submitting their candidacies Mr. Andreotti, Mr. Cariello, Ms. Carletti, Ms. Gadhia, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Ms. Pierdicchi, Ms. Tondi and Mr. Wolfgring declared their independence pursuant to the Decree, the TUF, the Articles of Association and the Italian Corporate Governance Code. Mr. Padoan declared his independence pursuant to the TUF, the Articles of Association and the Italian Corporate Governance Code and Ms. Wagner declared her independence pursuant to the Decree and the TUF.

The Shareholders' Meeting held on April 15, 2021, after resolving that the members of the Board of Directors should in total be thirteen as proposed by the outgoing Board, appointed the following Directors for the financial years 2021-2023:

Mr. Pietro Carlo Padoan, Mr. Andrea Orcel, Mr. Lamberto Andreotti, Ms. Elena Carletti, Ms. Jayne-Anne Gadhia, Mr. Jeffrey Alan Hedberg, Ms. Beatriz Ángela Lara Bartolomé, Mr. Luca Molinari, Ms. Maria Pierdicchi, Ms. Renate Wagner and Mr. Alexander Wolfgring were appointed from Slate no. 1, obtaining the majority of the Shareholders' votes;
Ms. Francesca Tondi and Mr. Vincenzo Cariello were appointed from Slate no. 2, voted for by the minority of the Shareholders.

In April 2021, Mr. Gianpaolo Alessandro, General Counsel of the UniCredit Group, was confirmed as Board Secretary.

The Board composition resulting from the appointment process was:

quantitatively corresponding to that identified as optimal by the Board itself. The Board had determined in thirteen, the quantitative composition deemed to be optimal and the Shareholders, who are in charge to decide on the matter, agreed on such proposal, which was consequently approved by the Shareholders' Meeting;
qualitatively corresponding to the theoretical profile established by the Board, as well as suitable pursuant to the ECB "Guide to fit & proper assessment".

More specifically, also taking into consideration information provided by the person concerned, compliance was achieved vis-à-vis requirements concerning experience, competence, integrity, fairness and independence, the requirements of independence of mind, also considering the specific mitigation measures identified, as well as the adequate time to perform their duties (the time commitment recommended for an effective attendance at the Board and Committees meetings and limits upon the maximum number of offices a Director may hold⁹ established under the applicable provisions).

With reference to the time commitment recommended for effective attendance at Board and Committees meetings, all Directors, inter alia, declared their ability to commit sufficient time to duly perform their functions. The commitments Directors declared were deemed to be compatible with the commitment required to conduct their duties at UniCredit, including sitting on Board Committees, where applicable.

Furthermore, with reference to professional expertise accrued in areas of competence envisaged under the theoretical profile [i.e., banking business, banking governance, risk and control, legal and regulatory, strategic planning, accounting & audit, financial and international markets, digital and technology and sustainability (ESG)], all these areas were represented on the Board. Considering that, in addition to their international experience, they possess a good understanding of and experience in more than two areas of competence envisaged in the qualitative and quantitative profile, the experience gained by all Directors is in line with the requirements identified in the profile.

Regarding the "collective suitability", the personal qualities of Directors, as well as age and gender diversity, fully complied with the applicable provisions and the principles set in the Board theoretical profile. In particular, as to the gender diversity, the female component was equal to 46%, above the composition criterion for the less represented gender set forth by the provisions equal to at least two-fifths of the appointed Directors.

The outcomes of the check on the matching between the qualitative and quantitative composition deemed to be optimal and the one resulting from the appointment process were disclosed to Shareholders via a press release (on February 15, 2022), to allow them to take the proper measures, in due time before the April 8, 2022, Shareholders' Meeting, the first Shareholders' Meeting called for the approval of the financial statements following the renewal of the body.

Respectively on July 5 and November 9, 2022, the Board of Directors reviewed the independence requirement for Director Ms. Wolfgring and Chairman Mr. Padoan:

acknowledging that Director Mr. Wolfgring is no longer independent according to the Italian Corporate Governance Code and the Decree as he has been a Director of UniCredit for more than 9 years in the last 12 years; and
assessing with a positive outcome the independence requirement of Chairman Mr. Padoan according to the Decree, as more than 2 years have passed since the withdrawal from his parliamentary office.

Following the resignation of Director Ms. Jayne-Anne Gadhia, the March 31, 2023, Shareholders' Meeting approved the Board of Directors proposal on the reduction at 12 of the number of Directors, in order to ensure continuity in the Board's activities while preserving an optimal set-up. The Board, as composed by 12 Directors, fully complies with the necessary requirements established by law and with the principles identified by the Board itself in its theoretical

⁹ See the following section on the "Maximum number of offices held at other companies"

Board of Directors

profile of March 2021. Its collective composition presents an adequate diversity in terms of gender balance (with a quota equal to 42% of women, which is above the minimum threshold envisaged by the applicable provisions) and of geographical mix. Moreover, there is an adequate number of professional profiles which foster a constructive debate within the Board. All Directors proved also to commit sufficient time for an effective attendance at Board meetings and the significant number of independent Directors ensures the efficient functioning of the Board.

As to the "collective suitability", in particular:

all Directors have international experience and almost all Directors have competencies in financial and international markets;
83% of the Directors has expertise in strategic planning;
75% of the Directors has expertise in sustainability (ESG);
67% of the Directors has expertise in banking business and in legal and regulatory;
58% of the Directors has expertise in banking governance, risk and control, accounting and audit, while 33% of the Directors covers the digital and technological area;
on average, the Directors possess seven of the areas of competence identified by the Board.

The following chart shows the Board of Directors' composition at the Report's approval date, and any changes that occurred during the 2023 financial year.

Position	Members		In office	(M/m)** Slate	Executive	Non-executive	Code per as Independent	TUB per as Independent	TUF per as Independent	*** meetings % attendance Board	positions other of Number ****
		since	Until * Approval of 2023
Chairman	Padoan Pietro Carlo	15-04-2021	financial statements	M		X	X	X	X	100	--
Deputy Vice Chairman	Andreotti Lamberto	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	82.61	1
Chief Executive Officer ◊	Orcel Andrea	15-04-2021	Approval of 2023 financial statements	M	X					95,65	1
Director	Cariello Vincenzo	15-04-2021	Approval of 2023 financial statements	m		X	X	X	X	95,65	1
Director	Carletti Elena	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	100	--
Director	Hedberg Jeffrey Alan	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	100	--
Director	Lara Bartolomé Beatriz Ángela	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	91,30	2
Director	Molinari Luca	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	100	1
Director	Pierdicchi Maria	15-04-2021	Approval of 2023 financial statements	M		X	X	X	X	95,65	2
Director	Tondi Francesca	15-04-2021	Approval of 2023 financial statements	m		X	X	X	X	91,30	--

Director	Wagner Renate	15-04-2021	Approval of 2023 financial statements	M	X		X	X	91,30	6
Director	Wolfgring Alexander	15-04-2021	Approval of 2023 financial statements	M	X			X	91,30	2
			Directors who left during the Reference Period
Director	Gadhia Jayne-Anne (1)	15-04-2021	07-02-2023	M	X	X	X	X	100	1
	Quorum required for submission of slates for the latest appointment: 0.5%
No. of meetings held during the Reference Period: 23
NOTE:
*	The UniCredit Shareholders' Meeting called to approve the 2023 financial statements is planned for April 12, 2024.
**	M = Member elected from the slate that obtained the majority of the Shareholders' votes
	m = Member elected from the slate voted for by the Shareholders' minority
*** Meetings attendance percentage (number of meetings attended/number of meetings held during the concerned party's term of office with regard to the Reference
Period)
**** Number of positions as Director or Auditor held at other listed companies or large companies. A list of such companies for each Director is attached to the Report
◊ Director in charge of the internal controls and risks management system

(1) Resigned effective from February 7, 2023

The Board of Directors members comply with the requirements envisaged under applicable provisions. Directors' personal qualities comply with the indications of the theoretical profile approved by the Board of Directors in March 2021 and meet the suitable requirements under the ECB's "Guide to fit and proper assessments".

For more details on the composition of this corporate body and on personal and professional characteristics of each Director and of the Board Secretary, please see the information published on the UniCredit website¹⁰. With regard to the requirements UniCredit Directors must meet, in addition to those envisaged under applicable laws and regulatory provisions, please see the "Qualitative and Quantitative Profile of UniCredit S.p.A. Board of Directors" document, which is published on the Company's website.

The following charts shows the composition of the Board of Directors at the Report's approval date.

Directors	First appointment date	Directors	First appointment date
Andreotti Lamberto	April 2018	Orcel Andrea	April 2021
Cariello Vincenzo	April 2018	Padoan Pietro Carlo	October 2020
Carletti Elena	February 2019	Pierdicchi Maria	April 2018
Hedberg Jeffrey Alan	April 2021	Tondi Francesca	April 2018
Lara Bartolomé Beatriz Ángela	February 2020	Wagner Renate	April 2021
Molinari Luca	April 2021	Wolfgring Alexander	May 2013

Directors' seniority in office since their first appointment date

¹⁰ The UniCredit website address where the information on Directors is available is:

https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-directors.html

Board of Directors

Core competencies

Each Director with his/her theoretical and practical experience allows the Board to understand the Company's activities and main risks. The skills matrix reflects the core competencies, envisaged in the March 2021 theoretical profile, that the Board of Directors deemed to be significant in assessing both the personal qualities and the collective suitability of its own members.

* * *

The following chart highlights the means of attendance of Directors (in office as at December 31, 2023) at Board meetings held in 2023. The attendance to the meetings was allowed both in person and remotely.

	2023
Board of Directors		Attendance	%	Means of attendance
	Meetings			physical	by teleconference	via phone
Padoan Pietro Carlo (Chairman)	23	23	100%	15	8
Andreotti Lamberto (Deputy Vice Chairman)	23	19	82.61%	6	13
Orcel Andrea (Chief Executive Officer)	23	22	95.65%	15	7
Cariello Vincenzo	23	22	95.65%	16	5	1
Carletti Elena	23	23	100%	17	6
Hedberg Jeffrey Alan	23	23	100%	17	6
Lara Bartolomé Beatriz Ángela	23	21	91.30%	10	11
Molinari Luca	23	23	100%	6	17
Pierdicchi Maria	23	22	95.65%	14	8
Tondi Francesca	23	21	91.30%	8	13
Wagner Renate	23	21	91.30%	2	19
Wolfgring Alexander	23	21	91.30%	10	11
average attendance	276	261	94.56%	136	124	1

Board of Directors

Time commitment and number of offices

Based upon the nature, quality and complexity of the office, and given the provisions contained in the relevant regulations, having sufficient time to fulfil the role is an essential requirement that Directors must guarantee, including in relation to activities arising from taking part in Board Committee proceedings.

According to its qualitative and quantitative profile, the UniCredit Board recommends that candidates accept the office only if they believe they are able to dedicate the necessary time to that position, considering the following factors: their other professional or personal commitments and circumstances, as well as performing roles at other companies; the nature, scale and complexity of the activities performed, the size and the situation of the entities where such positions are held, and the place or country where such entities are based.

Also in line with the ECB guidelines, the Board carried out an estimate to be intended as a reference for assessing the minimum time needed for appropriate meeting attendance, which is summarised in the following chart.

Chair of the Board of Directors	2/3 days per week
Chief Executive Officer	full time
Chair of a Board Committee	2 days for each Committee's meeting
Non-executive Director	21 days per year
Member of the Corporate Governance & Nomination Committee	15 days per year
Member of the Internal Controls & Risks Committee	15 days per year
Member of the Remuneration Committee	10 days per year
Member of the Related-Parties Committee	13 days per year

With specific reference to the ESG Committee established in April 2021, the minimum time needed for appropriate meeting attendance was estimated in 12 days per year.

With specific reference to Board of Directors and Committee meeting attendance percentages, this should not fall any lower than 75% per annum; attendance should preferably be physical, save for extraordinary meetings.

Finally, with reference to limits upon the maximum number of offices that UniCredit Directors may hold, it should be noted that since December 2008, in its Regulations and in the qualitative-quantitative profiles approved in 2012, 2015 and 2018, the Board has expressed an opinion on the maximum number of offices that may be held at the same time by the Company's Directors.

In the document dealing with the qualitative and quantitative profile as most recently approved in March 2021, the Board recalled the specific limits envisaged under the Decree issued by the Ministry of Economics and Finance no. 169 dated November 23, 2020, concerning the rules on suitability requirements and criteria for holding offices as corporate officer, inter alia, of banks, according to Section 26 of the TUB.

According to the above-mentioned theoretical profile, UniCredit consequently envisages that each Director may hold an overall number of positions in banks or other commercial companies equal to one of the following alternative settings:

one executive position and two non-executive positions

four non-executive positions

with the following specifications:

a) offices refer to positions held on the Board of Directors, Supervisory Board, Management Board, Board of Statutory Auditors, or as General Manager; in foreign companies, offices refer to positions equivalent to the above, on the basis of relevant regulations applicable to the companies;
b) for the purposes of calculating the above limits
- i. the position held in UniCredit is included;
- ii. the following aggregation mechanism is applied: the total number of positions held is considered as a single office when the offices are held within (i) the same group and (ii) in companies not belonging to the UniCredit Group, in which UniCredit holds a qualifying shareholding as defined by Section 4 of the Regulation (EU) no. 575/2013, namely a direct or indirect holding in an undertaking which represents 10% or more of the share capital or of the voting rights or which makes it possible to exercise a significant influence over the management of that undertaking,. The set of positions counted as a single position is considered as an executive position if at least one of the positions is executive; in other cases, it is considered as non-executive;
- iii. the following positions are not considered: (i) in companies or entities whose sole purpose is to manage the private interests of a corporate officer or of his/her spouse who is not legally separated, of a person bound by a civil union or a de facto cohabitation, or of a relative or a relative-in-law up to the fourth degree, and which do not require any type of day-to-day management by the corporate officer; (ii) as a professional in a company comprising professionals; (iii) as a substitute statutory auditor.

The holding of one non-executive additional post, with respect to the above limits, is allowed only if it does not jeopardize the possibility of the Director to commit an adequate time to the post in UniCredit to carry effectively out his/her functions under the limitations established by the afore-mentioned Decree no. 169/2020.

* * *

The following chart shows the overall number of offices as Director held in other companies by current Directors at the Report's approval date. Compliance with the limits on the maximum number of offices that Directors may hold in other companies envisaged under the applicable provisions was evaluated by taking into consideration the weighting applicable to offices held in the same group, pursuant to declarations made by Directors themselves.

Directors	Overall number of offices as director held in other companies	Directors	Overall number of offices as director held in other companies
Andreotti Lamberto	1	Orcel Andrea	2
Cariello Vincenzo	1	Padoan Pietro Carlo	--
Carletti Elena	--	Pierdicchi Maria	2
Hedberg Jeffrey Alan	--	Tondi Francesca	--
Lara Bartolomé Beatriz Ángela	2	Wagner Renate	6 (1)
Molinari Luca	1	Wolfgring Alexander	4 (1)

(1) Weighting applicable to offices held within the same group was taken into consideration and/or the fact that offices that do not mainly pursue commercial aims do not count were taken into consideration.

* * *

Moreover, Directors must take into account the provisions of Section 36, Law Decree no. 201/2011 (a ban on interlocking directorships) which was approved as a statute under Law no. 214/2011, which establishes that the holder of a seat on a managerial, supervisory or controlling body, as well as top management officers in companies or groups of companies active in banking, insurance and financial markets, are forbidden from holding similar offices, or to exercise similar duties, in competing companies or groups of companies. The Board must ascertain

Board of Directors

whether such situations fall under the provision of Section 36 and potential new circumstances of supervening competition.

Induction initiatives and recurring training

In UniCredit a permanent induction program is active for the Board members, also to the benefit of the Board of Statutory Auditors members, based on three-year cycles connected to the Board mandate, with the aim of ensuring an ad hoc training on a continuous basis that takes in account both their individual and collective needs.

The induction program and the recurring training, which are put in place with the support of an external consultant, respectively include sessions aimed at fostering the integration of new Directors and trainings to preserve over time the expertise needed for the proper fulfilment of their duties.

In addition, individual training plans will be activated in the event it is deemed necessary to strengthen specific individuals' technical knowledge and expertise, also to increase the level of diversity and the collective experience of the Board of Directors.

Over the Reference Period, training sessions for the Board of Directors, or members of each Board Committee covering their competence area, have focused on topics relating to business, corporate governance, bancassurance, digital technology, cyber crisis simulation, risks management with a particular focus on ESG risks, and legal/regulatory deep-dives, with the aim of ensuring awareness and knowledge of the risk profile adopted by the Group.

More specifically, training schemes focused on the in-depth examination of the above-mentioned topics, were prepared and implemented, also with the support of experts outside the Bank.

4.3 Board of Directors' role

Meetings and functioning

During the Reference Period, the Board of Directors met twenty-three times, with an average length of about three hours and fifty minutes.

For the 2024 financial year, 16 meetings have been planned, of which 5 already held as at February 29, 2024.

One of the Chair's responsibilities is planning Board meetings also in respect of the items on the Agenda, which are proposed by the Chief Executive Officer. The activities are carried out with the support of the Board Secretary, appointed by the Board of Directors pursuant to the UniCredit Articles of Association, for three financial years, who is not necessarily a Board member. Furthermore, the Chair ensures that the time necessary for effective discussion of the items on the Agenda is allowed, and during meetings encourages Directors to share their input.

The Secretary, who possesses adequate experience, assists the Board with independence of judgement on all relevant aspects for the correct functioning of the corporate governance system.

Upon invitation of the Chair, the personnel belonging to the Company and the Group may attend Board of Directors' meetings on specific items on the Agenda. In 2023, Group Executive Committee members, the Manager in charge of drafting the company financial reports, as well as the Head of Internal Audit and the other members of Management at the Company and Group were invited to attend Board meetings, without voting rights, to report on specific issues as well as to assist the Chief Executive Officer in making presentations to the Board.

In particular, the Heads of control functions (i.e., Group Risk Management, Group Compliance, Group Legal and Internal Audit) attended all the ordinary Board's meetings - mainly in the Risk Committee section - except for the meetings focused on the results' approval, which involved the prevailing attendance of the CFO as well as of the Manager in charge of drafting the company financial reports and the Group Risk Management. The functions related to the other Board Committees, whose activities are promptly reported to the Board, regularly attended Board's meetings (e.g., Group People & Culture e Group Strategy & ESG). Lastly, Group Digital & Information, Group Operations, Group Stakeholder Engagement, as well as the functions related to business areas (i.e., Group Client Solutions and the Heads of the geographical areas in which the Group is entailed) attended Board's meetings on a periodical basis to report on specific issues and to assist the Chief Executive Officer, according to the relevant Agenda.

The UniCredit Corporate Bodies and Committees Regulation establishes that, as a rule, appropriate pre-meeting documentation and information necessary for Directors to take resolutions in an informed manner are made available to Directors and Statutory Auditors at least three days prior to the Board meeting. In the cases in which it was not possible to made available the necessary documentation pursuant to the above terms, the Chair ensured that adequate explanation of the topics was provided by the Chief Executive Officer during the Board meetings.

The Board Secretary prepares summary minutes of the discussions and decisions taken by the Board itself. The minutes also give proper account of any disagreements expressed by Directors on specific topics and their motivations. As soon as available, minutes are, as a rule, submitted to the Directors at the first Board meeting. Minutes signed by the Chair of the meeting and the Secretary are kept under the responsibility of the Secretary and are available for consultation by Directors and Statutory Auditors who may wish to consult them. Where envisaged under applicable laws and regulations, a copy of the minutes containing the resolutions taken by the Board is sent to the Supervisory Authority.

Duties

Pursuant to Clause 23 of the Articles of Association, matters reserved to the Board of Directors' competency include resolutions on general guidelines and the adoption and amendment of business, strategic and financial plans for the Company, as well as periodic monitoring of their implementation.

Moreover, in compliance with Corporate Bodies and Committees Regulation, the Board shall have exclusive competence for:

determining general operational guidelines for the Group's growth policies preparatory to drafting strategic, industrial and financial multi-year plans and operating budgets for the Company and the Group, also on the basis of the analysis of issues relevant to long-term value generation for the benefit of Shareholders, taking also into account the interests of relevant stakeholders, in addition to periodically reviewing whether these guidelines match corporate activities and external circumstances, adopting and amending such plans and checking that they are appropriately implemented;
establishing guidelines for the internal controls system consistent with the strategic guidelines and risk appetite established by the Board itself, according to instructions issued by the Supervisory Authorities and applicable laws. On a yearly basis, the Board sets out and approves the Group Risk Appetite Framework consistent with the Budget process timeline, defines the financial plan and establishes policies to govern the risks to which the Group may be exposed, as well as risk targets and tolerance thresholds, reviewing them periodically to ensure that they remain effective over time. Furthermore, with regard to credit risk, the Board approves general guidelines for the risk mitigation technique management system;
approving the UniCredit organisational structure and corporate governance, to ensure a clear distinction of responsibilities and functions, as well as preventing conflict of interest, covering the corporate structure and Group governance models and guidelines. Furthermore, the Board verifies that the UniCredit overall corporate governance and organizational structure is correctly implemented, promptly implementing corrective measures to tackle any shortcomings or inadequacies detected;

Board of Directors

examining and approving transactions undertaken by the Company and companies belonging to the Group which are significant from a strategic, economic, balance-sheet and financial perspective.

For the purpose of informing the Company's Board of Statutory Auditors on such topics pursuant to applicable regulatory provisions, the Board has defined criteria for identifying transactions of strategic, economic, equity-related and financial relevance to UniCredit S.p.A., with specific reference to situations in which one or more Directors hold an interest directly or on behalf of third parties and, more in general, transactions with related parties. Specifically, all transactions of a critical or relevant nature must be reported to the Board of Statutory Auditors, and in any case those concerning:

entry/consolidation of the position in a strategic sector/market;
definition/modification of shareholding structures with third party partners with whom governance-related agreements are executed;
decisions impacting strategic equity holdings;
decisions significantly impacting the organisational structure of the Company or the Group;
situations in which economic/equity-related/financial thresholds (as defined by the Board) are exceeded in relation to the type of transactions involved;
modifications to the Company's share capital structure;
new legal proceedings and developments in existing ones determining potential liabilities in excess of a certain threshold defined as per the decision of the Board, or potentially at risk of becoming relevant for the company's sector ("pilot proceedings").

Pursuant to Section 136 of the TUB, resolutions concerning obligations of any kind or purchase or sale agreements implemented by the UniCredit corporate officers, directly or indirectly, with the same Bank fall within the Board of Directors' exclusive responsibility.

* * *

The Board of Directors:

continuously monitors general management performance, with special reference to conflict of interest management - also by analysing the information received from the delegated bodies and the Board Committees, and periodically comparing results against targets - as well as assessing the adequacy of the organisational, administrative and accounting structure of UniCredit and, also by issuing policies and guidelines, of all of its strategically-relevant subsidiaries, with particular regard to the internal control and risk management system and the conflict-of-interest management, ensuring that the Bank's structure matches the activities it undertakes and the business model adopted, as well as avoiding the creation of complex structures unjustified by operational ends;
ensures that major corporate risks are correctly identified, measured, managed and adequately monitored, taking into account how they evolve and interact and, furthermore, establishing criteria to ensure that such risks are compliant with sound and prudent Company management.

In particular, the Board identified the following controlled companies as having strategic relevance: UniCredit Bank GmbH, and UniCredit Bank Austria AG.

The role played by the Chair of the Board

The Chair is responsible for ensuring that the corporate governance system functions effectively, also with regard to any aspects related to internal and external communications, serving as an interlocutor for the Board of Statutory Auditors and the Board Committees; while remaining neutral, the Chair promotes dialogue among executive and non-executive positions, seeking the active participation of non-executive members in the Board's proceedings so that the resolutions it reaches are the result of adequate debate and an informed and effective contribution from all of its members.

In particular, the Chair ensures that:

i) in good time, Directors are sent supporting documentation on the Board's deliberations or, at the very least, initial information on the issues under debate;
ii) supporting documentation and information on resolutions, in particular documents distributed to non-executive members, are adequate in terms of quantity and quality in regard to the items on the Agenda;
iii) when preparing the Agenda and chairing Board discussions, issues of strategic relevance are given priority, and that all necessary time is set aside for them;
iv) the Heads of the corporate control functions have direct access to the Board of Directors when necessary. To this end, meetings between the Chair and the Heads of the corporate control functions are organized on a regular basis;
v) as a rule on a quarterly basis, opportunities are arranged for all Directors to meet, also apart from Board meetings, in order to investigate and discuss strategic issues;
vi) the self-assessment process is undertaken effectively, its terms and conditions comply with the degree of complexity of the Board's work, and envisaged corrective measures are adopted to tackle any detected shortcomings;
vii) inclusion programs and training schemes are prepared and implemented for members of the Board of Directors and Board of Statutory Auditors, along with succession plans for senior management positions.

Moreover, the Chair manages relations with Shareholders and the Supervisory Authorities with regard to matters falling within his/her remit and activities as a liaison to the Board of Directors and Shareholders' Meeting, in agreement with the Chief Executive Officer.

In order to effectively carry out his/her duties, the Chair, who has a non-executive role and does not undertake operational functions, even in a de facto manner, maintains necessary and advisable relations with the Chief Executive Officer, has access to all company functions, may attend Board Committee and managerial Committee meetings, receives information, including on specific topics, regarding the management of the Company and the Group as well as on the general current and expected performance of the management itself.

Where absent or impeded, the Chair is replaced by the Vice Chair. Where both the Chair and Vice Chair are absent or impeded, the meeting is chaired by the oldest Director.

Self-assessment

On February 16, 2024, the Board of Directors closed the recurring self-assessment process focused on the adequacy of the Board and its Committees in terms of composition and functioning. The self-assessment process, focused on the last year of the 2021-2023 mandate, has been performed in accordance with the provisions of the Corporate Bodies and Committees Regulation, adopted in compliance with Supervisory Regulations on banks' corporate governance, and in line with the recommendations of Article 4 of the Italian Corporate Governance Code.

For the performance of the self-assessment process, UniCredit engaged Spencer Stuart, external consultant selected by the Chair of the Board, upon proposal of the Corporate Governance & Nomination Committee, also on the basis of the neutrality, impartiality and independence of judgement requirements provided by the Corporate Bodies and Committees Regulation. In 2023 Spencer Stuart had some other professional relationships with the UniCredit Group of such relevance unable to compromise its independence.

In compliance with the provisions of the Corporate Bodies and Committees Regulation, the self-evaluation process also covers:

qualitative and quantitative composition, size, degree of diversity, professional training, experience (including managerial), seniority in the present post, a guaranteed balance of non-executive and independent members, adequacy of the appointments processes and selection criteria, and ongoing professional development;

Board of Directors

meeting sessions, frequency, duration, the degree and form of attendance, sufficient time available to dedicate to the assignment, a trust-based relationship, cooperation and interaction among members, awareness of the role covered, and the quality of debate on the Board.

With assistance from Spencer Stuart, the process has been broken down into the following stages:

examination: carried out in accordance with the provisions of the Corporate Bodies and Committees Regulation;
assessment of the outcome of the self-assessment process, in order to identify strengths and weaknesses that emerged and to draw up a proposal for actions deemed appropriate;
drawing up of the process outcome summary document: results from the analysis were set out in an ad hoc document which illustrates, among others, the methodologies used, the individuals involved and the results achieved, highlighting strengths and weaknesses, and any proposed necessary corrective action.

The 2023 Board review follows similar initiatives that have been conducted on an annual basis by the Board of Directors since the formal adoption of the 2006 Italian corporate governance code.

Directors were asked to give their views on the functioning of the Board, highlighting the main topics and issues that they consider significant strengths and/or areas of improvement.

The self-assessment process, carried out through an on-line and anonymous questionnaire, was focused on a variety of topics concerning the composition and functioning of the Board of Directors and its Committees, with the aim of supporting Directors in identifying further areas in which to improve Board of Directors' performance. In addition to the completion of said questionnaire by all Directors, the process has included one-to-one interviews with Spencer Stuart consultants during which the most important aspects highlighted by each Director were discussed. As part of the process also the Chair of the Board of Statutory Auditors and the Secretary of the Board were met.

In particular, the questionnaires and the interviews included different sections aimed at verifying:

the progress against the recommendations from the 2022 Board review and the mitigation plan put in place by the Chair;
the effectiveness of the Board of Directors on key issues, such as, among others, the definition of corporate strategies, the internal control and risks management system, sustainability, etc.;
the organization and conduct of Board meetings, with particular regard to the thoroughness and promptness of the information flows, to the quality of the minutes and to the support provided by the Secretariat of the Board of Directors and by the top management;
the dynamic of the Board's discussions and the decision-making processes followed;
the role and responsibility of Directors, with a specific focus on the Chair and the Chief Executive Officer;
the Committee's functioning and the effectiveness of their activities in supporting the Board of Directors.

The final year of the 2021-2023 mandate has taken place against the backdrop of strong business performance and multiple changes to the senior management team. In their third year of working together, the interactions between Board members have improved further, relationships have strengthened, and they attest to a positive level of teamwork and a strong sense of mutual trust and respect. Directors' knowledge of the bank and the sector has continued to deepen. The Board's relationship with management is generally open, positive, and transparent. Board members attested to the full transparency the Chief Executive Officer brings to the table.

The results of the Board review for the 2023 highlight a positive overall picture of the conduct of UniCredit's Board of Directors and its Committees, demonstrating that these bodies operate effectively and transparently, in accordance with the best national and international corporate governance practices, as confirmed by the consulting firm.

It has been an important year for governance with the decision to move to a monistic structure. The Directors are made aware of the inherent challenges of the transition to a new governance model; they emphasized the importance of systematically monitoring the impact of the monistic implementation assigning priority – to be faced in the immediate period of transition – to the new set up of the committee structure in order to guarantee overall Board effectiveness.

Relevant part of the process was dedicated to the analysis and composition of the future board, so that Directors' suggestions and comments could be taken in consideration in the definition of the theoretical profile to be updated and approved. With reference to the composition, Directors commonly suggest to guarantee the inclusion of senior and experienced individuals holding not only strong and extensive competencies in banking, risk, audit and control able to sit into the (newly formed) Audit Committee - but also able to contribute to a variety of the Board's discussions, especially in terms of the future strategy of the Bank.

The following strengths arise from the analysis prepared by the advisor:

(i) Directors have a positive attitude, shared values and pride of belonging;
(ii) the quality of discussion is generally viewed as high, and all Directors feel they can freely express their views;
(iii) the relationship between the Board and management is viewed as constructive and there is a common respect and recognition for the Chief Executive Officer;
(iv) the relationship between the Chair and the Chief Executive Officer is well balanced and constructive, with the right amount of support and challenge;
(v) the quality of the Committees' work and the support provided by them to the activity of the Board of Directors is highly appreciated.

The analysis carried out by the advisor also revealed a number of areas on which attention should be focused in order to make the Board of Directors' actions even more effective. Considering the newly elected Board, it will be essential to:

(i) launch a well-organized and structured onboarding and induction program, with immediate focus on the monistic governance system and its implications;
(ii) organize as many opportunities as possible for the Board to meet in person and spend time together both in the boardroom and in informal sessions, such as off-site or Bank events;
(iii) reflect on the current set-up of the Committees and their effectiveness within the monistic framework;
(iv) plan a Strategy session to discuss and define the long term strategy. This strategy session would ideally be held off-site or at some of the Bank's premises outside Milan;
(v) continue addressing the occasional delays on paper delivery;
(vi) review the format of certain management presentations to make them shorter and more effective.

When asked about the main challenges they envisage for UniCredit's Board in the coming years, Board members cited the economic environment, strategy, technology, business performance, succession planning for the Board, Chief Executive Officer and top team and the imperative of climate change.

Competitive business

At the Shareholders' Meeting held on April 15, 2021, when the Board of Directors was undergoing renewal, no request of general and prior authorisation was submitted regarding the exercise of competing business by Board members, pursuant to Article 2390 of the Italian Civil Code.

No relevant cases pursuant to this Article emerged during the Board's assessments of the requirements envisaged under law for Directors appointed by the above-mentioned Shareholders' Meeting.

Board of Directors

Furthermore, while it is up to each Director to report any such situation arising pursuant to Article 2390 of the Italian Civil Code, the Board of Directors was not required to assess the merits of any situations during the Reference Period.

4.4 Executive Directors

Chief Executive Officers

The empowerment (and disempowerment) of Directors is the Board's responsibility. It is the Board that sets out the subject matter, limits and performance criteria for delegation of powers.

The only Board member with managerial powers is the Chief Executive Officer, Mr. Andrea Orcel, to whom the Board of Directors granted powers, within pre-defined limits and also with the faculty to sub-delegate them, across all sectors of Bank business.

For information on what powers have been granted, please consult the "Managerial powers" to this Report.

Chair of the Board of Directors

The Chair has not been granted authorities for the management of the Company or power for the design of the corporate strategies and does not undertake operational functions, not even in a de facto manner, and therefore does not fulfil any executive role. The Chair does not hold a relevant share of the Company equity.

Other executive Directors

None of the Directors who sit on the UniCredit Board of Directors - besides the Chief Executive Officer - can be defined as executive pursuant to the Italian Corporate Governance Code's recommendations.

Reporting to the Board

Information flows among and within the corporate bodies is a prerequisite for achieving managerial efficiency and effective control objectives.

UniCredit has procedures to ensure adequate information flows among its corporate bodies. As regards in particular the internal controls system, these flows, their content and deadlines are identified in detail by the Board of Directors in its Document of corporate bodies and control functions approved by the Board itself. The Corporate Bodies and Committees Regulation identifies a list of parties required to dispatch information flows on a regular basis to corporate bodies, including an illustration of minimum content and the timing of the main flows.

In particular, in the exercise of all the proposal and decision-making powers and/or power to submit information to the Board of Directors, the Chief Executive Officer was the recipient of the information flows that Bank structures address to the body with supervisory functions, in compliance with the legal and regulatory provisions in force at the time.

Furthermore, the Chief Executive Officer, having been empowered by the Board to carry out activities the Company may undertake pursuant to Clause 4 of the Articles of Association, has provided the Board of Directors - with the methods and timeframe established - with adequate information flows on the exercise of delegated powers, specifically highlighting any relevant associated risk according to the terms and conditions defined by the Board itself. Information on such powers is contained in the "Managerial powers" Annex to this Report.

4.5 Independent Directors

In compliance with the provisions in force from time to time as well as in line with the criteria envisaged under the Italian Corporate Governance Code (corresponding with those envisaged under the UniCredit Articles of Association), non-executive Directors' independence shall be assessed by the Board of Directors upon their appointment, as well as during the mandate upon the occurrence of circumstances concerning their independence and, in any case, at least once a year, on the basis of information provided by the Directors themselves or however available to the Company, also considering any circumstance that affects or could affect such requirement. The outcome of these Board assessments shall be disclosed to the market after the appointment, through a press release and, subsequently, via the Corporate Governance Report.

Since several years UniCredit deploys a structured process for gathering and analysing the information on the existence of direct or indirect relationships (credit, business/professional and employee relationships, as well as significant offices held) that Directors and other connected subjects may have with UniCredit and Group companies. Said process complies with the assessment criteria identified by the Company for an overall evaluation of both objective and subjective aspects concerning any relevant relationship, and is also based on quantitative parameters defined in monetary terms.

The Corporate Governance & Nomination Committee and the Board of Directors assessed with a positive outcome the Directors' independence requirements based on statements made by the parties concerned and on information available to the Company. In 2023, the Board of Directors ascertained the Directors' independence requirements during its yearly evaluation (meeting held on July 5).

With specific reference to the independence requirements laid down by the Italian Corporate Governance Code, due consideration was given to the information relating to the existence of direct or indirect relationships (credit, business/professional and employee relationships, as well as significant offices held) that Directors and their other connected subjects may have with UniCredit and Group Companies.

In order to assess the potential significance of the above-mentioned relationships, the Board of Directors has decided not to proceed with merely identifying predefined economic thresholds above which independence would be "automatically" compromised , as such assessment requires an overall evaluation of both objective and subjective aspects. Therefore, for this purpose, the following criteria should be taken into account: (i) the nature and characteristics of the relationship; (ii) the amount in absolute and relative terms of the transactions; and (iii) the subjective profile of the relationship.

More specifically, when assessing the significance of such a relationship, the following information, where available, is considered by the Board:

as far as credit relationships are concerned, the amount in absolute value of the credit granted, its weighting in relation to the system and, where appropriate, the economic and financial situation of the borrower;
as far as business/professional relationships are concerned, the nature of the transaction/relationship, the amount of the consideration and, where appropriate, the economic and financial situation of the counterparty;
as far as offices held in Group companies are concerned, the total amount of any additional remuneration.

Board of Directors

The above-mentioned criteria and information were also taken into due consideration in assessing the independence of the Chair, designated to said role and qualified as independent candidate - pursuant to the Italian Corporate Governance Code and the TUF - within the slate presented by the Board of Directors.

In all the above cases, all the parties involved (Director or family member; UniCredit or Group Company) and, for relationships with companies/entities, the nature of the "connection" (post held/controlling interest) with the Director or the family member, were taken into account.

Also in view of the above, at its July 5, 2023, meeting, the Board checked that Directors met the independence requirements. In particular, with regard to Directors whose information acquired highlighted the existence of such relationships, the Board came to the conclusion that they were not of a nature such as to affect the Director's independence.

With reference to the Board of Directors' composition at the Report's approval date, credit relations with UniCredit and/or Group companies have been identified - and evaluated as being not significant on the basis of the abovementioned criteria adopted - for the Chairman Mr. Padoan and Directors Mr. Cariello, Ms. Carletti, Mr. Molinari, Ms. Pierdicchi and Mr. Wolfgring and relations of a business/professional nature with UniCredit and/or Group Companies for Director Mr. Molinari. In detail:

Chairman Mr. Pietro Carlo Padoan has direct and indirect credit relations of family members of low amount;
Director Mr. Vincenzo Cariello has indirect credit relations of family members of low amount;
Director Ms. Elena Carletti has direct and indirect credit relations of family members of low amount;
Director Mr. Luca Molinari has indirect credit relations and relations of a professional nature of family members;
Director Ms. Maria Pierdicchi has indirect credit relations of family members of low amount;
Director Mr. Alexander Wolfgring has direct and indirect credit relations of family members and connected companies of low amount.

In view of the above, the number of independent Directors as defined in the Italian Corporate Governance Code provisions at the Report's approval date is equal to 9. The overall outcome of the assessments is stated below:

"Independent" Directors pursuant to the criteria envisaged under Section 2, recommendation 7, of the Code: Mr. Andreotti, Mr. Cariello, Ms. Carletti, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Mr. Padoan, Ms. Pierdicchi and Ms. Tondi.

"Independent" Directors pursuant to Section 26 of the TUB and the Decree issued by the Ministry of Economics and Finance no. 169/2020: Mr. Andreotti, Mr. Cariello, Ms. Carletti, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Mr. Padoan, Ms. Pierdicchi, Ms. Tondi and Ms. Wagner.

"Independent" Directors pursuant to Section 148 of the TUF: Mr. Andreotti, Mr. Cariello, Ms. Carletti, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Molinari, Mr. Padoan, Ms. Pierdicchi, Ms. Tondi, Ms. Wagner and Mr. Wolfgring.

Also in line with the March 2021 theoretical profile of the Board, the number of the independent Directors according to the Italian Corporate Governance Code, the TUB, as well as to the TUF, respectively equal to 75%, 83% and 92% of the body's members, is deemed to be suitable both for the Company's needs, also in terms of the functioning of the Board of Directors and its Committees, and for an effective discussion within the body.

At its meeting held on July 18, 2023, the Board of Statutory Auditors ascertained, with a positive outcome, the proper application of the criteria and procedures adopted by the Board of Directors to assess the independence of its own members.

Independent Directors' meeting

Independent Directors meet, without the other Directors, at least once a year and, in any case, when requested by one or more of the independent Directors, to assess matters deemed of interest, including those related to the functioning of the Board of Directors and to the corporate management.

The meetings of the independent Directors do not determine the taking of any decision.

In 2023, as a rule, a meeting among independent Directors was held following each Board of Directors' meeting.

The topics discussed during these meetings concern in-depth issues deemed of interest, as well as topics relating to the functioning of the Board of Directors and the relation between the Board and the management. Since all the 11 non-executive Directors of UniCredit in 2023 were independent according to the TUF, and that 10 of them were also independent according to the TUB and 9 of them were also independent according to the Italian Corporate Governance Code, all the Directors other than the Chief Executive Officer had been invited to such meetings.

4.6 Lead Independent Director

The UniCredit Board of Directors has not so far designated an independent Director as Lead Independent Director, considering that the conditions set forth by the Italian Corporate Governance Code for his/her appointment do not pertain:

(i) where the chair of the board of directors is the person in charge of managing the company (i.e., the chief executive officer) or holds significant managerial powers;
(ii) where the office of chair is held by the person controlling, also jointly, the company;
(iii) where requested by the majority of independent directors.

Board of Directors' internal Committees

In order to better assess the topics under its remit, the Board of Directors also in accordance with the provisions of the Code, has established five Committees, vested with research, advisory and proposal-making powers and competent in different areas: Internal Controls & Risks Committee, Corporate Governance & Nomination Committee, ESG Committee, Remuneration Committee and Related-Parties Committee. Their duties are carried out in accordance with the rules set by the Board.

The Committees consist, as a rule, of 3 up to 5 members. As to their composition, the Internal Controls & Risks Committee, the Corporate Governance & Nomination Committee, the ESG Committee and the Remuneration Committee are composed of non-executive Directors, mostly independent, in compliance with the Banca d'Italia Supervisory Regulations on banks' corporate governance. Such Committees must be differentiated from each other by at least one member and, if a Director appointed by the minorities is present among Board members, that Director is a member of at least one Committee. Each Committee's Chair shall be independent. The Related-Parties Committee, set up in compliance with relevant CONSOB regulatory provisions and Banca d'Italia Supervisory Regulations, consists only of independent Directors pursuant to the Italian Corporate Governance Code.

The Board of Directors does not have under its remit any of the functions which are attributed to the abovementioned Committees in the Code. Committee functions have been allocated among the various Committees consistently with the Code's provisions. None of these Committees performs multiple functions pertaining to two or more committees as envisaged under the Code.

The Committee's tasks are coordinated by its Chair, who exercises all necessary powers for its proper functioning. Each Committee draws up an annual plan of activities to ensure the fulfilment of its tasks. Committee meetings are convened by the Chair with a frequency adequate to the fulfilment of its tasks and plan of activities, or when needed or requested in writing, with proper motivation, by at least two members of the Committee. The provisions set out for the Board of Directors' functioning shall apply, as compatible, to the Board Committees. With reference to the Related-Parties Committee's meetings, only for reasons of urgency, in specific cases dealing with transactions falling into the decision-making powers of the Board of Directors, a meeting may be convened at least twelve hours in advance.

Committee meetings are valid if attended by the majority of their members and their resolutions are taken with a majority of votes cast. Should the Chair be absent or impeded from attending, the meeting shall be chaired by the oldest Committee member. Should the Chair of each Committee consider it appropriate, meetings may be held via conference call or video conference.

The meetings of each Committee were minuted by its Secretary, who is not a member of the Committee, appointed on proposal of its Chair. The minutes gives proper account of any disagreements expressed by Committee members on specific topics and their motivations. Minutes signed by the Chair of the meeting and the Secretary are kept under the responsibility of the Secretary and are available for consultation by Committee members as well as any other Directors and Statutory Auditors who may wish to consult them.

With reference to the composition of the Board Committees, on April 15, 2021, the Board of Directors, appointed by the Shareholders' Meeting held on the same date, set the number of each Committee's members and appointed members to them, taking into account, inter alia, each Director's expertise and experience. More specifically, the Board set:

at four the number of members of the Internal Controls & Risks Committee, appointing the following Directors as members:
- Ms. Elena Carletti (Chairwoman), Ms. Maria Pierdicchi, Ms. Francesca Tondi and Mr. Alexander Wolfgring;
at three the number of the members of the Corporate Governance & Nomination Committee, the ESG Committee, the Remuneration Committee and of the Related-Parties Committee, appointing the following Directors as respective members:
- Mr. Lamberto Andreotti (Chairman), Ms. Jayne-Anne Gadhia and Mr. Alexander Wolfgring;
- Ms. Francesca Tondi (Chairwoman), Ms. Beatriz Ángela Lara Bartolomè and Mr. Jeffrey Alan Hedberg;
Ms. Jayne-Anne Gadhia (Chairwoman), Mr. Luca Molinari and Ms. Renate Wagner;
Ms. Maria Pierdicchi (Chairwoman), Mr. Vincenzo Cariello and Ms. Elena Carletti.

Following the resignation of Director Ms. Jayne-Anne Gadhia, the Board of Directors:

- appointed Mr. Jeffrey Alan Hedberg as Chair of the Remuneration Committee, immediately restoring its composition (in its meeting held on February 16, 2023);
integrated the current composition of the Board Committees by appointing (i) Ms. Maria Pierdicchi as member of the Corporate Governance & Nomination Committee; consequently, she is no longer a member of the Internal Controls & Risks Committee; and (ii) Mr. Pietro Carlo Padoan as member of the Internal Controls & Risks Committee to ensure continuity to the Committee and strengthen its seniority (in its meeting held on March 30, 2023).

Committee members have the necessary knowledge, skills and experience to perform the duties assigned to them and ensure that any other corporate positions they hold in other companies or entities (including non-Italian ones) are compatible with their availability and commitment to serve as a Committee member.

The following chart shows Committee composition at the Report's approval date, and any changes that occurred during the 2023 financial year.

					Internal Controls & Risks Committee		Corporate Governance & Nomination Committee		ESG Committee Remuneration Committee		Related-Parties Committee
Members	Exec.	Non exec.	Indep. as Code	*	**	*	**	*	**	*	**	*	**
Padoan Pietro Carlo		X	X	M (1)	100%
Andreotti Lamberto		X	X			C	100%
Orcel Andrea	X
Cariello Vincenzo		X	X									M	100%
Carletti Elena		X	X	C	100%							M	100%
Hedberg Jeffrey Alan		X	X					M	100%	C (2)	100%
Lara Bartolomé Beatriz Ángela		X	X					M	100%
Molinari Luca		X	X							M	100%
Pierdicchi Maria		X	X	M (3)	100%	M (1)	100%					C	100%
Tondi Francesca		X	X	M	100%			C	100%
Wagner Renate		X								M	91.67%
Wolfgring Alexander		X		M	91.30%	M	95%
----- Members who left during the Reference Period -----
Gadhia Jayne-Anne		X	X			M (4)	90%			C (4)	100%
No. of meetings held during the Reference Period		IC&RC: 23		CG&NC: 20		ESGC: 9		RC: 12		RPC: 16
Note:

* A "C" (Chair) or an "M" (Member) in this column shows that the member of the Board of Directors belongs to the Committee and also indicates his/her position

** Meetings' attendance percentage (number of meetings attended/number of meetings held during the concerned party's term of office with regard to the Reference Period)

(1) Office held since March 30, 2023

(2) Office held since February 16, 2023

(3) Office held until March 30, 2023

(4) Office held until February 7, 2023

Board of Directors' internal Committees

Upon invitation of each Committee Chair, the Chief Executive Officer, other Directors, the General Manager (when appointed), the Manager in charge of drafting the company financial reports, as well as personnel belonging to the Company and the Group, may attend Committee meetings on specific Agenda items. Without prejudice to the possibility for the other Statutory Auditors to attend the meetings, the Chair of the Board of Statutory Auditors - or any other Statutory Auditor designated by the latter - attends Board Committee meetings. Always at the invitation of each Committee Chair, personnel or externals appointed in the corporate bodies of the Group's subsidiaries may be called upon to attend Committee meetings.

During the Reference Period, the spending requirements of the Board Committees were met by an ad hoc budget. In fact, in order to perform their duties, Board Committees have access to the financial resources necessary to guarantee their operational independence and, within the limitations of the budget approved by the Board of Directors, may consult independent external experts and invite them to attend meetings; in the event of specific requirements, the relevant budget may be supplemented.

Furthermore, Committees are assured the necessary tools and information flows from the competent functions to enable them to conduct their evaluations.

Each Committee Chair reported to the Board of Directors during the first available meeting on activities carried out by the Committee, with the support of specific documentation.

Board Committees' functions and competencies are set out in the UniCredit Corporate Bodies and Committees Regulation as resolved by the Board¹¹. For information on Board Committees composition, please refer to the UniCredit website¹².

* * *

The following charts highlight the means of attendance of Board Committees members (in office as at December 31, 2023) at meetings held during 2023. The attendance to the meetings was allowed both in person and remotely.

	2023
Internal Controls & Risks Committee		Attendance	%	Means of attendance
	Meetings			physical	by teleconference	via phone
Carletti Elena (Chairwoman)	23	23	100%	22	1
Padoan Pietro Carlo (1)	16	16	100%	11	5
Tondi Francesca	23	23	100%	13	10
Wolfgring Alexander	23	21	91.30%	13	6	2
average attendance	85	83	97.65%	59	22	2

(1) Office held since March 30, 2023

¹¹ The UniCredit website address where the Corporate Bodies and Committees Regulation is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies.html

¹² The UniCredit website address where information on Directors is available is:

https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-directors.html

	2023
Corporate Governance & Nomination Committee	Meetings	Attendance	%	Means of attendance
				physical	by teleconference	via phone
Andreotti Lamberto (Chairman)	20	20	100%	5	15
Pierdicchi Maria (1)	16	16	100%	9	7
Wolfgring Alexander	20	19	95%	5	14
average attendance	56	55	98.21%	19	36

(1) Office held since March 30, 2023

	2023
ESG Committee	Meetings	Attendance	%	Means of attendance
				physical	by teleconference	via phone
Tondi Francesca (Chairwoman)	9	9	100%	5	4
Hedberg Jeffrey Alan	9	9	100%	6	3
Lara Bartolomé Beatriz Ángela	9	9	100%	5	4
average attendance	27	27	100%	16	11

	2023
Remuneration Committee	Meetings	Attendance	%	Means of attendance
				physical	by teleconference	via phone
Hedberg Jeffrey Alan (Chairman) (1)	10	10	100%	3	7
Molinari Luca	12	12	100%		12
Wagner Renate	12	11	91.67%	1	10
average attendance	34	33	97.06%	4	29

(1) Office held since February 16, 2023

	2023
Related-Parties Committee	Meetings	Attendance	%	Means of attendance
				physical	by	via phone
					teleconference
Pierdicchi Maria (Chairwoman)	16	16	100%	13	3
Cariello Vincenzo	16	16	100%	13	3
Carletti Elena	16	16	100%	11	5
average attendance	48	48	100%	37	11

5.1 Internal Controls & Risks Committee

Composition

According to the provisions in the Corporate Bodies and Committees Regulation, the Internal Controls & Risks Committee consists of four non-executive Directors.

As at February 29, 2024, the composition of the Internal Controls & Risks Committee is the following: Ms. Elena Carletti (Chairwoman), Mr. Pietro Carlo Padoan, Ms. Francesca Tondi and Mr. Alexander Wolfgring.

Board of Directors' internal Committees

The majority of the members of the Committee complies with the independence requirements provided by Section 2, recommendation 7, of the Italian Corporate Governance Code and Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020; all the members are independent according to Section 148 of Italian Legislative Decree no. 58 dated February 24, 1998.

The majority of the members of the Committee has the experience required under applicable provisions, covering the provided areas of competence related to risk and control as well as accounting and audit.

* * *

The Chair of the Board of Statutory Auditors, the Head of Internal Audit, the Group Compliance Officer and the Group Risk Officer attend the Committee meetings. Upon invitation of the Committee Chair, the Chief Executive Officer, other Directors, the Manager in charge of drafting the company financial reports, as well as personnel belonging to the Company and the Group, may attend Committee meetings. Furthermore, representatives from the external audit firm may also be invited.

During 2023, the Committee meetings were attended by:

the Chair of the Board of Statutory Auditors in all the cases and another Statutory Auditor on a periodic rotation basis set by the Board of Statutory Auditors, as well as the entire Board of Statutory Auditors upon invitation of the Committee Chair;
the Heads of the corporate control functions (Internal Audit, Group Compliance and Group Risk Management);
the Chair of the Board of Directors upon invitation of the Chair (until his appointment as Committee's member);
the Manager in charge of drafting the company financial reports upon invitation of the Chair and in occasion of discussions dealing with accounting and linked topics;
the representatives of the external audit firm in 3 meetings for topics concerning its tasks upon invitation of the Chair;
corporate officers of the following additional Company functions/Group Companies, for the topics under their remit that from time to time are part of the Agenda:
- Group Finance, in 14 meetings;
- Group Regulatory Affairs, in 8 meetings;
- Group Digital & Information, in 2 meetings;
- Group Operations, in 2 meetings;
- Italy, in 3 meetings;
- Group People & Culture, in 4 meetings;
- Group Strategy & ESG, in 2 meetings;
- Group Legal, in 3 meetings;
- Group Client Solutions, in 2 meetings;
- UniCredit Bank AG Research, in 2 meetings.

In 2023, the Committee was not supported by external consultants.

Roles and Responsibilities

The Internal Controls & Risks Committee supports the Board of Directors on risk management and control-related issues. Hereinafter, the main roles assigned in accordance with the current Corporate Bodies and Committees Regulation.

With a special focus on risk management and control-related issues, the Committee supports the Board of Directors in:

defining and approving strategic guidelines and risk management policies with specific reference to risk appetite and risk tolerance. For this purpose, it also examines the annual budget drafting guidelines;
verifying that risk strategies, management policies and the Risk Appetite Framework (RAF) have been correctly implemented;
defining policies and processes for evaluating corporate activities, including verification that the price and conditions of client transactions comply with the risk-related business model and strategies.

Furthermore, the Committee:

a) with the support of the Corporate Governance & Nomination Committee, identifies and proposes to the Board the Heads of the corporate control functions to be appointed or assesses the evaluation of their dismissal; for the Head of Internal Audit function, issues its opinion on setting the remuneration and the performance goals associated with its variable portion in line with the company policies;
b) pre-examines activity programmes (including audit plans) and annual reports from corporate control functions to be sent to the Board, as well as periodical reports prepared by these functions above and beyond legal or regulatory requirements;
c) evaluates and issues opinions to the Board on the compliance of the internal control system and corporate organisation with the applicable rules and regulations, and on the requirements that must be complied with by the corporate control functions, drawing the Board's attention to any weaknesses and consequent corrective actions to be implemented; for this purpose, it assesses proposals put forward by the Chief Executive Officer;
d) through evaluations and opinions, contributes to defining company policy on the outsourcing of corporate control functions;
e) verifies that the corporate control functions correctly comply with the Board's recommendations and guidelines, assisting the Board in drafting the coordination documents envisaged under Banca d'Italia Circular no. 285/2013;
f) examines and assesses the correct use of accounting principles and their uniformity with regard to drafting the main accounting documents (such as, by way of example, operating and consolidated financial statements, interim operating reports, etc.), for this purpose coordinating with the Manager in charge of drafting the company financial reports and with the Board of Statutory Auditors;
g) examines the work carried out by the Group's external auditors and the results stated in their reports or any letters and suggestions;
h) assesses any findings reported by Internal Audit and Group Compliance, or that may arise from enquiries and/or investigations carried out by third parties;
i) may seek specific audit interventions, at such time informing the Chair of the Board of Statutory Auditors;
j) analyses Group guidelines for the Group Compliance function that fall within its remit, monitoring that they have been adopted and implemented;
k) requests that the Head of Internal Audit draft any proposals for the qualitative and quantitative improvement of the function itself;
l) is involved, within its specific remit, in the process of identifying material risk takers on an ongoing basis.

Without prejudice to the competencies of the Remuneration Committee, the Committee checks that the incentives underlying the remuneration and incentive system comply with the RAF, particularly taking into account risks, capital and liquidity.

Moreover, the Committee reports to the Board of Directors on the status of the Group's internal controls system.

Furthermore, as regards investments in non-financial equities, the Committee assesses, supports and puts forward proposals with regard to organising and enacting internal controls on the making and managing of equity investments in non-financial companies, in addition to verifying compliance within the framework of such equity investments in terms of strategic and operational guidelines.

Board of Directors' internal Committees

Activities performed

In 2023, the Internal Controls & Risks Committee held 23 meetings. On average, Committee meetings lasted approximately 3 hours and 20 minutes.

In 2023, the Committee has performed information-gathering, consultative and proposition-making functions with regard to the duties assigned to it by the Board of Directors. In addition to the execution of the ordinary activity (19 meetings), 4 extraordinary meetings have been held to allow a deeper evaluation of some important aspects related to risk and accounting topics.

During 2023 two meetings of the Internal Controls & Risks Committee were held jointly with ESG Committee with the aim of deepening ESG-related risk components (such as climate and environmental risks and ESG Key Performance Indicators ("KPI") within 2024 RAF).

Furthermore, in 2023, the Committee has established the necessary functional links with the Board of Statutory Auditors, in order to carry out the activities deemed to be common to the two bodies, and exchanging information of mutual interest within the sphere of their respective competencies.

For the 2024 financial year, 16 Committee meetings have been planned. As at February 29, 2024, 5 meetings had been held.

5.2 Corporate Governance & Nomination Committee

Composition

According to the provisions in the Corporate Bodies and Committees Regulation, the Corporate Governance & Nomination Committee consists of 3 non-executive Directors.

As at February 29, 2024, the composition of the Committee is the following: Mr. Lamberto Andreotti (Chairman), Ms. Maria Pierdicchi and Mr. Alexander Wolfgring.

* * *

During 2023, 20 meetings of the Corporate Governance & Nomination Committee were held, each one with an average length of 1 hour and 30 minutes. For the 2024 financial year, 9 Committee meetings have been planned. As at February 29, 2024, 3 Committee meetings had been held.

In 2023, the Chair of the Board of Statutory Auditors and - upon the invitation of the Committee Chair - the Chair of the Board of Directors, the Secretary of the Board, the Chief Executive Officer, as well as managers of the Company and external consultants for specific items on the Agenda, attended the meetings of the Corporate Governance & Nomination Committee.

In particular, the Committee meetings were attended by:

Group Finance, 2 meetings;
Group Legal, 5 meetings;
Group Compliance, 1 meeting;
Group People & Culture, 10 meetings.

Roles and Responsibilities

The Corporate Governance & Nomination Committee provides opinions and support to the Board regarding the definition of the UniCredit corporate governance system, corporate structure and Group governance models and guidelines. Hereinafter, the main roles assigned in accordance with the current Corporate Bodies and Committees Regulation.

The Committee;

a) drafts proposals to be submitted to the Board regarding the optimal qualitative and quantitative composition of the Board, and the maximum number of posts held by Directors in other companies considered compatible with effectively fulfilling these roles at UniCredit;
b) provides opinions and support regarding the Board self-assessment process, as directed by the Chair of the Board of Directors;
c) sets targets for the least well represented gender in corporate bodies as well as for management and staff belonging to the Group, and prepares a plan to bring this proportion up to set targets;
d) drafts proposals to be submitted to the Chair of the Board of Directors regarding the selection of staff appointed to conduct the Board's self-assessment process.

Moreover, the Committee provides opinions and support to the Board also regarding:

a) the assessment on compliance with the requirements provided by applicable rules of UniCredit Directors, as well as their compliance - with the qualitative and quantitative composition of the Board deemed to be optimal;
b) the selection of candidates as Chair, Chief Executive Officer and Director of UniCredit, in the event of co-optation, and, should the Board present its own slate of candidates, as independent Director for approval by the UniCredit Shareholders' Meeting, taking into due account any recommendations from shareholders, as per the process for selecting candidates as Board of Directors' members (including the Chair and the Chief Executive Officer), approved by the Board itself;
c) the appointment of the Chief Executive Officer, General Manager, Deputy General Managers and other Executives with strategic responsibilities;
d) the assessment that the General Manager and the Manager in charge of drafting the company financial reports comply with the requirements provided by applicable laws and the Articles of Association, if applicable;
e) the definition of appointment and succession plan policies for the Chief Executive Officer, General Manager, Deputy General Managers, Heads of corporate control functions, Executives with strategic responsibilities and for members of the Group Executive Committee (GEC) who are not Executives with strategic responsibilities and their direct reports (GEC-1);
f) the definition of the policy for the appointment of corporate officers (members of the Board of Directors, Board of Statutory Auditors and Supervisory Board) at Group companies;
g) the designation of corporate officers (members of the Board of Directors, Board of Statutory Auditors and Supervisory Board) at the main companies.

Moreover, the Committee:

provides support, coordinating with the Internal Controls & Risks Committee, in proposing candidates or assessing dismissal for the roles of Heads of corporate control functions to the Board of Directors;
provides support to the Board of Directors in drafting a succession plan for executive Directors.

Board of Directors' internal Committees

Activities performed

During 2023 the Committee carried out two core corporate governance activities: the evaluation of a change in the Bank's corporate governance system and the process for selecting candidates in view of the renewal of the Board of Directors in April 2024.

On the first point, starting from May the Committee discussed, with the support of two external consultants, the possible solutions on the matter under the Italian legal and regulatory framework, the related pros and cons, and the possible drivers of change. In September the Committee concluded the analysis and proposed to the Board the adoption of the one-tier system (effective upon renewal of the Board), granting its support to the Board in supervising the full implementation of the new governance system, preparing the review of the corporate bodies' Regulation (defining the functioning of the future Board and the number, type and composition of its committees). To this aim, the Committee interacted, in particular, with the Chairs of the Board, the Board of Statutory Auditors and the Internal Controls & Risks Committee.

On the second point, starting from September the Committee supported the Board in:

analyzing the outcomes of the annual self-assessment process on the adequacy of the Board and its Committees in terms of composition and functioning, referring to the third (and last) year of the mandate for the 2021-2023 financial years;
defining the qualitative-quantitative profile of the Board deemed optimal for the effective fulfilment of its duties, also considering the impact of adopting the one-tier system on the Board composition;
selecting the candidates to be included in the two lists (one for the role of Board member and one for the specific role of Audit Committee member) that the Board will present to the General Shareholders' Meeting in April 2024.

Moreover, the Committee supported the Board of Directors on these significant topics: the succession planning for the Chief Executive Officer and the Executives with strategic responsibilities (with particular focus on the heads of the corporate control functions); the rules on confidentiality; and the integration of the composition of the Board Committees following the resignation of Director Jayne-Anne Gadhia in February 2023.

In particular, regarding the first topic, the Committee recommended to speed up the search of external candidates for the CEO role, while fostering the growth of the internal successors identified; it also asked to be updated on a regular basis on the "watchlist" of the high potential executives identified within the Group. Finally, it supported the Board in the appointment of several top managers: the head of Central Europe and the heads of the functions "Group Digital & Information" and "Group Operations". Regarding the second topic, the Committee discussed the actions proposed by management to ensure the proper handling of confidential information, with particular reference to the signing of a confidentiality form by directors, statutory auditors, top managers and selected employees.

Moreover, the Committee reviewed proposals for: amending the Group security model (which envisaged the creation of a single security department under the Group Digital & Information function) and designating officers in the corporate bodies of the Group's main legal entities.

The Committee, through its Chair, carried out the activities within its remit with the support of the Company's structures and, where deemed necessary, external consultants.

5.3 ESG Committee

Composition

According to the provisions in the Corporate Bodies and Committees Regulation, the ESG Committee consists of three non-executive Directors.

As at February 29, 2024, the composition of the ESG Committee is the following: Ms. Francesca Tondi (Chairwoman), Mr. Jeffrey Alan Hedberg and Ms. Beatriz Ángela Lara Bartolomé.

All members of the Committee comply with the independence requirements provided by Section 2, recommendation 7, of the Italian Corporate Governance Code and are independent according to Section 13 of the Decree issued by the Ministry of Economics and Finance no. 169/2020 and Section 148 of Italian Legislative Decree no. 58 dated February 24, 1998.

* * *

During 2023, the Committee meetings were attended by:

the Chair of the Board of Statutory Auditors in almost all the cases and another Statutory Auditor on a periodic rotation basis set by the Board of Statutory Auditors;
the Chair of the Board of Directors in 6 meetings;
the Head of Group Strategy & ESG in all the 2023 meetings;
managers of the following additional Company functions, for the topics under their remit that from time to time are part of the Agenda:
- Group Risk Management: in 6 meetings;
- Group Stakeholder Engagement: in 2 meetings;
- Group Regulatory Affairs: in 1 meeting;
- Group Compliance: in 1 meeting;
- Group Operations: in 1 meeting;
- Group Client Solutions: in 1 meeting.

In 2023, the Committee was not supported by external consultants.

Roles and Responsibilities

The purpose of the ESG Committee is to support the Board of Directors in fulfilling its responsibilities with respect to the ESG integral components on the Group's business strategy and sustainability.

The ESG Committee shall provide opinions and support to the other Board Committees to ensure the alignment of the Group's policies to UniCredit's ESG principles and objectives.

The Committee also oversees:

ESG and sustainability-related developments also considering international guidelines and principles and market developments, monitoring the positioning of the Group with respect to national and international best practices in the ESG field;
the preparation of the yearly Integrated Report, which constitutes a non-financial declaration pursuant to the provisions of Sections 3 and 4 of Legislative Decree no. 254/2016, as well as the preparation of the TCFD (Task force on Climate-related Financial Disclosures) report, and any other specific disclosure obligations required by future ESG commitments of the Bank.

Activities performed

In 2023, the ESG Committee held 9 meetings. On average, Committee meetings lasted approx. 2 hours and 20 minutes.

Board of Directors' internal Committees

In 2023, the Committee performed information-gathering, consultative and proposition-making functions with regard to the duties assigned to it by the Board of Directors. The Committee discussed the Net Zero targets of the Group relating to the three priority sectors presented to the market at the end of January 2023 and was periodically updated on the subsequent progress of the strategy and of the activities connected with the Net Zero initiatives. The Committee was also kept updated on the ESG targets as well as on the management of the policies on the so-called controversial sectors (such as coal and oil&gas). Moreover, the Committee discussed the ESG data strategy. Finally, during 2023 two ESG Committee meetings were held jointly with the Internal Controls & Risks Committee with the aim of deepening ESG-related risk components (such as climate and environmental risks and ESG Key Performance Indicators ("KPI") within 2024 RAF).

During 2023 the Committee organized 3 training sessions aimed to deepen the following topics: "Circular Economy and Valuing Natural Capital: trends and relevance for the banking sector", "Climate & Environmental risk regulatory context and market practices" and "Opportunities and constraints with ESG data and the European ESG regulatory framework".

For the 2024 financial year, 8 Committee meetings have been planned. As at February 29, 2024, 2 Committee meetings had been held.

5.4 Remuneration Committee

For the required information on the Remuneration Committee's set-up, tasks and functioning, please refer to paragraphs "Role of the Remuneration Committee" and "Report on the Remuneration Committee" in the "2024 Group Remuneration Policy and Report", drawn up in accordance with Section 123-ter of the TUF, Section 84-quater of the CONSOB Issuers' Rules, and the provisions set forth under First Part, Title IV, Chapter 2, Policies and practices on remuneration and incentive of Banca d'Italia Circular no. 285/2013.

5.5 Related-Parties Committee

Composition

The Related-Parties Committee consists of three Directors, all of whom qualify as independent pursuant to the Italian Corporate Governance Code.

As at February 29, 2024, the composition of the Related-Parties Committee is the following: Ms. Maria Pierdicchi (Chairwoman), Mr. Vincenzo Cariello and Ms. Elena Carletti.

Roles and Responsibilities

Set up in accordance with CONSOB Resolution no. 17221/2010 and Banca d'Italia Circular no. 285/2013 (Third Part, Chapter 11), the Related-Parties Committee oversees issues concerning transactions with related parties and riskrelated activities and conflicts of interest involving associated parties, conducting the specific role attributed to independent Directors by the aforementioned provisions. Furthermore, it carries out any other duty assigned to it under the Global Policy on transactions with related and associated parties, as applicable from time to time¹³.

¹³ The UniCredit website address where the Global Policy Transactions with related parties, associated persons and corporate officers ex. Section 136 of the CBA is available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/related-parties-and-associated-persons.html

The Related-Parties Committee operates on a consultative and proposition-making basis. Pursuant to the current Global Policy, the Committee is in particular in charge of:

formulating prior, motivated and binding opinions for the purposes of the Board of Directors' resolution on the overall suitability of internal procedures and subsequent updates in order to achieve the objectives established in the external regulatory framework. Said opinions are additional to those requested from the body entrusted with control functions;
formulating prior and motivated opinions, when expressly required, in the event of transactions with members of the Combined Perimeter¹⁴ either directly or indirectly with UniCredit, concerning the Company's interest in the performance of such transactions, as well as the profitability and substantial correctness of the conditions of such transactions;
becoming timely involved, in the event of transactions of "greater significance" with members of the Combined Perimeter - if deemed necessary by the Committee through one or more delegated members - in the negotiation phase and in the preliminary phase through the reception of an exhaustive and updated information flow, including the right to request information and issue observations to delegated bodies and the persons in charge of carrying out negotiations or the preliminary phase;
pursuant to section 4, paragraph 1, lett. e-bis) point (i) of the CONSOB Regulation, examining, on the basis of the periodic information flows, also through the use of sample selection methods, the application of the cases of voluntary exemption provided for by the above-mentioned Global Policy in order to examine the adequacy of the same - also in view of its periodic review - and to formulate any corrective measures;
pursuant to section 4, paragraph 1, lett. e-bis) point (ii) of the CONSOB Regulation, verifying the proper application of the exemption conditions to transactions of "greater significance" defined as "ordinary" and "concluded at market or standard conditions", notified to the Committee pursuant to Section 13, paragraph 3, letter c) of the CONSOB Regulation, as well as to the above Global Policy. Upon receipt of the report, the Chair of the Committee shall immediately call the Committee to conduct the relevant review.

* * *

Regarding each individual transaction subject to assessment, Committee members must be different from the counterparty, its associated parties and/or any entities related to it.

If a Committee member is a counterparty to the transaction under examination (or is related/associated with the counterparty), he/she must promptly inform the Chair of the Board of Directors and the Committee Chair (provided he/she is not in a conflict-of-interest situation) and abstain from attending further Committee proceedings with regard to the transaction in which the relationship exists. Having consulted with the Committee Chair (provided he/she is not in a conflict-of-interest situation), the Chair of the Board of Directors shall immediately take steps to replace the member who has this conflict of interest with another member from the Board of Directors who qualifies as independent pursuant to the Italian Corporate Governance Code, after contacting them beforehand, in order to restore the Committee to three non-related and non-associated independent Directors.

For transactions that need to be finalised urgently and require the intervention of the Related-Parties Committee during negotiations and due diligence and/or during the issue of opinions, having acknowledged the urgency and noted that the majority or all members are unable to meet or carry out the required activities in time to conclude the transaction, the Committee Chair shall promptly inform the Chair of the Board of Directors of this situation. In any event, these circumstances must be communicated no later than the day after the Committee Chair was informed that the majority or all Committee members was not available. Having consulted with the Chief Executive Officer and determined that the transaction cannot be delayed, the Chair of the Board of Directors immediately takes steps

¹⁴ Persons at Group level subject to procedures - which apply jointly - as envisaged under the Global Policy Transactions with related parties, associated persons and corporate officers ex section 136 of the CBA, pursuant to both CONSOB Resolution no. 17221/2010 and Banca d'Italia Circular no. 285/2013 (Third Part, Chapter 11).

Board of Directors' internal Committees

to find three Directors to sit on the Committee and follow the process for temporary substitutions in the event of conflicts of interest.

Activities performed

In 2023, the Related-Parties Committee held 16 meetings (on average, each Committee meeting lasted 1 hour and 5 minutes).

Company and Group Managers and personnel, as well as advisors belonging to major Italian and foreign consultancy and law firms, attended Committee meetings to discuss specific items on the Agenda.

In particular, the Committee meetings were attended by:

Group Legal, 13 meetings;
Group Risk Management, 5 meetings;
Group Compliance, 2 meetings;
Internal Audit, 3 meetings;
Group M&A and Corporate Development, 5 meetings;
Group Finance, 4 meetings;
Group Real Estate, 2 meetings;
UniCredit Factoring S.p.A., 2 meetings.

At his request, the Manager in charge of drafting the company reports attended 2 meetings, only on topics he is interested in.

A Statutory Auditor of UniCredit attended 2023 Committee's meetings, except for 1 meeting, on a periodic rotation basis as defined by the body entrusted with control functions.

In 2023, the Committee issued three favourable opinions on transactions related to UniCredit S.p.A. and its subsidiaries. For the issuance of said opinions, the Committee availed itself of the activity of experts, after having assessed their meeting of the independence requirements (provided by Annex 4 of CONSOB Regulation) and of the professional experience to perform their duties.

Furthermore, on October 31, 2023, the Committee issued a positive opinion for the benefit of the Board of Directors on the new release of the Global Policy "Transactions with related parties, associated persons and Corporate Officers ex art. 136 CBA", which was also updated to take into account the formal adoption of new provisions.

The activity carried out by the Committee in 2023 also concerned the analysis of the periodic information drafted by:

Group Risk Management, on the Group's overall exposure arising from transactions with components of the Combined Perimeter;
Presidio Unico, (i) on the transactions subject to a voluntary exemption of UniCredit and of the subsidiaries with components of the Combined Perimeter, consistently with the CONSOB Regulation and the Global Policy. The mentioned information flow, on a six-monthly basis, was functional to the performance by the Committee of the examination tasks on the correct implementation of voluntary exemption cases, with the support of the competent business structures, invited to attend 2 meetings devoted to the Committee's controls; (ii) on the topics which are relevant for the Combined Perimeter.

Lastly, the Committee received the following information "on a voluntary basis":

the outcomes of the second-line controls performed by the Compliance function, on the existence and completeness of the procedures which are appropriate to ensure the compliance with the requirements established by the legal framework and by the internal rules on the process for managing the transactions with components of the Combined Perimeter;
the analysis performed by Presidio Unico on the "correlation title" of the components of the Combined Perimeter, with specific reference to the companies which are associated directly and indirectly with UniCredit S.p.A.;
the monitoring performed by Presidio Unico on the operations with the main related parties in the last three years;
the implementation status of the recommendations issued by the Internal Audit function concerning the relatedparties management process.

For the 2024 financial year, 10 meetings have been planned for the Related-Parties Committee. As at February 29, 2024, 1 meeting had been held.

Directors' Remuneration

For the required information on compensation for executive Directors, non-executive Directors and Executives with strategic responsibilities, as well as on indemnities to Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (as per Section 123/bis, sub-section 1, letter i), of the TUF), please refer to the section on "Compensation to Directors, Statutory Auditors and Executives with Strategic Responsibilities" in the "2024 Group Remuneration Policy and Report", drawn up in accordance with Section 123/ter of the TUF, Section 84/quater of the CONSOB Issuers' Rules, and the provisions set forth under First Part, Title IV, Chapter 2, Policies and practices on remuneration and incentive of Banca d'Italia Circular no. 285/2013.

Directors' interests and related-parties transactions

Risks arising from transactions with persons in a potential conflict-of-interest situation are governed, inter alia, by the Regulation CONSOB adopted in Resolution no. 17221/2010 and subsequent updates, by regulations on "Risk activities and conflicts of interest with associated parties" provided for under Third Part, Chapter 11 of Banca d'Italia Circular no. 285/2013, as well as regulations on the obligations of corporate officers at Banks pursuant to Section 136, Legislative Decree no. 385/1993.

Under this regulatory framework, with the unanimous and favourable opinion of the Related-Party Committee and the Board of Statutory Auditors, on November 8, 2023, the UniCredit Board of Directors approved the update of the "Global Policy Transactions with related parties, associated persons and corporate officers ex Section 136 of the CBA" (available on the UniCredit website) with the aim of defining principles and setting out rules for controlling risks that may arise out of a possible conflict of interest caused by a party's close ties with bank decision-makers.

Intended as an organic evolution towards unifying aspects of governance and areas of enforcement, procedural and organisational approaches (due to the significant similarities between CONSOB's regulations on related parties and the Banca d'Italia's on associated parties), this Global Policy details provisions to be complied with when managing transactions with persons in a potential situation of conflict of interest, as defined by the above-mentioned regulations.

Here below is the list of enforcement areas which are handled jointly by the provisions in the Policy:

governance issues and the associated roles of the Board of Directors, the Related-Parties Committee and the Board of Statutory Auditors;
organisational structures for overseeing and managing transactions with related and associated parties;
perimeter of CONSOB related parties and Banca d'Italia associated parties;
criteria for identifying and detecting transactions with related parties and associated parties, including those of greater relevance;
cases of exemption set out in the CONSOB Regulations and through Banca d'Italia provisions, and exemptions at UniCredit pursuant to the powers provided for under such provisions;
procedures for arranging and approving transactions with related and associated parties;
checks and rules for adoption of the Policy within the Group.

Taking into consideration the peculiarities that characterise these provisions, references are also provided on the following:

disclosure- and transparency-related obligations required by CONSOB with reference to transactions with related parties;
risk activities with associated parties pursuant to Banca d'Italia supervisory reporting terms;
monitoring prudential limits and risk appetite levels of associated persons.

The current version of the Global Policy is available on the UniCredit website¹⁵.

* * *

Compliance with legal requirements on the interests of company Directors and related-parties transactions being unaffected, through its Global Policy the Company must also comply with Section 136 of Legislative Decree no. 385/1993 concerning the obligations incumbent upon bank corporate officers, according to which such officers may not take on any obligation, directly or indirectly, with the bank that they manage, direct or control, unless it is approved unanimously by the supervisory body, and with the person concerned abstaining, and with the favourable vote of the controlling body's members. Accordingly, corporate officers are required to report the names of

¹⁵ The UniCredit website address where the Global Policy on Transactions with related parties, associated persons and corporate officers ex section 136 of the TUB is available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/related-parties-and-associated-persons.html

individuals or companies with whom entering into relations might constitute an indirect obligation that substantially refers to a corporate officer.

A transaction with a related party involving a bank's corporate officer or a party related to such individual falls under the provisions of Section 136 of the Legislative Decree no. 385/1993 and the relevant decision-making procedures. In such cases, the Related Parties Committee must be granted an early, timely and complete information flow for transactions of greater or lesser relevance not falling under the foreseen cases of exemption.

Internal controls and risks management system

The internal controls system is an essential part of the overall governance system at a bank. It plays a central role in their organisation, and can help to ensure the effective management of risks and how they interrelate, to ensure that the activities carried out complies with the corporate strategies and policies, and is founded on sound and prudent management principles.

An effective internal controls system is a prerequisite for value creation over the medium-to-long term, safeguarding asset quality, correctly perceiving risk and appropriately allocating capital.

The UniCredit Group internal controls system, in its ordinary governance setup, is based on:

control bodies and functions, in particular involving (each one within its respective sphere of competence) the Board of Directors, the Internal Controls & Risks Committee, the Chief Executive Officer, the Board of Statutory Auditors, as well as the functions and the managerial committees with specific tasks to that regard;
information flows and coordination procedures among parties involved in internal controls and risks management system;
Group Governance mechanisms.

8.1 Bodies and functions

The Board of Directors and the Internal Controls & Risks Committee

Guidelines for internal controls and the risks management system are defined by the Board of Directors, having verified their consistency with the strategic orientation and the risk appetite established by the Board. Consequently, the Board is able to guarantee that the main risks are properly identified, measured, managed and monitored in the appropriate manner, also taking into account how they evolve and interact and, furthermore, establishing criteria for the compatibility of such risks with sound and prudent management.

Within this context, on a yearly basis the Board of Directors defines and approves a Group Risk Appetite Framework that is consistent with the budget process timeline and definition of the financial plan, in order to ensure that business develops within the desired risk profile and in accordance with national and international regulations.

The Risk Appetite Framework summarises the Group's desired risk profile, including identification of significant risks to which the Group is exposed, by defining thresholds for the following indicators:

regulatory indicators to ensure compliance at all times with the Supervisory Authority requirements (e.g., the Common Equity Tier 1 Ratio and the Liquidity Coverage Ratio);
managerial indicators, to monitor the evolution of key variables from both a strategic and Risk Appetite point of view defined to ensure the steering of all key financial risks (e.g., Credit, Liquidity and Interest Rate Risk, Market and Sovereign Risk), Profitability, Non-Financial Risks (e.g., Operational Risk, ICT, Cyber Risk, Compliance Risk) and Climate and Environmental Risks.

In the second half of the 2023, the Group Risk Appetite Framework has been set for the 2024 to sustain the way towards the Company's strategic objectives in a controlled risk environment. The key elements have been re-defined and re-evaluated, including the macro scenario underlying the 2022-2024 Strategic Plan, key risks and risk trends. Enhancements of the framework included setting the 2024 thresholds for several KPIs that were subject to monitoring only, as well as cascading of some KPIs from Group level also to the Group Companies.

The Board approved the new Group Risk Appetite Framework for 2024.

The Group Risk Appetite Framework, which includes both the quantitative component (i.e., RAF dashboard) and the qualitative component (i.e., Risk Appetite Statement), is consistently implemented at relevant Group companies and cascading to more granular levels through Group Risk Strategies. The quantitative component includes for each KPI the definition of relevant target, trigger and limit: (i) the targets represent the amount of risk the Group is willing to take on in normal conditions, and they form the reference thresholds for development of the business, (ii) the triggers represent the maximum acceptable level of deviation from the defined target thresholds. They are set so as to assure that even under stress conditions the Group can operate within the maximum level of acceptable risk; the managerial committee Group Executive Committee and the Board of Directors shall be informed of trigger breaches; (iii) the limits are hard points that represent the maximum level of risk acceptable for the Group; if a limit is breached, the Board of Directors must be involved in assessing and deciding upon possible corrective measures.

The Board of Directors is supported by the Internal Controls & Risks Committee in its decision-making activities relating to the internal controls and risks management system.

Within its sphere of competence, the UniCredit Board of Directors approves the establishment of corporate control functions, defining their relevant roles and responsibilities, forms of coordination and collaboration, and the information flows between them and the corporate bodies. Additionally, as part of its support of the Internal Controls & Risks Committee, it draws up coordination documents envisaged under Banca d'Italia Circular no. 285/2013, and has mandated the Chief Executive Officer to execute the Board's directions by designing, managing and monitoring the internal controls and risks management system. Within the scope of this, the Board of Directors ensures that corporate control functions are stable and independent, and that they may access all Bank and Group Companies' activities and any data relevant for performing their respective duties.

At least once a year, after considering the opinion issued by the Board of Statutory Auditors, the Board of Directors assesses the organisational structure's adequacy and the number and skills of staff working at the compliance (Group Compliance) and risk management functions (Group Risk Management). Furthermore, the Board resolves on any possible amendments necessary to the internal audit function's (Internal Audit) organisation and staffing.

Moreover, the Board of Directors approves the following strategies.

Credit Strategies

Under Basel II Pillar II, Group Credit Risk Strategies represent an advanced credit risk management instrument, targeted at ensuring consistency between budget targets and the Risk Appetite Framework. Taking into consideration the macroeconomic and credit scenario, projections in the economic and industry sector, as well as business initiatives and strategies, Credit Strategies provide a set of guidelines and operational limits broken down by the countries and business segments in which the Group operates, with the goal of identifying the desired risk profile and business line positioning in order to ensure growth consistent with the Group Risk Appetite Framework, while at the same time optimising the overall credit risk impact without precluding profitable business opportunities.

Financial Risk Strategies

At Group level, the UniCredit "Group Financial Risk" function manages the setting of overall limits on the Group's financial risks (i.e., liquidity, interest rate, market, counterparty and trading credit risks).

To this end, the Holding Company's "Group Financial Risk" function acts in tight coordination with:

the Group Companies' Market Risk functions, which in accordance with the Group business model are entitled to take on exposures to market risks either in the trading or in the banking book and liquidity. Within the defined overall business model, the relationship with the Market Risk functions, within the overall process of negotiating operational limits alongside the business functions is designed to ensure consistency of the limits with the returns assigned to them in the budget, taking into account dynamics associated with risk indicators, based on historically observed data, expected market developments and proposed business initiatives;

Internal controls and risks management system

the "Risk Appetite" Group Risk Management function in charge of the Group Risk Appetite, with the aim of verifying the limits-related impact on Regulatory and Economic Capital within an iterative process conceived to ensure that limits are consistent with the capital allocation approved at Group level, taking into consideration income goals defined in the annual and strategic plans.

The UniCredit Board sets out the guidelines for the internal controls system, verifying its consistency with established strategic orientations and risk appetite, as well as its capacity to detect the evolution of corporate risks and how they mutually interact, ensuring that the main risks are properly identified, measured, managed and monitored in the appropriate manner, through Internal Controls & Risks Committee activities, in particular, on the basis of:

reports by the Heads of corporate control functions: the compliance function (Group Compliance), the risk management function (Group Risk Management), the internal audit function (Internal Audit), the anti-money laundering function (Anti-Financial Crime Compliance) and the validation function (Group Internal Validation);
information from the Manager in charge of drafting the company financial reports in compliance with the international accounting standards and with regulations relevant to preparing the consolidated financial statements;
any useful information related to monitoring overall corporate risks provided by the relevant Company structures and/or by the audit firm assigned to undertake statutory accounting supervision.

At least yearly, the Board approves the activities programme prepared by the corporate control functions, including the yearly audit plan, and examines their annual reports. Moreover, it approves the multi-year audit plan.

In addition, the Board ensures that the internal controls system and corporate organisation are constantly in harmony with the principles enshrined in laws and regulations applicable from time to time, verifying at least yearly on an basis the exhaustiveness, adequacy, effectiveness and proper functioning of the internal controls and risks management system; should shortcomings or discrepancies emerge, the Board promptly fosters adoption of appropriate corrective measures, the efficacy of which should subsequently be assessed.

Chief Executive Officer

Notwithstanding the Board of Directors' authority over the establishment of corporate control functions and the definition of related roles and responsibilities, the Chief Executive Officer manages the internal controls and risks management system, with support from relevant functions. This includes:

(i) identifying the Company's risks and submitting them to the Board of Directors. To that end, the Chief Executive Officer must have in-depth knowledge about all corporate risks and, as part of an integrated managementoriented approach, their reciprocal relationships, taking into account how external circumstances (including macroeconomic risks) evolve;
(ii) putting into practice the strategic guidelines, RAF and risk management policies defined by the Board. He does this by planning, managing and monitoring the internal controls and risks management system. In the supervision of these activities, the Chief Executive Officer is supported by the managerial committee Group Executive Committee and the Group Risks/Controls Committee (i.e., Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee), chaired by the Chief Executive Officer, in which sessions topics related to the system of internal controls, related remedial plans, as well as issues related to risk management and monitoring are addressed.

The Chief Executive Officer is responsible for taking all necessary steps to ensure that the organisation and internal controls system comply with the principles and requirements envisaged under applicable legal provisions. Furthermore, on an ongoing basis and with assistance from the competent functions (as well as directly sitting on ad hoc managerial committees aimed at overseeing and/or controlling risks), he supervises the proper management of overall corporate risks and the adequacy, and the effectiveness and efficiency of associated protective structures, including by means of defining optimal policies for managing such risks. To that end, at all levels he facilitates dissemination of an integrated risk culture spanning the various types of risk.

With specific reference to the non-compliance risk, the Chief Executive Officer ensures that compliance risk is adequately managed. As such, the Chief Executive Officer:

defines adequate compliance procedures and policies;
establishes effective communication channels to ensure that all levels of staff are aware of the compliance safeguards for their tasks and duties;
ensures that the policies and procedures are followed at the bank and, should any violation occur, makes sure the appropriate corrective measures are taken;
sets out the information flows designed to ensure the top company bodies are fully aware of how compliance risk is being managed.

In addition, the Chief Executive Officer must, in collaboration with the Group Compliance function:

identify and assess, at least once a year, and on an ongoing basis in the event of new business activities or substantial changes to existing ones, the key compliance risks that the Bank is exposed to and then plan related action/responses. Planning must include weaknesses (in policies, procedures, implementation or execution) that arise during company operations and the need to face any new compliance risks that are picked up following the annual risk assessment;
report (either on his/her own imitative or further to a request) to the Board of Directors and the Board of Statutory Auditors on whether the bank's current management of compliance risk is adequate;
promptly inform both the Board of Directors and the Board of Statutory Auditors on any major compliance breaches.

As for third-level controls carried out by the Internal Audit function, the Chief Executive Officer is informed of guidelines for auditing activities, may make suggestions to integrate the annual control plan, and may request specific auditing not foreseen in the annual plan.

Within this field, the Chief Executive Officer makes sure that the Board of Directors engages in effective, ongoing dialogue and exchange, with support from the corporate functions that report to him as Head of the internal structure, in order to allow him to review the choices and decisions they adopt over time. To that end, the Chief Executive Officer receives information from corporate functions necessary to assure the supervision required of him, at managerial committees meetings which he attends as Chair and through specific, systematic information flows.

Moreover, the Chief Executive Officer promotes initiatives and actions that are necessary to ensure the ongoing exhaustiveness, adequacy, functionality and reliability of the internal controls system, reporting to the Board of Directors on the outcome of checks, arranging and carrying out any necessary corrective measures, and implementing such measures should there be any deficiencies or anomalies, or should relevant new products, activities, services and processes be introduced.

Board of Statutory Auditors

The UniCredit Board of Statutory Auditors is responsible for overseeing the completeness, adequacy, functionality and reliability of the internal controls system and the RAF, as well as the risks management and control process. With regard to the variety of corporate functions and structures that have control roles and responsibilities within the Company, the Board of Statutory Auditors is called to check the efficacy of all structures and functions involved in

Internal controls and risks management system

the controls system, the proper performance of duties, proper coordination of such duties, and promoting any corrective actions aimed at remedy any shortcoming or irregularities detected.

Drawing on the contribution of the corporate control functions, as part of its more general overall review of the risks management process, the Board of Statutory Auditors supervises compliance with ICAAP process provisions and the completeness, adequacy, functionality and reliability of the advanced internal risks measurement systems for determining capital requirements, as well as compliance with requirements envisaged under the relevant provisions.

The Board of Statutory Auditors supervises the processes adopted for the proper implementation of the corporate governance rules set forth by the Italian Corporate Governance Code, the financial disclosure process and compliance with provisions on the disclosure of non-financial information, external auditing of the annual individual and consolidated accounts, the independence of the external audit firm, in particular with regards to carrying out nonauditing activities, and periodically meets with the external audit firm for a reciprocal exchange of information.

With specific regard to the assignment of Supervisory Body functions to the Board of Statutory Auditors pursuant to Legislative Decree no. 231/2001, it should be noted that starting from its renewal for the 2019-2021 financial years these tasks are carried out by the Board of Statutory Auditors (see following paragraph 8.5 Organisation Model as per Legislative Decree no. 231/2001).

The Board of Statutory Auditors is responsible for establishing appropriate functional links with the Internal Controls & Risks Committee and the Remuneration Committee, in accordance with their specific skills.

Control functions

In compliance with applicable laws and drawing inspiration from international best practice, the types of control at UniCredit are structured on three levels:

line controls (so-called first-level controls), in charge of the corporate functions responsible for business/ operational activities, aimed at ensuring the proper carrying out of the transactions;
risk and compliance controls (so-called second-level controls), in charge of the Group Compliance and Group Risk Management functions, each regarding the matters in their sphere of competence;
internal audit (so-called third-level controls), in charge of the Internal Audit function.

The Group Compliance, Group Risk Management and Internal Audit functions are separated and hierarchically independent from the corporate functions that carry out the activities subject to their control. The Board of Directors has exclusive competence - based on a proposal made by the Internal Controls & Risks Committee, as well as after hearing the Board of Statutory Auditors - over the appointment and removal of the Heads of said corporate control functions.

As per Banca d'Italia Circular no. 285, corporate control functions also include the anti-money laundering and validation functions, both independent and set up within Group Compliance and Group Risk Management, respectively.

In addition to the corporate control functions, in compliance with regulatory provisions, control functions also include the functions charged with control tasks pursuant to legal, regulatory or self-regulatory provisions (e.g., the Manager in charge of drafting the company financial reports).

The Compliance function

The mission of Group Compliance, under the responsibility of the Group Compliance Officer, role covered by Ms. Serenella De Candia, is to monitor the management of the non-compliance risk¹⁶ as well as to assist the Group, its Management, the corporate bodies and employees in carrying out their activities in compliance with mandatory rules, internal procedures and applicable best practices.

Bank and Group's companies' Compliance function are independent, drawing on human and technological resources that are qualitatively and quantitatively adequate to the tasks to be performed, reporting directly to senior management and the corporate bodies, and with access to all corporate information and participates to decisionmaking processes; when necessary, it can elevate an issue directly up the hierarchical higher levels.

Group Compliance has a proactive role in advising the Bank functions on regulatory requirements, especially on new products, processes, business initiatives, commercial campaigns, marketing materials, and sets rules of conducts, guidelines, and standards - for its perimeter of competence - to be observed.

Group Compliance monitors the management of the non-compliance risk according to a risk-based approach, i.e., an approach that, based on the ongoing assessment of Group activities and the regulatory framework and corporate environment, focuses its activities and priorities on the areas, standards, processes and procedures most at risk of non-compliance.

Consistently with this approach, the non-compliance risk monitoring, with respect to all corporate activities (with the exception of laws and regulations falling within the scope of Group Risk Management) is carried out directly¹⁷, through the organizational units that are part of Group compliance, on most relevant regulations with regards to non-compliance risk like the ones concerning banking and financial activities, conflicts of interests management, transparency to customers and consumer safeguard regulation.

As far as other regulations are concerned (e.g.: tax laws, Law on Health and Safety at Work) and with reference to UniCredit S.p.A. only, the Compliance function monitors indirectly¹⁸, by providing/validating compliance risk assessment methodologies and procedures to/for the so-called "Presidi specialistici", in place within other business structures, and verifying that they are correctly implemented.

Group Compliance pursues these objectives in particular by:

promoting a culture that encourages compliance with the law, internal regulations, Global Rules and the ethical principles which underlie the corporate culture;
identifying, assessing and monitoring non-compliance risk, including the development and monitoring of compliance with Global Rules whose aim is the mitigation of those risks;
implementing a quality assurance program, both at Group and company level;
establishing relationships with the Authorities (Supervisory Authorities, Trade Associations, Legislator, etc.) together with other relevant structures and promoting a continuous dialogue with such Authorities for the area of competence;
cooperating with other Competence Lines within the Group, and especially with other structures that oversee the management and control of risk (specifically, Internal Audit, Group Risk Management) in order to improve the overall consistency and ensure adequate and continuous mutual information flows;

¹⁶Non-compliance risk can be defined as the risk of incurring legal or administrative penalties, financial losses, or damage to reputation as a result of non- compliance with mandatory rules regulating financial and banking undertakings, codes of conduct and standards of "good practice managing."

¹⁷Compliance has a direct oversight on the thematic areas defined in the IR 995/6 of October 20, 2023 - Group Compliance Framework (App. 1) as well as on the corporate responsibility for crime committed by employees in the interest of company (Legislative Decree no. 231/2001).

¹⁸ As envisaged in the "Indirect Model for the supervision of compliance risk" approved by a specific resolution of the Board of Directors.

Internal controls and risks management system

periodically communicating with and providing assistance to the senior management and the Board of Directors on non-compliance risk management, including by participating in the Group Executive Committee and other managerial Committees;
providing guidelines on compliance significant topics to business representatives and other Competence Lines, through proactive advice and upon request, i.e., by providing advice on laws, regulations, codes, practices, products, business lines and organizational structures also at local level;
fulfilling legal requirements concerning anti-money laundering reporting for UniCredit S.p.A., through the appointment of a AML Responsible (AML Officer), in accordance with Banca d'Italia provisions laying down implementing provisions concerning anti-money laundering organization, procedures and internal controls, such AML officer being tasked with promoting a unified anti-money laundering approach in Italy and coordinating the anti-money laundering managers appointed by other centralized Italian Group Companies;
fulfilling legal requirements regarding the personal data processing for UniCredit S.p.A., through the appointment of a Data Protection Officer, in compliance with Regulation (EU) 2016/679 of April 27, 2016, laying down provisions on the organization, procedures and evaluation of the impact of data protection, playing a coordinating role at Group level.

Group Compliance is in charge of guiding, coordinating and monitoring compliance matters at Group level; as part of these responsibilities, Group Compliance can perform centralized functions with regard to Compliance matters on behalf of the Italian Group Companies.

The Group Risk Management function

Under the responsibility of the Group Risk Officer, the Group Risk Management structure's mission is to:

optimise the quality of the Group's assets, minimising the risk cost in accordance with the risk/profitability goals set for the business areas;
ensure the strategic steering and definition of the Group's risk management policies;
define and provide the Heads of the Business Functions and Group Companies with the criteria for assessing, managing, measuring, monitoring and communicating risk. It also ensures that the procedures and systems designed to control risk at Group and individual Group Company level are coherent;
help build a risk culture across the Group by training and developing, together with the competent Group People & Culture;
help to find ways to rectify asset imbalances, where needed in conjunction with the Group Financial Officer;
help the Business Functions achieve their goals, including by assisting in the development of products and businesses (e.g., innovation of credit products, competitive opportunities linked to the Basel accords, etc.);
support the Chief Executive Officer in defining the Group Risk Appetite proposal, to be shared in the managerial committee Group Executive Committee and submitted for approval to the Board of Directors, as preliminary and preparatory step for the yearly and multi-yearly budget plan pertaining to the Group Financial Officer. The Group Risk Appetite shall include a series of parameters defined by the Group Risk Officer, with the contribution of the Group Financial Officer and of other relevant Group functions; each parameter can be complemented by limits and thresholds proposed by the Group Risk Officer and targets proposed by the Group Financial Officer and/or by the relevant Group functions, each respecting their mission and internal regulations. The Group Risk Officer is responsible for ensuring the overall coherence of the proposed parameters and values. Furthermore, the Group Risk Officer is responsible for ensuring to the Chief Executive Officer and the Board of Directors the coherence of the Group Risk Appetite with the Group strategic guidelines, as well as the coherence of the budget goals with the Group Risk Appetite setting and the periodical monitoring of the RAF. The Group Financial Officer remains responsible for monitoring the performances of the Group and of the business functions, in order to identify possible underperforming areas and the related corrective measures.

Such mission is accomplished by coordinating the Group's risks management as a whole. More specifically, it involves carrying out the following macro-functions:

governing and checking credit, cross-border, market, balance sheet, liquidity, ICT, operational and reputational, climate and environmental risks at Group level as well as any other risks relating to Basel II Pillar II (e.g., strategic, real estate, financial investment, business risks), by defining risk strategies and limits, developing risk measurement methodologies, performing stress tests and portfolio analysis;
supervising, on a Group level and for UniCredit S.p.A., Basel accord related activities;
coordinating the internal capital measurement process within the "Internal Capital Adequacy Assessment Process" ("ICAAP") and coordinating activities for drawing up the "ICAAP Regulatory Report";
performing internal validation activities, at Group level, on systems for measuring, credit, operating and market risks, or Basel II Pillar II risks on related processes and data quality and IT components, as well as on models for pricing financial instruments, in order to check that they conform to regulatory requirements and in-house standards, overseeing consequently the non-compliance risk regarding to such regulatory requirements;
ensuring that the competent Bodies/Functions get adequate reports;
developing the strategy and oversee the management, process, targets and disposals of Non-Performing Exposures/NPE, repossessed assets and any other distressed assets for the entire Group. The Group Risk Officer defines the criteria/rules for identifying the exposures and assets for sale and portfolio targets;
drafting and managing risk policies, both at Group level (Global Rules) and at Parent Company level, on the performance of risk-related activities for which UniCredit S.p.A. is competent as well as ensuring the monitoring;
defining framework and performing second-level controls risks, within the Group and the Parent Company;
assigning ratings for banks and for the Group's major exposures, carrying out the relevant mapping, at Group level, and managing the "rating override" process with regard to Group-wide rating systems as well as those for measuring the credit risk of UniCredit S.p.A.'s counterparts;
defining the minimum standards and guidelines for validating IT infrastructures and data quality, credit risks, operating risks and Basel II Pillar II risks, for feeding Group and Parent Company reports on credit risk and for feeding credit risk measurement models.

In order to strengthen the capacity of independent steering, coordination and control of Group risks, to improve the efficiency and the flexibility on the risk decision process and to address the interaction among the relevant risk stakeholders, specific Committees are in place:

The managerial committees Group Executive Committee, Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee support the Chief Executive Officer in the role of steering, coordinating and monitoring the strategic and all categories of risks (included compliance risk), at Group level, as well as defining the Group Recovery Plan.

The Group Risk Management function sets up specific information flows to ensure full knowledge about the Group's risks exposure and underlying factors, as well as trends for significant variables included in the Risk Appetite Framework. This information, of which the Chief Executive Officer is aware, in part through chairing the managerial committee Group Executive Committee and the Group Risks/Controls Committee (i.e., Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee), chaired by the Chief Executive Officer, also with a view to draft proposals/reports for the Board of Directors, mainly relates to the topics summarised below:

Risk Appetite Framework, liquidity risk management adequacy (ILAAP) and capital adequacy (ICAAP);
activities performed, checks carried out and related outcomes of all covered risk types;
development, validation and maintenance of the risks measurement and control system, also through the assessment performed by internal validation function.

The UniCredit Group Risk Officer is Mr. Thiam Joo Lim.

Internal controls and risks management system

The Internal Audit function

The UniCredit Internal Audit function, which reports to the Board of Directors, steers, coordinates and monitors the Group's internal audit activities, and performs third-level control activities as well as on-site inspections on the Parent Company and on the Group's Companies that have outsourced internal audit activities to UniCredit on an inservice company basis ("In service Companies"). In addition, as the Group's Internal Audit function it may conduct on-site controls on any Group Company.

The Internal Audit function acts in compliance with the Internal Audit Group Charter, which defines its mission, responsibility, organisational reporting, tasks and authority.

As independent function, Internal Audit plays an integral part in the internal controls system, carrying out assurance and consulting to evaluate, add value to and improve the internal controls system of UniCredit and its Group.

Internal Audit adheres to the International Professional Practices Framework (Definition of Internal Audit, Core Principles for the Professional Practice of Internal Auditing, and Code of Ethics and International Standards).

The Officer in charge of the Internal Audit function

The Head of the Internal Audit function is Mr. Guglielmo Zadra and he reports, either directly or via the Internal Controls & Risks Committee, to the Board of Directors at least once a year, and, in particularly important cases, at the next available meeting, on the adequacy, effectiveness and efficiency of the internal control system.

The Head of the Internal Audit function is not in charge of any operational areas and reports hierarchically to the Board of Directors.

In addition, after hearing the Internal Controls & Risks Committee's opinion, the Board of Directors has exclusive competence over determining the variable portion of remuneration for the Head of the Internal Audit function, based on criteria and parameters not connected to Bank performance.

In compliance with the Internal Audit Group Charter, the Internal Audit function performs the following activities:

develops and executes an annual audit plan and a multi-year audit plan using an appropriate forward-looking risk-based methodology, taking into account trends and emerging risks. In this context, organisational changes and projects identified by Senior Management and/or governing bodies are considered to be relevant. Both plans are submitted for approval to the Board of Directors after examination by the Internal Controls & Risks Committee;
ensures adequate audit coverage, taking into account the competencies of the external auditors and Supervisory Authorities, including a reasonable overview of expenses;
issues periodic reports to the Board of Directors and to the Internal Controls & Risks Committee, that summarise the main findings of audit activities at Group level;
undertakes special investigations, including on its own initiative, at UniCredit S.p.A. and within the Group, reporting the results to Senior Management and corporate bodies;
maintains a professional audit staff with sufficient knowledge, skill, experience and professional certification to meet the requirements stated in the Internal Audit Group Charter;
reports to the Board of Directors on matters designed to assess Internal Audit performance, including emerging trends and best practices in internal auditing;
ensures fair and transparent communication with Supervisory Authorities on audit activities;
establishes a quality assurance and improvement programme to make it possible to assess internal audit activities and promote professional development.

Specifically, the Head of the Internal Audit function prepares a quarterly report to provide corporate bodies and Senior Management with an overall assessment of the internal controls system. This report includes not only an assessment of the internal controls system, but also summary information on what activities audit has performed, the main risks emerged, and the implementation status of Management action plans.

Updates are also provided on a regular basis regarding the progress status of the annual plan.

Detail is provided of information flows from the Head of Internal Audit to the corporate bodies in a dedicated internal regulation.

The Head of the Internal Audit function arranges the Audit Plan, based on the Risk Assessment results and in compliance with the Group Audit guidelines. The Audit Plan takes into consideration requests made by the Supervisory Authorities and the corporate bodies.

The Board of Directors has empowered the Internal Audit function to have unlimited access to all corporate functions, records, minutes of all consultative and decision-making committees, Company property and staff.

The Head of the Internal Audit function may draw on an appropriate annual budget, which is submitted to the competent corporate bodies for approval.

Finally, the Internal Audit function plays its role in steering, coordinating and controlling the audit activities at Group level. Within this responsibility continuously updates the existing internal regulation framework in order to better support the audit process during its implementation, reporting and monitoring phases.

The Manager in charge of drafting the company financial reports and other company roles and positions

The Manager in charge of drafting the company financial reports is, starting from July 1, 2023, Mr. Bonifacio Di Francescantonio, Head of the Group Financial & Regulatory Reporting structure at UniCredit.

In compliance with Clause 34 of the UniCredit Articles of Association, the Manager in charge of drafting the company financial reports is appointed by the Board of Directors - subject to the mandatory favourable opinion of the Board of Statutory Auditors, and for a maximum term of three years - to carry out the tasks attributed to this role under laws and regulations in force, establishing his/her powers, resources and remuneration; this person is chosen from among company executives who possess all of the following professional qualifications:

a) a degree (or equivalent) in economics, business administration or finance, obtained in Italy or abroad;
b) at least three years' experience as head of an internal structure devoted to preparing the financial statements, or as Chief Financial Officer (or equivalent) at a listed Italian or foreign joint stock company (including UniCredit and its subsidiaries);
c) an employment rank at the time of appointment of Executive or higher.

In performing his duties, the Manager in charge of drafting the company financial reports may count on cooperation from all UniCredit Group structures.

The Board of Directors ensures that the Manager in charge of drafting the company financial reports is granted with the powers and resources necessary to perform the duties attributed under the laws and regulations in force, and shall comply with all the relevant administrative and accounting procedures.

Internal controls and risks management system

The Manager in charge of drafting the company financial reports issues certifications and declarations, when requested, also jointly with the bodies delegated thereto, as per laws and regulations in force.

8.2 Financial reporting process, including on a consolidated basis

As regards the main features of the internal control system in relation to the financial reporting process of consolidated and non-consolidated information, in accordance with the provisions of Section 154-bis of Italian Legislative Decree no. 58/1998, the UniCredit Manager in charge of drafting the company financial reports draws up, and ensures effective application of adequate administrative and accounting procedures for drafting the UniCredit S.p.A. individual and consolidated financial statements.

Jointly with the Chief Executive Officer, through appropriate certification of the annual and consolidated financial statements and the consolidated half-year financial report, the Manager in charge of drafting the company financial reports is required to certify:

the adequacy and effective application of administrative and accounting procedures;
compliance with applicable international accounting standards recognised by the European Community under Regulation (EC) no. 1606/2002 of the European Parliament and the Council dated July 19, 2012;
correspondence to the results of accounting books and records;
suitability to provide a fair and correct representation of the economic and financial situation of the company and all consolidated companies;
inclusion in the report on operations of a reliable analysis of the operating trend and results, as well as the circumstances of the company and consolidated undertakings, and a description of the main risks and uncertainties to which they are exposed.

To fully comply with regulatory requirements, the Board of Directors approved a specific Global Policy - "Internal control system on financial reporting (Law no. 262/05 - Manager in Charge)", in which general rules are laid out along with a description of responsibilities and relationships between the Holding Company and the Companies belonging to the Group in assessing the status of the internal controls system for Financial Reporting, in compliance with the Italian Law on savings (Law no. 262/2005).

Furthermore, a Global Process Regulation, governing processes and procedures for applying the above-mentioned general criteria, was approved and sent to Group companies.

The adopted internal control system aims at ensuring correct and complete Financial Reporting through:

reinforcement and enhancement of Corporate Governance in relation to risks, by ensuring:
- the take-up of responsibilities for risk monitoring at executive level;
- a set of rules and behaviours established and implemented by Top Management;
- raising of awareness at operational level of risks associated with producing Financial Reporting;
the systematic monitoring of significant risks by the relevant functions for compliance with the abovementioned Law.

The internal controls system for Financial Reporting adopted by the Company includes the application of a common methodological framework, based on:

using a consistent, centrally-developed internal controls system model based on internationally-acknowledged methodological standards, the "Internal Control - Integrated Framework (CoSO)" and the "Control Objective for IT and Related Technologies (Cobit)";
updating and broadcasting within the Group on the basis of centrally-established parameters.

Operational implementation of the adopted model envisages:

the definition of parameters for identifying subsidiaries required to implement the internal controls system over Financial Reporting in accordance with the provisions of Italian Law no. 262/2005;
the identification, for the Holding Company and subsidiaries involved in activities envisaged under Law no. 262/2005, of administrative and accounting, business, governance and support processes that have a significant impact on financial statement items;
the detection for such processes of the existing controls and the owners in charge of first-level controls at individual companies and support units, including Back-office and Information Technology (IT); owners are required first and foremost to ensure assessment of the effectiveness of controls, pointing out any possible action necessary to reduce levels of associated risk. Therefore, each and every procedure and control must be documented, assessed, tested and validated, and individual managerial responsibility must be defined for carrying out the activities involved.

For the Group subsidiaries, a flow of internal certifications is in place for the internal controls system on Financial Reporting, following the approach adopted by the Holding Company. This entails:

giving the governing bodies of Companies responsibility for certifying adequacy and the effective application of both administrative and accounting procedures as well as controls on the Information System to the Holding Company;
setting roles for the local Manager in Charge and the Chief Executive Officer within the Companies involved, assigning them responsibility for systematically reporting to their respective governing bodies on the status of the internal controls system on Financial Reporting, along with any improvement action plan;
sharing a data repository in order to facilitate consolidation of risk and control values within the Group and support take-up of a common language and approach for describing, assessing, testing and monitoring internal control system adequacy.

Moreover, the Global Policy provides for the involvement of Holding Company governing bodies, in particular:

at Board of Directors' meetings where individual and consolidated annual financial statements and the consolidated half-year financial report are presented, the Chief Executive Officer and the Manager in charge of preparing the company financial reports provide a report regarding the internal control system on Financial Reporting and the text to be signed to ensure compliance with the requirements laid down in the regulations;
at the Internal Controls & Risks Committee and at the Group Non-Financial Risks and Controls Committee, with reference to the individual and consolidated annual financial statements and the consolidated half-year financial report, the Manager in charge of preparing the company financial reports provides a report on the results of the analysis of the internal control system on Financial Reporting of the Companies with such a system in place; in addition, with reference to the first and the third quarter consolidated interim reports, the Manager in charge of preparing the company financial reports provides an update on the status of any remediation actions identified.

8.3 Coordination procedures among parties involved in the internal controls and risks management system

According to Banca d'Italia provisions, the UniCredit S.p.A. "Document of corporate bodies and control functions" is drafted to define the control bodies' and functions' tasks and responsibilities, information flows among different functions/bodies and between the latter and corporate bodies, and coordination and cooperation procedures to implement when sectors to be controlled have potentially overlapping areas or allow the development of synergies.

The UniCredit means of cooperation and coordination among its control functions range from mutual information flow exchange to the attendance at managerial committee meetings focused on control-related topics.

Internal controls and risks management system

In addition, interactions between second and third level corporate control functions are part of what is overall a steady and active cooperation framework, for the most part formalised via specific internal regulations, and performed through the functions of:

participation in defining and/or updating internal regulations on risk and control-related matters;
mutual exchange of information flows, documents or data, e.g. relating to planning controls and monitoring the results thereof, and control functions access to any internal resource or corporate information in line with their specific control-related needs;
attendance at Board Committee and managerial Committee meetings (systematically or on demand), if provided;
attendance on an ad hoc basis at Work Groups set up from time to time on risk and control topics.

Enhanced interaction among control functions and the provision of constant activity updates to corporate bodies have the ultimate goal of building a corporate governance environment that, over time, is able to safeguard sound corporate management also through the more efficient supervision of risks at all levels of the Company.

8.4 Group governance mechanisms

An effective internal controls system is also based on appropriate governance mechanisms through which UniCredit, as a Holding Company, conducts its management and coordination of Group Companies, in accordance with the law and regulations in force¹⁹.

In particular, UniCredit acts through:

indicating "representatives" at corporate bodies (Board of Directors members at companies with a traditional system, or Supervisory Board members) and at key management positions within Group companies;
a management/functional system ("Group Managerial Golden Rules") that defines mechanisms for coordinating Group management, assigning specific responsibilities and powers to the Heads of UniCredit functions for corresponding functions at the Group Companies as described below;
the definition, enactment and monitoring of Group rules take-up (the "Global Rules") by companies;
disseminating best practice, methods, procedures and developing IT systems to standardise operating procedures within the Group and achieve the most effective risk management and wider operational efficiency.

Group's managerial and functional system cuts across existing corporate structures. One example is the Competence Lines, which create a strong functional link between the Holding Company's structures and corresponding structures at companies, as an expression of responsibilities assigned by local law and regulations to members of corporate bodies and employees, as well as the hierarchical relationships within each company.

Based on the above managerial and functional system, Heads of Competence Lines (and Heads of business/service functions in their respective areas of expertise) have specific powers in relation to budget issues, defining policies and guidelines/competence models to ensure monitoring of Global Rules implementation by the Group Companies.

In accordance with the Group Managerial Golden Rules guidelines, UniCredit issues Global Rules to regulate, among others, relevant activities for the purposes of compliance with law and/or risk management to foster Group stability and ensure a unique approach to corporate planning and overall efficiency.

¹⁹ Specifically, Section 61 of the TUB and the Supervisory Regulations for banks issued by Banca d'Italia.

8.5 Organisation Model as per Legislative Decree no. 231/2001

To ensure the adequacy and effectiveness of the "Organization and Management Model pursuant to Legislative Decree no. 231/2001" of UniCredit S.p.A. (hereinafter the "Model 231/2001") its continuous update is carried out also monitoring the organizational changes and the internal and external regulations, both by integrating and modifying the parts that constitute it. Indeed:

on February 16, 2023, the UniCredit Board of Directors approved an updated version of the Model 231/2001, following the positive evaluation of the Supervisory Body (meeting held on January 18, 2023) due to: (i) internal re-organizations following the insourcing of the activities previously performed by Group Companies (Cordusio Sim S.p.A. and UniCredit Services S.C.p.A.); b) legislative update following the introduction of new crimes in Legislative Decree no. 231/2001; c) organizational changes of UniCredit S.p.A. until October 2022; d) results of audit interventions and of checks carried out by Group Compliance;
on November 8, 2023, the UniCredit Board approved an updated version of the Model 231/2001 following a positive evaluation of the Supervisory Body (meeting held on October 17, 2023) mainly due to some legislatives updates on whistleblowing (L.D. no. 24/2023) and cross-border conversions, mergers and divisions (L.D. no. 19/2023), as well as audit interventions and checks carried out by Group Compliance.

At the Report's approval date, the Model 231/2001 consists of:

a General Section: composed of seven chapters, describing the purpose and perimeter of the Model 231/2001, the regulatory framework, the Supervisory Body, the disciplinary system, staff information and training, and keeping the Model 231/2001 up to date. The following documents are attached to the General Section of the Model 231/2001:
- a "List of predicate offences and illegal conduct", containing a description of crimes and offences referred to under Legislative Decree 231/2001 and regarding banking activity in general;
- the "Code of Ethics pursuant to Legislative Decree no. 231/2001" that contains the rules with which all Model recipients must comply in order to ensure that their conduct is always guided by the criteria of fairness, collaboration, loyalty, transparency and mutual respect, as well as to avoid conduct that may constitute a crime or an offence pursuant to the Italian Legislative Decree no. 231/2001;
a Special Section, the "Decision Protocols", containing principles of conduct and control to be complied with in performing "activities at risk", that is to say activities where the risk of committing a crime was signalled;
the "Information Note", which refers to the main internal regulation on the at risk activities described in all Decision Protocols.

The Model 231/2001's principles and contents are addressed to members of the corporate bodies, to all UniCredit employees, including those seconded, and to external subjects who, although not being part of UniCredit pursuant to contract relationships, within the scope of existing relationships take part in carrying out the Bank's activities.

The Model 231/2001 recipients are therefore required to abide by the principles contained in the Model 231/2001 and to report to the Supervisory Body any breaches of rules in the Model 231/2001 or relating to criminal activities.

8.6 Whistleblowing

In July 2015, during an update to its Supervisory Regulations for banks (Circular no. 285/2013), Banca d'Italia established specific requirements on whistleblowing by employees on illegal actions or breaches of the applicable provisions and internal processes, some of which are additional to those currently implemented at UniCredit.

Internal controls and risks management system

These additional requirements (among which there is the identification of a Head of the whistleblowing system, an obligation to inform the whistle-blowers and reported persons about developments of any investigation set up following the whistleblowing, and formalisation of the investigation time frame) have been set out and the whole whistleblowing system was submitted to the Board of Directors for its approval.

Supervisory regulations also require banks to prepare an annual report on the proper functioning of internal systems for reporting violations, which contains "aggregate information on the results of the activities carried out as a result of the reports received".

On November 26, 2019, Directive (EU) no. 2019/1937 on the protection of persons who report violations of the law in the European Union was published and all Member States were required to transpose it.

On March 10, 2023, the Legislative Decree no. 24/2023 was issued by which the Italian Government transposed the above-mentioned Directive.

The main innovations concern, inter alia:

the subjective scope of application, extended also to persons whose employment relationship has not yet started (selection or pre-contractual stages) or who are in a testing period, as well as to former employees;
the extension of the protection measures against acts of retaliation and their application to other subjects;
the conditions for internal and external reporting;
action on the organisational and management models of entities pursuant to the Legislative Decree no. 231/2001.

UniCredit's internal whistleblowing process complies with the requirements of the law and information on the channels, procedures and prerequisites for making internal and external reports (to the National Anti-Corruption Authority - ANAC) are also available on UniCredit's website.

8.7 Auditing firm

Having heard the Board of Statutory Auditors' proposal, for financial years 2022-2030, the UniCredit Shareholders' Meeting held on April 9, 2020, resolved to appoint the audit firm KPMG S.p.A. for statutory accounting supervision of the UniCredit separate and consolidated financial statements and a limited review of brief interim consolidated financial statements, pursuant to Section 13, sub-section 1, and Section 17 of Legislative Decree no. 39/2010. In addition, the firm was commissioned to check that the Company's accounting records are properly maintained and that its operations are correctly reflected in the accounting records.

The External Auditing firm's report expresses its opinion on the consistency of the report on operations and of specific information included in the report on corporate governance and ownership structure with the financial statements, as well as their compliance with legal provisions pursuant to Section 14, sub-section 2, letter e), of Legislative Decree no. 39/2010 (as last amended by Legislative Decree no. 135/2016) and Section 123-bis, subsection 4, of Legislative Decree no. 58/1998.

Under a separate engagement, KPMG S.p.A. separately issued the independent auditor's report on consolidated nonfinancial statements drafted by UniCredit in accordance with Legislative Decree no. 254/2016.

Handling of corporate information

The Corporate Bodies and Committees Regulation designates the body with supervisory functions to define procedures for internal management and the public disclosure of documents and information concerning the Company, including inside information.

In particular, in June 2018 the Bank adopted a dedicated procedure to evaluate, manage and disclose insider information to the market. This procedure was reviewed at first in February 2022 and afterwards in December 2023.

In detail, the process envisages the following activities:

a) the assessment of the potential/relevant inside nature of the specific information. The analysis can be conducted with Group Compliance in case the preliminary assessment is not conclusive. The Group Financial Officer is consulted for his/her assessment of materiality based on the economic impact of the potential event.

Moreover, any employee who believes that he/she is in possession of specific relevant information regarding the UniCredit Group, the disclosure of which could affect the price of UniCredit S.p.A. shares or other financial instruments issued by UniCredit, is required to promptly report this to Group Compliance;

b) the adoption of appropriate and effective measures to ensure the confidentiality of relevant/inside information, as long as it has not been disclosed to the public.

To this end, once the potential price sensitivity has been assessed, a specific Relevant Information List pursuant to CONSOB Guidelines is entered and maintained using dedicated IT tools.

c) monitoring the evolution of the specific relevant information. In particular, the function owner of the information is responsible for the final evaluation on the Information having gained inside nature. Once inside information is flagged, the function owner of the information triggers the process for preparing a draft press release informing Group Media Relations, which will subsequently take over drafting and public disclosure;
d) alternatively, after a preliminary evaluation of the existence of regulatory requirements, a decision to delay disclosure of inside information to the public may be taken. This decision is adopted by a specific working group, whose members are the Head of Group Strategy & ESG, the Head of Group Stakeholder Engagement, the Group Compliance Officer, the Group Legal Officer and the Group Financial Officer. In such cases, an insider list is timely opened in order to properly monitor circulation of the information and ensure its confidentiality. Once the conditions for delaying communication of such information to the public cease to exist, the above-mentioned process is activated for preparing the draft press release and formally informing CONSOB of the delay to the public disclosure of inside information in accordance with provisions of law;
e) the assignment to Group Media Relations the responsibility of publishing the press release to the market through the "S.D.I.R.-N.I.S." system, to Borsa Italiana and CONSOB. Press agencies will have access to the system directly.

Under the procedure, it is envisaged that if the press release relates to an event of major importance, supported by Group Compliance, the Head of Group Media Relations announces to CONSOB and Borsa Italiana its submission in advance.

Press releases are published on the Company's website during market opening time on the day after their disclosure.

Press releases are available on the UniCredit website for at least five years after disclosure.

Since UniCredit is listed also on the Frankfurt and Warsaw Stock Exchanges, in order to ensure harmonised information, public disclosure of inside information is made according to procedure in a synchronised manner to all categories of investors and in all Member States where UniCredit shares are traded;

f) a specific escalation process to UniCredit for Group companies with respect to this information which directly regards these companies but may also have an impact on the price of financial instruments issued by UniCredit. Rules are provided for such cases to evaluate and manage possible inside information.

All Directors and Statutory Auditors are duty-bound to maintain the confidentiality of documents and information obtained while performing their duties and to comply with the procedures UniCredit has adopted for its internal management and external disclosure of such documents and information.

In particular, to monitor and ensure correct internal management of documentation sent to Board members and Statutory Auditors prior to Board meetings, it is specifically envisaged that they acquire such documentation exclusively via an IT platform protected by two-level access keys.

This procedure ensures not only greater speed in sharing documents and information, as well as faster delivery and traceability of individuals who have access to them, but also confidential document delivery via a system of personal, protected passwords given to each Director and Auditor.

Appointment of Statutory Auditors

In accordance with applicable legal and regulatory provisions, permanent and substitute members of the UniCredit Board of Statutory Auditors are appointed on the basis of slates submitted by legitimate parties in compliance with the composition criteria, inter alia, regarding the appointment of the Chair of the Board of Statutory Auditors by minority shareholders and gender balance (for more on this, please refer to Clause 30 of the Articles of the Association, available on the UniCredit website)²⁰.

The legitimate parties who are entitled to submit slates are Shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at an Ordinary Shareholders' Meetings. Each party entitled to file a slate of candidates may submit or contribute to the submission of just one slate (including via proxies or trustee companies). Shareholders belonging to the same group or Shareholders who are parties to a Shareholders' agreement concerning UniCredit shares cannot submit more than one slate (including via proxies or trustee companies). Candidates must be included in one slate only, otherwise they are ineligible.

At least the first two candidates for the role of permanent Auditor and at least the first candidate for the role of substitute Auditor must be enrolled with the Legal Auditors Register and must have practiced legal auditing of accounts for a period of three years in total experience. Furthermore, in order to allow the composition of the Board of Statutory Auditors to comply with the provisions of applicable provisions, the first candidate for the role of permanent Auditors as well as at least one candidate for the role of substitute Auditor shall meet the professional requirements to hold the position of Chair of the Board of Statutory Auditors. All candidates should be suitable for the office in accordance with applicable laws and regulations.

At least one permanent Statutory Auditor must be appointed by the minority Shareholders not connected, not even indirectly, with the Shareholders who filed or voted for the majority slate. The UniCredit Articles of Association provide that two permanent Statutory Auditors and two substitute Statutory Auditors must be appointed by minorities.

In compliance with the provisions of Section 147-ter of the TUF, UniCredit has established that the slates of candidates for the position of Statutory Auditor featuring the names of candidates listed with a progressive number, should be filed at the Registered Office no later than the twenty-fifth day prior to the date of the Shareholders' Meeting called to resolve on the appointment of members of the Board of Statutory Auditors. These slates must be made publicly available at the Registered Office, on the Company's website and through other channels provided for under applicable laws, at least twenty-one days prior to the date of the Shareholders' Meeting. As regards the minimum percentage of share capital needed to submit a slate, Clause 30 of the Articles of Association specifies that the percentage must be equal to 0.5% of share capital in the form of shares with voting rights at the ordinary Shareholders' Meeting, consistent with the minimum shareholding percentage established by CONSOB on the basis of the provisions of said Section 147-ter of the TUF (Section 144-quater of CONSOB Issuers' Rules). Ownership of the minimum number of shares required to file a slate is calculated with regard to the shares registered for each individual Shareholder, or for several Shareholders together, on the day on which the slates are filed with the Company.

In accordance with applicable regulations and with the aim to facilitate the best possible identification of candidates to be proposed to the April 8, 2022 Shareholders' Meeting called to renew the control body for the 2022-2024 financial years, Company's Shareholders were invited to take into account the results of the analysis carried out by the outgoing Board of Statutory Auditors, on the body's composition deemed to be optimal to ensure the proper performance of the duties assigned to it, contained in the "Qualitative and quantitative composition of the UniCredit

²⁰ The UniCredit website address where the Articles of Association are available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/articles-association-code-ethics.html

S.p.A. Board of Statutory Auditors" (for more on this, please refer to this document available on the UniCredit website)²¹.

²¹ The UniCredit website addresses where the "Qualitative and quantitative composition of the UniCredit S.p.A. Board of Statutory Auditors" is available are:

https://www.unicreditgroup.eu/en/governance/shareholders/archive/2022/shareholders-meeting.html https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-statutory-auditors.html

Board of Statutory Auditors' composition and functioning

Pursuant to Clause 30 of the UniCredit Articles of Association, the ordinary Shareholders' Meeting appoints five permanent Statutory Auditors, among whom the Chair, and four substitute Statutory Auditors.

The Board of Statutory Auditors' term in office is three financial years and ends on the date of the Shareholders' Meeting called for the approval of the financial statements relating to the last financial year in which they are in office.

The ordinary Shareholders' Meeting held on April 8, 2022, appointed the Board of Statutory Auditors' members for the financial years 2022-2024, whose term runs until the date of the Shareholders' Meeting called to approve the 2024 financial statements ²².

Their appointment took place pursuant to Clause 30 of the Articles of Association and in accordance with applicable laws and regulatory provisions.

During the process, two slates were submitted, filed and published by the deadline and under the terms provided for in applicable provisions and the Articles of Association, i.e.:

Slate no. 1 was submitted by Allianz Finance II Luxembourg S.à.r.l., with a shareholding equal to 3.2% of the share capital:

Permanent Statutory Auditors (1) Mr. Claudio Cacciamani, (2) Ms. Benedetta Navarra and (3) Mr. Guido Paolucci

Substitute Statutory Auditors (1) Ms. Raffaella Pagani, and (2) Ms. Paola Manes

Slate no. 2 was jointly submitted by several Funds, with an overall shareholding equal to 1.1% of the share capital: Permanent Statutory Auditors (1) Mr. Marco Giuseppe Maria Rigotti, and (2) Ms. Antonella Bientinesi
- Substitute Statutory Auditors (1) Mr. Vittorio Dell'Atti and (2) Ms. Enrica Rimoldi.

Along with the two slates, the following documentation was also filed and disclosed, pursuant to the envisaged terms and conditions:

a statement from the Shareholders (other than those holding, even jointly, a control or relative majority shareholding), attesting that no connection, direct or indirect, exists with the latter, and no significant relationships crucial for existence of the above connections exist;
exhaustive information on the personal and professional characteristics of the candidates on the slate (curriculum vitae), as well as a list of management and controlling offices held at other companies;
statements from each candidate irrevocably accepting his/her office (subject to his/her appointment) and attesting, under his/her own responsibility, that there was no reason for his/her ineligibility, forfeiture or incompatibility, as well as his/her fulfilment of the requirements set out under applicable laws and regulatory provisions, in particular those regarding professional experience, integrity and independence, together with information on the knowledge/experience gained in the areas envisaged by the theoretical profile.

Information on the personal and professional characteristics of each candidate, as shown on their curriculum vitae, a list of management and controlling offices held at other companies, and the statements required under applicable provisions, also of a regulatory nature, or those required in the profile, were made available on the UniCredit website (https://www.unicreditgroup.eu/en/governance/shareholders.html).

²² The October 27, 2023, UniCredit Shareholders' Meeting resolved to adopt the one-tier administration and control system - which provides for the appointment within the Board of Directors of an Audit Committee in place of the Board of Statutory Auditors - effective upon the renewal date of the corporate bodies in office at the Report's approval date. In particular, the first renewal of the Board of Directors will be resolved at the Shareholders' Meeting called to approve the 2023 financial statements.

The Shareholders' Meeting held on April 8, 2022, appointed the new Board of Statutory Auditors, comprised of five permanent Statutory Auditors and four substitute Statutory Auditors, as follows:

from Slate no. 1, which obtained the majority of Shareholders' votes, Mr. Claudio Cacciamani, Ms. Benedetta Navarra and Mr. Guido Paolucci were appointed as permanent Statutory Auditors, while Ms. Raffaella Pagani and Ms. Paola Manes were appointed as substitute Statutory Auditors;
from Slate no. 2, which obtained the minority of Shareholders' votes, Mr. Marco Giuseppe Maria Rigotti (Chairman) and Ms. Antonella Bientinesi were appointed as permanent Statutory Auditors, while Mr. Vittorio Dell'Atti and Ms. Enrica Rimoldi were appointed as substitute Statutory Auditors.

Moreover, the Shareholders' Meeting also resolved on the annual remuneration to which members of the Board of Statutory Auditors are entitled to for the entire term of their office, also on the basis of information given by the outgoing Board of Statutory Auditors with regard to the commitment required for its members, in order to allow both the Shareholders and the candidates to evaluate the adequacy of such remuneration.

Without prejudice to fulfilment of the requirements currently in force, the Board of Statutory Auditors' composition resulting from the appointment process, including on the basis of the declaration provided by the Statutory Auditors, qualitatively corresponded to the theoretical profile for the Statutory Auditors made available to Shareholders in 2022 in the run-up to the Board of Statutory Auditors' renewal and was suitable also pursuant to the ECB "Guide to fit & proper assessment".

The Statutory Auditors personal qualities and gender diversity (the female component was equal to 40%) comply with the principles of the theoretical profile.

All the Statutory Auditors (both permanent and substitute) had experience in at least three of the competencies envisaged under the profile [banking business, banking corporate governance, risk management, internal control systems and internal audit, corporate legal and compliance, financial and non-financial disclosure], and stated that they had specific experience in the legal field and proper knowledge of corporate organisation and processes, thus allowing the Board of Statutory Auditors to carry out its 231 Supervisory Body functions. The additional qualifying but not necessary competencies identified by the theoretical profile (digital technology and sustainability - ESG) were represented in the collective composition.

With reference to the time commitment recommended for an appropriate attendance of the permanent Statutory Auditors to the Board of Statutory Auditors meetings, the Statutory Auditors declared their ability to commit sufficient time to duly perform their functions. In particular, the commitments that the Board of Statutory Auditors' members declared were found to be suitable with the commitment required to carry out their duties at UniCredit, including conducting activities related to their functions as a 231 Supervisory Body.

With regard to the maximum number of offices to be held, the permanent Auditors complied with the specific limits envisaged in the applicable provisions.

With regard to "collective suitability", the composition fully complies with the applicable provisions and the principles set in the theoretical profile, ensures a balanced mix of profiles and experiences (legal auditing of accounts, control activities in the banking sector and/or in listed companies; professional activities in fields relating to the banking, financial and securities industries; teaching, at university level, on subjects in the field of banking operations, business economics, accountancy, running of the securities markets) as well as is adequate for ensuring functionality and avoiding redundancy.

The outcomes of the check on the matching between the qualitative and quantitative composition deemed to be optimal and the one resulting from the appointment process were disclosed to Shareholders via a press release (on May 5, 2022), to allow them to take the proper measures, in due time before the March 31, 2023, Shareholders' Meeting, the first Shareholders' Meeting called for the approval of the financial statements following the renewal of the body.

Board of Statutory Auditors' composition and functioning

As at February 29, 2024, the Board of Statutory Auditors has the following composition.

Position	Members	In office		Slate (M/m)	Independent	%	Number of other
		Since	Until *	**	as per Code	***	positions ****
Chairman	Rigotti Marco Giuseppe Maria	08-04-2022	Approval of 2024 financial statements	m	X	100%	--
Permanent Statutory Auditor	Cacciamani Claudio	08-04-2022	Approval of 2024 financial statements	M	X	100%	--
Permanent Statutory Auditor	Navarra Benedetta	08-04-2022	Approval of 2024 financial statements	M	X	100%	2
Permanent Statutory Auditor	Paolucci Guido	08-04-2022	Approval of 2024 financial statements	M	X	100%	--
Permanent Statutory Auditor	Bientinesi Antonella	08-04-2022	Approval of 2024 financial statements	m	X	100%	--
Substitute Statutory Auditor	Pagani Raffaella)	08-04-2022	Approval of 2024 financial statements	M	X
Substitute Statutory Auditor	Manes Paola	08-04-2022	Approval of 2024 financial statements	M	X
Substitute Statutory Auditor	Dell'Atti Vittorio	08-04-2022	Approval of 2024 financial statements	m	X
Substitute Statutory Auditor	Rimoldi Enrica	08-04-2022	Approval of 2024 financial statements	m	X
----- Statutory Auditors who left during the Reference Period ----
--
Quorum required for submission of slates for the latest appointment: 0.5%
No. of meetings held during the Reference Period: 63 NOTE
* The October 27, 2023, UniCredit Shareholders' Meeting resolved to adopt the one-tier administration and control system - which provides for the appointment within the Board of Directors of an Audit Committee in place of the Board of Statutory Auditors - effective upon the renewal date of the corporate bodies in office at the Report's approval date. In particular, the first renewal of the Board of Directors will be resolved at the Shareholders' Meeting called to approve the 2023 financial statements.
** M = Member elected from the slate that obtained the majority of Shareholders' votes m = Member elected from the slate voted for by the Shareholders' minority

*** Meetings attendance percentage (number of meetings attended/number of meetings held during the concerned party's term of office over the Reference Period)

**** Number of positions as Director or Auditor held by the concerned party pursuant to Section 148-bis of the TUF and to the relevant implementing provisions contained in the CONSOB Issuers' Regulation. A complete list of such positions is published by the CONSOB on its website pursuant to Section 144-quinquiesdecies of the CONSOB Issuers' Rules.

The Board of Statutory Auditors' members comply with the requirements envisaged under applicable provisions. Statutory Auditors' personal qualities comply with the indications of the theoretical profile approved in January 2022 and meet the suitability requirements called for by the ECB's "Guide to fit and proper assessments".

For any further details on the composition of this corporate body and each Statutory Auditors' personal and professional characteristics, please refer to the information published on the UniCredit website²³. With regard to the requirements UniCredit Directors must meet, in addition to those envisaged under applicable laws and regulatory provisions, please refer to the Board of Statutory Auditors' theoretical profile published on the Company's website.

The following chart shows the seniority in office since their first appointment of current members of the Board of Statutory Auditors at the Report's approval date.

Member of the Board of Statutory Auditors		First appointment date
Rigotti Marco Giuseppe Maria	Chairman	April 2019
Cacciamani Claudio	Permanent Statutory Auditor	April 2022
Navarra Benedetta	Permanent Statutory Auditor	April 2016
Paolucci Guido	Permanent Statutory Auditor	May 2017 (1)
Bientinesi Antonella	Permanent Statutory Auditor	October 2017 (2)

(1) Mr. Paolucci was in office as a Permanent Statutory Auditor pursuant to Article 2401 of the Italian Civil Code between May 2, 2017, and December 4, 2017

(2) Ms. Bientinesi was in office as a Permanent Statutory Auditor pursuant to Article 2401 of the Italian Civil Code between October 26, 2017, and December 4, 2017

The Board of Statutory Auditors broken down by age and gender is detailed below.

²³ The UniCredit website address where the information concerning the Auditors is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-statutory-auditors.html https://www.unicreditgroup.eu/en/press-media/press-releases.html

Board of Statutory Auditors' composition and functioning

During the Reference Period the Board of Statutory Auditors met 63 times.

Board of Statutory Auditors meetings lasted on average approximately 3 hours.

For the 2024 financial year, 21 meetings of the Board of Statutory Auditors have been planned until the date of the Shareholders' Meeting called to approve the 2023 financial statements (April 12, 2024). As at February 29, 2024, 12 meetings had been held.

* * *

On February 22, 2024, the Board of Statutory Auditors finalized the self-assessment process focused on the Body's adequacy in terms of composition as well as correct and efficient functioning. The self-assessment process has been performed in accordance with the provisions of the Corporate Bodies and Committees Regulation, adopted in compliance with Supervisory Regulations on banks' corporate governance, and in line with the recommendations in the document "The self-assessment of the Board of Statutory Auditors" issued by Consiglio Nazionale dei Dottori Commercialisti ed Esperti Contabili (the National Council of Chartered Accountants) in May 2019.

The Board of Statutory Auditors assessed its composition to be adequate, also considering its development over time and its diversity in terms of skills, knowledge, experience, and gender, which has ensured the ongoing proper functioning of the Body.

* * *

In compliance with the provisions in force from time to time as well as in line with the criteria envisaged under the Italian Corporate Governance Code, the Statutory Auditors' independence shall be assessed by the Board of Statutory Auditors upon their appointment, as well as during the mandate upon the occurrence of circumstances concerning their independence and, in any case, at least once a year, on the basis of information provided by the Statutory Auditors themselves or however available to the Company, also considering any circumstance that affects or could affect such requirement. The outcome of these assessments shall be disclosed to the market after the appointment, through a press release and, subsequently, via the Corporate Governance Report.

The Board of Statutory Auditors checked the compliance with the independence requirements upon the yearly evaluation carried out during its meeting held on September 26, 2023, based on statements made by the permanent Statutory Auditors and on information available to the Company.

With specific reference to the independence requirements laid down by the Italian Corporate Governance Code, due consideration was given to the information relating to the existence of direct or indirect relationships (credit, business/professional and employee relationships, as well as significant offices held) that the Statutory Auditors, and their other connected subjects, may have with UniCredit and Group Companies.

In order to assess the potential significance of the above-mentioned relationships, the Board of Statutory Auditors, in compliance with the criteria already adopted by the Board of Directors, decided not to proceed with the merely identifying pre-defined economic thresholds above which independence would be "automatically" compromised, as such assessment requires an overall evaluation of both objective and subjective aspects. Therefore, for this purpose, the following criteria should be taken into account: (i) the nature and characteristics of the relationship; (ii) the amount in absolute and relative terms of the transactions; and (iii) the subjective profile of the relationship.

More specifically, when assessing the significance of such relationship, the following information, where available, is considered by the Board of Statutory Auditors:

credit relationships: the amount in absolute value of the credit granted, its weighting in relation to the system and, where appropriate, the economic and financial situation of the borrower;
business/professional relationships: the nature of the transaction/relationship, the amount of the consideration and, where appropriate, the economic and financial situation of the counterparty; and
offices held in Group Companies: the total amount of any additional remuneration.

In all of the above cases, all the parties involved (Statutory Auditor or family member; UniCredit or Group Company) and, for relationships with companies/entities, the nature of the "connection" (post held/controlling interest) with the Statutory Auditor or the family member were taken into account.

Also in view of the above, at its September 26, 2023, meeting, the Board of Statutory Auditors checked that permanent Statutory Auditors comply with the independence requirements. In particular, with regard to permanent Statutory Auditors whose information acquired highlighted the existence of such relationships, the Board of Statutory Auditors came to the conclusion that they were not of a nature such as to affect the Statutory Auditors' independence.

* * *

The Board of Statutory Auditors meets annually with the Chair of the Board of Directors and the Chief Executive Officer for mutual exchanges of information.

In performing its duties, the Board of Statutory Auditors constantly coordinated its activities with the Internal Audit function and the External Auditing firm. Appropriate functional links were established in their respective areas of competence with Board Committees, in accordance with the provisions of the UniCredit Corporate Bodies and Committees Regulation. More in detail, in 2023 the Chair of the Board of Statutory Auditors attended at the meetings of the Internal Controls & Risks Committee, Corporate Governance & Nomination Committee and ESG Committee as well as some meetings of the Remuneration Committee.

Individual members of the Board of Statutory Auditors attended (on a rotating basis) the meetings of the Related Parties and Remuneration Committees. Another Statutory Auditor also attended the Internal Controls & Risks Committee and the ESG Committee meetings (on a rotating basis). Furthermore, the entire Board of Statutory Auditors attended the Internal Controls & Risks Committee meetings when topics of common interest were examined (namely, the annual and half-year financial reports, and accounting issues).

* * *

The special authorisation procedure set out in Section 136 of the TUB applies to obligations of any kind or to purchase or sale agreements executed by the Board of Statutory Auditors members, either directly or indirectly, with the bank for which they perform their duties.

Statutory Auditors should also comply with the provisions laid down in Section 36 of Law Decree no. 201/2011 (interlocking prohibition), as amended by Law no. 214/2011, which prohibits office-holders in management, supervisory and controlling bodies and top executives of companies or groups of companies operating in credit, insurance and financial markets from taking or holding similar offices in competing companies or groups of companies.

* * *

The Board of Statutory Auditors' members benefit from the permanent induction program active for the Board of Directors' members, based on three-year cycles connected to the Board mandate and put in place with the support of

Board of Statutory Auditors' composition and functioning

an external consultant. Specific induction sections were also delivered by the ESG Committee as well as within the meetings of the Board of Statutory Auditors at its request.

More specifically, in 2023, training initiatives focused on topics linked to ICT and ESG strategies and risks as well as legal/regulatory deep-dives were prepared and implemented for Statutory Auditors.

Relations with Shareholders

In order to foster dialogue with institutional and private investors, analysts and rating agencies, as well as to maintain a constant flow of market-related information, UniCredit has specialised, readily-recognisable, easy-toaccess sections on its website (Governance and Investors sections) where it provides information on its governance structure and on the Company's internal organisation in order to ensure that Shareholders stay informed as they exercise their rights. The site also offers economic/financial information on the Company and other up-to-date Company relevant materials of interest to Shareholders as a whole.

All documents and information are available in both Italian and English.

Also, in line with the Italian Corporate Governance Code provisions, ad hoc structures were set up to handle relations with Shareholders in general and with investors, in particular, in compliance with provisions, also of internal kind, on corporate information. In detail:

within the Group Stakeholder Engagement department, Group Investor Relations is in charge of managing dialogue with institutional investors, whether or not they are Shareholders and in general with financial analysts, rating agencies and, supporting other structures, proxy advisors, providing the market with timely, transparent and accurate information with the aim of supporting a fair valuation of the Group;
within the Group Corporate Affairs structure, Corporate Governance and Shareholders Relations, in the capacity of Corporate Law Advice & Shareholders' Relations, is in charge of overseeing and managing relations with Italian and foreign private (i.e. non-institutional, including foundations) Shareholders and managing their requests.

The following dedicated channels are available:

a dedicated e-mail address ([email protected]) for institutional investors;
a toll-free number, 800 307 307 (only for calls within Italy); dedicated e-mail ([email protected]) for noninstitutional Shareholders.

The Head of Group Investors Relations is Ms. Magdalena Palczynska.

Shareholders may also communicate with the Company via its website, albeit not in real time.

For specific matters related to corporate governance-related topics, remuneration policies and ESG (Environmental, Social & Governance) matters, Group Investor Relations has involved and coordinated itself with Group Corporate Affairs, Group People & Culture and Group Strategy & ESG departments to strengthen long-term constructive dialogue with institutional investors and their proxy advisors on such matters. In particular, within the Group People & Culture department, the Group People Succession, Analytics & Rewards structure is in charge of managing the dialogue with investors on remuneration-related matters, enabling an exchange on mutual expectations and needs when drawing up remuneration policies. For information on the annual dialogue process with institutional investors and proxy advisors managed by the Group People & Culture department, please refer to the Group Remuneration Policy and Report.

Furthermore, it should be noted that during the course of 2023, the Group Corporate Affairs structure also kept up a calendar of contacts with institutional investors and their proxy advisors oriented towards long-lasting and constructive dialogue on corporate governance-related topics as well as on composition and functioning of the Board of Directors. In the same year, the Group Strategy & ESG department was involved in meeting with institutional investors aimed at discussing sustainability issues and, more specifically, Group ESG strategy, its integration into the Bank overall strategy and the definition of the path towards carbon neutrality (NET Zero) by 2050.

* * *

In regard of the engagement, since March 2019 the Board of Directors adopted a specific internal policy to govern any possible request for meetings and/or for information addressed to Board of Directors' non-executive member by UniCredit Shareholders, both institutional or non-, and/or any related proxy advisor, given the growing number of

requests from institutional investors who hold stakes in Italian listed companies and seek direct contact not only with company offices in charge of managing such issues, but also with the Board of Directors and, more specifically, with the Chairs of Board Committees.

More specifically, according to the above internal policy, dialogue with Shareholders and/or any related proxy advisor is conducted by (i) the Chair of the Board of Directors, in agreement with the Chief Executive Officer, if related to strategic corporate governance topics or to the functioning of the Board of Directors; (ii) the Chief Executive Officer, in agreement with the Chair of the Board, if related to strategic business topics or to the bank's management.

Each Chair of the Committees may directly maintain the meetings only for specific requests falling under the Board Committee's competencies, and on previous agreement with the Chair of the Board. In such cases, the Chairs of the Board Committees report to the Chair of the Board of Directors and to the Chief Executive Officer on any discussed topic and on the meetings' outcomes. Also the Board of Directors will be informed at its first available meeting.

Dialogues occurs in full compliance with the applicable laws, such as, for example, the rules on the inside information, in observance of any constraints resulting, in particular, from the market abuse regulation and the principle dealing with the Shareholders' equal treatment (on an information basis).

In 2023, the Chair and the Chief Executive Officer informed the Board of Directors, during its first available meeting, on the key points of the Shareholders' engagement and related updates.

The engagement policy of UniCredit is available on the Company's website in the Governance/Corporate Bodies section²⁴.

²⁴ UniCredit website address where the engagement policy (annex E of the Corporate Bodies and Committees Regulation) is available is: http://www.unicreditgroup.eu/en/governance/governance-bodies.html

Positions held by UniCredit Directors at other listed companies or large companies

	POSITIONS HELD	Company belonging to the UniCredit Group
		YES	NO
Pietro Carlo Padoan Chairman		--	--
Lamberto Andreotti Deputy Vice Chairman	Member of the Board of Directors at Corteva Agriscience		X
Andrea Orcel Chief Executive Officer	Director of EIS Group Ltd.		X
Vincenzo Cariello Director	Member of the Board of Directors of A2A S.p.A.		X
Elena Carletti Director		--	--
Jeffrey Alan Hedberg Director		--	--

Beatriz Ángela Lara Bartolomé Director	Sole Director of the AHAOW Moment S.L.		X
	Member of the Board of Directors of FINCOMUN Mexico		X
Luca Molinari Director	Member of the Board of Directors of Sanad Group		X
Maria Pierdicchi Director	Member of the Board of Directors of Aidexa Holding (previous PBI S.p.A.)		X
	Member of the Board of Directors of HUBLAB Eccellenze d'Impresa S.r.l.		X
Francesca Tondi Director		--	X

	(further) POSITIONS HELD	Company belonging to the UniCredit Group

		YES	NO
Renate Wagner Director	Member of the Management Board of Allianz SE		X
	Member of the Supervisory Board of Allianz Holding Eins GmbH		X
	Chairwoman of the Board of Directors of Allianz (China) Insurance Holding Company Ltd.		X
	Member of the Board of Directors of Allianz Australia Ltd.		X
	Member of the Board of Directors of Bajaj Allianz General Insurance Company Ltd.		X
	Member of the Board of Directors of Bajaj Allianz Life Insurance Company Ltd.		X

Alexander Wolfgring Director	Chairman of the Supervisory Board at Österreichisches Verkehrsbüro AG		X
	Member of the Board of Directors at AVZ GmbH		X

Managerial powers

Without prejudice to the authorities assigned to the Board of Directors by laws and the Articles of Association, the Board has granted the Chief Executive Officer the following powers, within pre-defined limits and also with the faculty to further sub-delegate, across all sectors of the Bank's business:

credit activities;
equity capital market transactions with an underwriting risk;
appointment of corporate officers to the governing bodies of companies (including non-investee companies), entities and other bodies as well as assignment of related remuneration;
management of shareholdings, concerning in particular (i) transactions on shareholdings already held or to be acquired; (ii) instructions for the exercise of voting rights at the Shareholders' Meetings (both ordinary and extraordinary) of its direct investee companies (control/joint control or non-controlled shareholdings); (iii) entering into and/or amending Shareholders' agreements related to (direct and indirect) controlling or noncontrolling shareholdings;
funds transactions of any kind, regardless of whether they belong to the Group;
short and medium/long term liquidity management activities for UniCredit and the Group;
management of Banking and Trading Book positions, not attributable to debt capital market activities on the Trading Book and to equity capital markets transactions;
activities connected to the marketing of products and services, including of third parties, and to the identification of conditions;
powers to authorise expenses and investments for Bank management, within the limits set by the annual Boardapproved strategies and cost estimate;
powers over staff management, in compliance with the collective responsibility principle during the set-up phase;
definition of and amendments to organisational structures and the organisational book, without prejudice to the Board's remit for (i) changing the powers and responsibilities of structures/roles belonging to the first reporting line to the Board itself and to the Chief Executive Officer; and (ii) setting up/amending/cancelling Managerial Committees where the Chief Executive Officer is an ordinary member that modify mission, members and quorum;
decision-making powers on matters pertaining to "restructuring" or "non-performing exposures";
decision-making powers on matters pertaining to expected losses and waivers due to capital and/or capitalised interests, disbursements and settlement offers, arising from proceedings of any nature (including administrative and tax), either on the active or passive side, judicial or extrajudicial (including mediation/conciliation proceedings), incidents or customer complaints;
selling/disposal and management of the Bank's real-estate and movable assets;
decision-making powers with regard to activities related to debt capital markets on the trading book, for the definition of limits to be assigned for each counterpart (single issuer/economic group), in reason of counterparty credit standing and the transaction's characteristics;
deciding the limits for overall individual issuer exposure on the trading book (single counterparty/economic group), regardless of the type of instruments on the trading book, based on the creditworthiness of the counterparty and transaction's characteristics;
entries on the profit and loss account for the settlement of outstanding items;
transactions related to firms, going concerns and/or "en-bloc" legal relationships.

* * *

In order to ensure proper management of and effective control over these delegated powers, the Chief Executive Officer has provided the Board of Directors, according to the ways established by the Board itself, with adequate information flows specifically highlighting any relevant associated risk.

UniCredit S.p.A. Joint stock company - Registered Office and Head Office: Piazza Gae Aulenti, 3 Tower A, 20154 Milan, Italy - Registered in the Register of Banking Groups and Parent Company of the UniCredit Group, with code 02008.1; ABI code 02008.1 - Fiscal Code, VAT number and Registration number with the Company Register of Milan-Monza-Brianza-Lodi: 00348170101 - Member of the National Interbank Deposit Guarantee Fund and the National Compensation Fund - Stamp duty paid virtually, if due - Auth. Agenzia delle Entrate, Ufficio di Roma 1, no. 143106/07 of 21.12.2007.

AI assistant

Unicredit — Governance Information 2024

4272_rns_2024-03-12_83879370-0351-4a9a-90fd-f57827873159.pdf

2023 Report on corporate governance and ownership structure

Index

ANNEXES:

Glossary

Issuer profile

Foreword

The Italian Corporate Governance Code

Issuer profile

The Report on corporate governance and ownership structure

Profile and structure

Issuer profile

Shareholder structure

Corporate governance model

Shareholders' Meeting

Governance evolution

Issuer profile

Board of Directors

Board Committees

Board of Statutory Auditors

Issuer profile

Diversity Policies

Issuer profile

Information on the ownership structure

2.1 Share capital structure

Rights and obligations

Other financial instruments granting the right to subscribe new shares

2.2 Restrictions on stock transfers

2.3 Relevant equity holdings

Information on the ownership structure

2.4 Restrictions on voting rights

2.5 Changes to control clauses and by-laws provisions on public purchase offers

Information on the ownership structure

2.6 Delegation of power to increase share capital and authorisations to purchase own shares

Shareholders' Meetings

Legitimation, how to attend and voting rights

Shareholders' Meetings conduct

Shareholders' Meetings

Board of Directors

4.1 Appointment and replacement

Succession plans

Board of Directors

Process

Content

4.2 Composition

Board of Directors

Board of Directors

Directors' seniority in office since their first appointment date

Board of Directors

Core competencies

Board of Directors

Time commitment and number of offices

Board of Directors

Induction initiatives and recurring training

4.3 Board of Directors' role

Meetings and functioning

Duties

Board of Directors

The role played by the Chair of the Board

Self-assessment

Board of Directors

Competitive business

Board of Directors

4.4 Executive Directors

Chief Executive Officers

Chair of the Board of Directors

Other executive Directors

Reporting to the Board

4.5 Independent Directors

Board of Directors

Independent Directors' meeting

4.6 Lead Independent Director

Board of Directors' internal Committees

Board of Directors' internal Committees

5.1 Internal Controls & Risks Committee

Composition

Board of Directors' internal Committees

Roles and Responsibilities

Unicredit Governance Information 2024