Setting the benchmark for excellence

2024 Report on corporate governance and ownership structure

pursuant to Section 123/bis of the TUF (one-tier management and control system)

Approval date: February 20, 2025

Index

Glossary 4
1. Issuer profile 6
2. Information on the ownership structure 16
2.1 Share capital structure16
2.2 Restrictions on stock transfers 17
2.3 Relevant equity holdings17
2.4 Restrictions on voting rights 19
2.5 Changes to control clauses and by-laws provisions on public purchase offers19
2.6 Delegation of power to increase share capital and authorisations to purchase own shares20
3. Shareholders' Meetings 21
4. Board of Directors24
4.1 Appointment and replacement24
4.2 Composition27
4.3 Board of Directors' role 37
4.4 Executive Directors42
4.5 Independent Directors43
4.6 Lead Independent Director45
5. Audit Committee46
6. Other Board of Directors' Committees52
6.1 Governance and Sustainability Committee 57
6.2 Risk Committee59

6.3 Nomination Committee 61
6.4 Remuneration Committee63
6.5 Related-Parties Committee 63
7. Directors' remuneration [Indemnities to Directors in the event of resignation, dismissal or termination of employment following a public purchase offer] 67
8. Directors' interests and related-parties transactions68
9. Internal controls and risks management system 70
9.1 Bodies and functions 70
9.2 Financial reporting process, including on a consolidated basis 80
9.3 Sustainability reporting process82
9.4 Coordination procedures among parties involved in the internal controls and risks management system 82
9.5 Group governance mechanisms 83
9.6 Organisation Model as per Legislative Decree no. 231/200184
9.7 Whistleblowing 85
9.8 Auditing firm85
10. Handling of corporate information 87
11. Relations with shareholders and other relevant stakeholders 89
Annex 1 - Positions held by UniCredit Directors at other listed companies or large companies91
Annex 2 - Delegation of powers 93

Glossary

Banca d'Italia	Bank (also the Holding Company or Company)	Borsa Italiana
The Italian Republic's central bank, it is part of the Eurosystem, comprising the European Central Bank and the national central banks of the European Union States that have adopted the Euro	UniCredit S.p.A.	The company responsible for managing and overseeing the proper functioning of the Italian financial market in which financial instruments are exchanged and traded
Circular no. 285/2013	CONSOB	CONSOB Issuers' Rules
Circular no. 285, dated December 17, 2013, issued by Banca d'Italia, regarding prudential Supervisory Regulations for banks and banking groups, as subsequently amended	Commissione Nazionale per le Società e la Borsa, the Italian Supervisory Authority that oversees transparency and correctness in conduct of subjects operating in the Italian financial markets	Regulation implementing the Italian Consolidated Law on Finance governing issuers, adopted by CONSOB through Resolution no. 11971, dated May 14, 1999, as subsequently amended
CONSOB Regulations on transactions with related parties (also CONSOB Resolution no. 17221/2010)	Consolidated Law on Banking (also the TUB)	Consolidated Law on Finance (also the TUF)
The regulation governing transactions with related parties by companies that make use of the risk capital market directly or via subsidiaries, adopted by CONSOB through Resolution no. 17221, dated March 12, 2010, as subsequently amended	Legislative Decree no. 385, dated September 1, 1993, as subsequently amended	Legislative Decree no. 58, dated February 24, 1998, as subsequently amended
Corporate Governance Code (also the Code)	CRD VI	European Central Bank (ECB)
The Italian "Corporate Governance Code" for listed companies approved in January 2020 by the Italian Corporate Governance Committee, made up of ABI, Ania, Assogestioni, Assonime, Confindustria and Borsa Italiana S.p.A.	Capital Requirements Directive VI, the European Parliament and Council's Directive 2013/36/EU, dated June 26, 2013, regarding access to the activity of credit institutions and the prudential supervision of credit institutions	The central bank of the twenty European Union Member States that adopted the Euro

Financial year to which the Report refers (also Reference Period)	Group Remuneration Policy and Report	Italian Civil Code
January 1, 2024/December 31, 2024	The Group Remuneration Policy and Report, drawn up in accordance with Section 123/ter of the TUF, Section 84/quater of the CONSOB Issuers' Rules and with Supervisory Provisions on remuneration	Royal Decree no. 262, dated March 16, 1942, as subsequently amended
Legislative Decree no. 231/2001	Manager in Charge	Ministry of Economy and Finance Decree no. 169 dated November 23, 2020 (also Decree)
Legislative Decree no. 231, dated June 8, 2001, containing the framework that governs the administrative responsibility of legal persons, companies and associations, with or without legal liability, as subsequently amended	The Manager in charge of preparing the company's financial reports (pursuant to Section 154/bis of the Consolidated Law on Finance)	The Regulation on the requirements and suitability criteria for corporate officers of banks, financial intermediaries, "confidi", electronic money institutions, payment institutions and depositor guarantee schemes to carry out their duties
Report	Supervisory Authority	Supervisory Regulations on corporate governance
This "Report on corporate governance and ownership structure", referring to the 2024 financial year, made available on the Company's website	The European Central Bank, Banca d'Italia, CONSOB, as defined above, and/or any other independent authority and/or administration at national or EU level	Provisions on banks' corporate governance, laid down in Circular no. 285, dated December 17, 2013 (First Part, Title IV, Chapter 1)
Supervisory Regulations on remuneration	UniCredit website
Provisions on remuneration and	The Company's website, www.unicreditgroup.eu

incentive policies and practices at banks and banking groups, as laid down in Circular no. 285, dated December 17, 2013 (First Part, Title

IV, Chapter 2)

1. Issuer profile

Foreword

The overall corporate governance framework of UniCredit S.p.A. has been defined in compliance with applicable national and European provisions, as well as the recommendations contained in the Italian Corporate Governance Code approved by the Italian Corporate Governance Committee, made up of ABI, Ania, Assogestioni, Assonime, Confindustria and Borsa Italiana S.p.A..

Moreover, UniCredit is subject to the provisions contained in the Supervisory Regulations issued by Banca d'Italia and, specifically with regards to corporate governance issues, to regulations on banks' corporate governance (Circular no. 285/2013, First Part, Title IV, Chapter 1). In compliance with the aforementioned Supervisory Regulations, as a significant bank subject to the direct prudential supervision of the ECB as well as being a listed bank, UniCredit qualifies as a bank of large size or operational complexity, and consequently complies with provisions applicable to such banks.

As an issuer of shares that are also listed on the Frankfurt and Warsaw regulated markets, UniCredit also fulfils legal and regulatory obligations related to listings on said markets, as well as provisions on corporate governance stipulated under the Polish Corporate Governance Code issued by the Warsaw Stock Exchange.

The Italian Corporate Governance Code

In line with practice on major international markets, the Italian Corporate Governance Code identifies goals for a sound corporate governance, as well as the behaviours deemed appropriate for their achievements recommended by the Italian Corporate Governance Committee to companies listed in Italy, to be applied according to the "comply or explain" principle that requires explanation in the corporate governance report of any reasons for failure to comply with one or more recommended best practices.

To ensure the ongoing consistency with the corporate governance code's recommendations against a backdrop of a changing market and investor expectations, in 2019 the Italian Corporate Governance Committee launched a review of the code, approved in its final version in January 2020. The adoption of this new version, based on principles of flexibility, proportionality also calibrated according to the company's size and ownership structures and neutrality with respect to the national provisions and the governance model specifically adopted, came into force starting from the 2021 financial year. Information on its implementation shall be included in corporate governance reports published during 2022.

Since 2001, UniCredit has adopted the Italian Corporate Governance Code, which is publicly available on the Italian Corporate Governance Committee website (https://www.borsaitaliana.it/comitato-corporate-governance/codice/codice.en.htm).

UniCredit, being a large company, applies the recommendations addressed to the category of "large companies".

The Code assigns to the Italian Corporate Governance Committee the task of periodically monitoring the level of compliance with its provisions by the companies with listed shares that have stated their adherence to it.

Any possible area of improvement for listed companies' governance is highlighted in the annual Report on compliance with the Code and disclosed to the companies concerned. This practice is intended to encourage a more conscious adoption of Code recommendations, and to promote an ongoing development of corporate governance at all listed companies on the Italian regulated market, regardless of whether companies have formally adopted the Code or not.

The last letter sent by the Chair of the Italian Corporate Governance Committee, dated December 17, 2024, identified some areas with the aim of strengthening the application of the "comply or explain" principle, focusing on:

completeness and timeliness of the pre-meeting information;
transparency and effectiveness of the remuneration policy;
executive role of the chairperson.

Said recommendations were submitted to the attention of the UniCredit Board Committees, in particular of the Governance and Sustainability Committee (at its meetings held on January 27 and February 19, 2025) and of the Remuneration Committee (at its meeting held on February 19, 2025), as well as of the Board of Directors (at its meetings held on January 28 and February 20, 2025) and of the Audit Committee (at its meeting held on January 24, 2025).

It should be noted that all the above highlighted areas of improvement have been subject to in-depth analysis and discussion by the Board and its Committees to strengthen the Company's corporate practices and to meet the growing expectations of the market.

Regarding pre-meeting information addressed to the Board, the Board and Board Committees Regulation (section 1. Board of Directors, paragraph 1.2 Functioning) is in line with best practices and provides, as a rule, for pre-meeting documentation and information necessary to express their opinions in an informed manner on the topics under deliberation to be made available to Directors at least three days before the Board meetings, unless there are exceptional events which prevent the documentation to be made available within said deadline. In such cases, the Chair ensures that the Chief Executive Officer provides an adequate presentation of the relevant topic during the Board meetings and sufficient time is devoted to said presentation and following discussions. In 2024, such circumstances only occurred in a limited number of cases mainly concerned topics of particular sensitivity.

As to the transparency and effectiveness of the remuneration policy, no critical elements emerged, considering that UniCredit's remuneration and incentive systems are already compliant with the recommendations of the Italian Corporate Governance Committee. Specifically, UniCredit:

within the Group Incentive System and in compliance with the Remuneration Policy provisions, includes in the long-term scorecards for the Chief Executive Officer, the GEC members and the GEC-1 population, specific, measurable sustainability KPIs that are disclosed in the Remuneration Policy and Report;
adopts a Group Incentive System that is based on clearly predefined short- and long-term goals, that are communicated at the beginning of the year and

objectively measured at the end of the performance period. All decisions in relation to variable remuneration payments are made based on predefined deliberative procedures that for the Chief Executive Officer and the other Executives with strategic responsibilities provide for the Board decision making, with the involvement of Remuneration Committee, Audit Committee and – if required – of the Related-Parties Committee. Furthermore, all decisions are transparently disclosed to the Shareholders and to the market in the Remuneration Policy and Report.

Regarding the executive role of the chairperson, please note that UniCredit's Chair does not hold any executive role.

Overall - in view of the above - no critical issues emerged on the areas of improvement highlighted in the letter of the Italian Corporate Governance Committee considering the good quality of the UniCredit corporate governance, which is already compliant with the recommendations outlined in the letter and in the Italian Corporate Governance Code. Nonetheless, there could be still room for further improvement regarding the timeliness of the information flows to Directors prior to the meetings.

The Report on corporate governance and ownership structure

On an annual basis, UniCredit draws up this Report for its Shareholders, institutional and non-institutional investors, and the market. The Report conveys appropriate information about the UniCredit corporate governance system.

Consistently with applicable legal and regulatory obligations, and in line with the Code's provisions, in its version approved as at January 2020, this UniCredit Report on corporate governance and ownership structure was drafted in accordance with Section 123-bis of the TUF.

The Report approved by the Company's Board of Directors at its February 20, 2025, meeting is disclosed at the same time as the Report on Operations via the UniCredit website¹ and on the website of the authorised storage mechanism "eMarket STORAGE" managed by Teleborsa S.r.l. (/en).

Unless expressly specified otherwise, the information contained in this Report refers to the date of December 31, 2024.

The Report was submitted to independent audit firm KPMG S.p.A. for its audit and its opinion on the consistency of certain specific information included in the Report itself with the financial statements, as well as its compliance with the legal provisions pursuant to Section 14, sub-section 2, letter e), of Legislative Decree no. 39/2010 (as last amended by Legislative Decree no. 135/2016) and Section 123-bis, sub-section 4, of the TUF. The results of the audit firm's activities are outlined in its reports attached to the 2024 UniCredit individual and consolidated financial statements.

¹ The UniCredit website address where the Report on corporate governance and ownership structure is available is: https://www.unicreditgroup.eu/en/governance/our-governance-system.html

Starting from 2025, with reference to the 2024 financial year, the Company draws up the sustainability reporting (replacing the Integrated Report prepared in previous years), which is included in an ad hoc section of the Report on Operations of the Consolidated Reports and Accounts, in order to fulfil the obligations under the Legislative Decree no. 125 dated September 6, 2024, implementing in Italy the Directive 2022/2464/EU of the European Parliament and the Council dated December 14, 2022 (the Corporate Sustainability Reporting Directive, also hereinafter CSRD).

It should further be noted that the Report on Operations in the Consolidated Reports and Accounts contains a section entitled "Corporate Governance", in which the UniCredit corporate governance system is briefly described.

Profile and structure

UniCredit S.p.A. is a company whose shares are listed on the Milan, Frankfurt and Warsaw regulated markets. As a bank, parent company of the UniCredit banking Group, pursuant to the provisions of Section 61 of the TUB, in addition to banking activities, it carries out guidance and coordination as well as control functions vis-à-vis its banking, financial and instrumental subsidiaries which compose the banking Group. UniCredit also carries out governance and coordination activities pursuant to Article 2497 and following of the Italian Civil Code with reference to Italian subsidiaries belonging to the UniCredit Group, directly and indirectly controlled by the same.

The Company is not subject to guidance and coordination by other legal entities.

The UniCredit organisation² reflects an organisational and business model which maintains a divisional structure for the governance of business/products, as well as global control over Digital & Information and Operation functions, while ensuring the autonomy of countries/local banks on specific activities to ensure increased proximity to the client and more efficient decision-making processes.

Shareholder structure

As at December 31, 2024, UniCredit share capital amounted to Euro 21,367,680,521.48, divided into 1,551,419,850 ordinary shares of no nominal value. The shares are issued in a dematerialised form and are indivisible as well as freely transferable.

At the same date, Shareholders were about 189,000; 96.88% of its share capital was owned by legal persons, and the remaining 3.12% by physical persons. UniCredit's Shareholders' composition is the result of analyses conducted on data deriving from the contents of the Shareholders' Register.

² The UniCredit website address where the Company's organisation structure is available is:

https://www.unicreditgroup.eu/en/unicredit-at-a-glance/organizational-structure.html

The representation provided by the Shareholders' Register is the best estimate of the composition of UniCredit's Shareholders base; however, its updating procedures are not such as to ensure that the composition represented corresponds to the actual Shareholder base at any given time.

Corporate governance model

Starting from April 12, 2024, UniCredit has adopted the one-tier corporate governance system in lieu of the traditional one. The one-tier model is based on the existence of a Board of Directors, which is in charge of the strategic supervision and management of the Company, and of an Audit Committee, established within the Board itself, performing specific control functions, both appointed by the Shareholders' Meeting. The Audit Committee also carries out the Supervisory Body's duties in accordance with the Legislative Decree no. 231/2001.

Legal accounting supervision is entrusted by the Shareholders' Meeting to an external audit firm, upon proposal of the Audit Committee, in compliance with applicable provisions.

In addition to the Audit Committee, in compliance with the applicable laws and regulations, other Board Committees are provided for supporting the Board of Directors, vested with research, advisory and proposal-making powers, and diversified by sector of competence.

UniCredit believes that the one-tier model is suitable for managing the business efficiently, while ensuring effective controls and thus for guaranteeing the sound and prudent management of a complex and global banking group like the UniCredit Group. The one-tier model also ensures a greater effectiveness of controls through the integration of the control body within the Board.

Shareholders' Meeting

The Shareholders' Meeting is empowered to resolve both in ordinary and extraordinary session, albeit with different constitutive and resolving quorum depending on the specific topics on the Agenda.

In particular, in its ordinary session, the Shareholders' Meeting approves the financial statements, the allocation of net profits, the appointment of Directors and the assignment of the mandate for external auditing to an audit firm, resolving on the connected fees. Furthermore, it resolves on the remuneration and incentive policies and practices provided for under applicable provisions, and on criteria to determine compensation to be granted in the event of early termination of employment or early retirement from office.

In extraordinary session, the Shareholders' Meeting is empowered to resolve on amendments to the Articles of Association and on transactions of an extraordinary nature such as increases in share capital, mergers and de-mergers.

Those entitled to attend the Shareholders' Meeting are the holders of voting rights about whom the Company has received notification from the broker holding their

accounts by the deadline stated under applicable provisions (i.e., the "record date", which is seven market trading days prior to the date set for the Shareholders' Meeting).

For more information on the Shareholders' Meeting, please see Section no. 3

Board of Directors

Composition and diversity

The UniCredit Board of Directors may be composed of between a minimum of nine and a maximum of nineteen members, of whom at least three Directors - and, in any case, no more than five - make up the Audit Committee.

As at February 20, 2025, the Board of Directors is made up of fourteen Directors, of whom one is an executive and thirteen are non-executive Directors (with a quota equal to 93% of its members).

At the Report's approval date, 93% of the members of the Board of Directors meet the independence requirements provided by the Legislative Decree no. 58/1998 and the Italian Civil Code, the Ministry of Economy and Finance Decree no. 169/2020, as well as the Italian Corporate Governance Code; 50% of the Board members are Directors from the less-represented gender, and 36% of them come from countries other than Italy.

Appointment process

The members of the Board of Directors, included the Audit Committee members, shall be appointed on the basis of a slate voting mechanism ("voto di lista"). Legitimate parties entitled to submit slates are the Board of Directors and shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at ordinary Shareholders' Meetings.

The UniCredit Articles of Association envisage that, regardless of the total number of Board of Directors' members, two Directors, other than members of the Audit Committee, shall be appointed from the second slate receiving the highest votes, without any connection with the Shareholders who, jointly or severally, filed or voted for the slate that came first by number of votes, to ensure that the minority Shareholders have a greater presence in the Board of Directors.

Qualitative and quantitative composition

In the appointment process, Shareholders are invited to take into account the qualitative and quantitative composition that the Board of Directors has deemed to be optimal for the effective fulfilment of the duties and responsibilities entrusted to the body with supervisory functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association, according to current provisions applicable on such topics also concerning time commitments and the limits upon the maximum number of offices that may be held.

Requirements

Board members, included the members of the Audit Committee, comply with the professional experience, integrity and independence requirements envisaged under applicable provisions, also of a regulatory nature, and under the Articles of Association.

Chief Executive Officer

Pursuant to the provisions of the Articles of Association, the Board of Directors has appointed a Chief Executive Officer, who is entrusted not only with the specific powers needed for the management of the Company, within the terms and limits set by the Board itself, but also with the general task of ensuring the execution of the Board resolutions.

* * *

The Board of Directors' function and competencies are set out in the UniCredit Board and Board Committees Regulation³ .

For more information on the Board of Directors, please see Section no. 4

Audit Committee

Composition and diversity

The Audit Committee, appointed by the Shareholders' Meeting within the Board of Directors, is composed of at least three - and, in any case, no more than five- Directors, who serve for the term of the Board of Directors in which they were appointed. The number of members of the Audit Committee is established by the Shareholders' Meeting.

As at February 20, 2025, the Audit Committee is made up of four non-executive Directors, one of whom is the Chair. All the members of the Audit Committee are independent pursuant to the applicable provisions and the Articles of Association (with a quota equal to 100% of its members).

At the Report's approval date, 50% of the members of the Audit Committee are Directors from the less-represented gender, and 25% come from countries other than Italy.

Members appointed by minorities

The UniCredit Articles of Association envisage that a member of the Audit Committee, or two, if the Audit Committee is composed of five Directors, shall be appointed from minorities. The Chair of the Audit Committee is appointed by the Shareholders' Meeting among the Directors elected by the minorities.

³ The UniCredit website address where the Board and Board Committees Regulation is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies.html

Requirements

The members of the Audit Committee meet the professional experience, integrity and independence requirements envisaged under current provisions, also of a regulatory nature, and the by-laws.

* * *

The Audit Committee's function and competencies are set out in the UniCredit Board and Board Committees Regulation.

For more information on the Audit Committee, please see Section no.5

Other Board Committees

In addition to the Audit Committee, which is inherent in the one-tier governance system adopted by the Company, the UniCredit Board of Directors has established other five Committees, vested with research, advisory and proposal-making powers and diversified by sector of competence, also in line with the provisions of the Italian Corporate Governance Code: Governance and Sustainability Committee, Risk Committee, Nomination Committee, Remuneration Committee and Related-Parties Committee. Their duties are undertaken based on terms of reference and procedures set forth by the Board.

The Board Committees' composition, functioning and competencies are set out in the UniCredit Board and Board Committees Regulation.

For more information on the other Board Committees, please see Section no. 6

Diversity Policies

The Board of Directors' composition ensures the gender balance envisaged under the applicable provisions.

In the run-up to the Board of Directors' renewal for the 2024-2026 financial years, the outgoing Board of Directors made available to Shareholders a new theoretical profile for Directors to allow the best choice of candidates to be presented to the April 12, 2024 Shareholders' Meeting called for the appointment of Directors and members of the Audit Committee, following the adoption of the one-tier management and control system and the relevant amendments to the Articles of Association resolved upon by the Extraordinary Shareholders' Meeting of UniCredit held on October 27, 2023.

In the theoretical profile specific recommendations were formulated to ensure a balanced composition of knowledge, skills and experience and to promote inclusion and diversity across age, gender and geographical areas, as well as to adequately reflect the UniCredit Group size and operational complexity.

When formulating its recommendations on the composition of the Board of Directors and its Committees, UniCredit recommended that its Shareholders filed slates of candidates in which at least two-fifths of candidates were drawn from the leastrepresented gender, in line with the relevant provisions. Moreover, UniCredit encouraged Shareholders to submit slate with a view to meet a percentage of Directors belonging to the less represented gender more than 40% towards 50%.

It should be noted that UniCredit already recommended that its Shareholders abided by the above provisions on gender balance in its 2015, 2018 and 2021 qualitative and quantitative profiles.

Training, professional experience, age

On the topic of diversity, when formulating its recommendations for the renewal of the Board of Directors for the 2024-2026 financial years, UniCredit reiterated, among others, the relevance of further promoting the diversity requirements in particular with regards to the presence of Directors (i) with an international training and professional experience (irrespective of nationality), (ii) having knowledge, skills and technical experience that also allow them to understand the activities and main risks to which UniCredit is exposed as well as (iii) different age of the members of the body.

Regarding professional experience requirements, subject to compliance with existing regulations, some areas of competence have been selected by the Board, with the recommendation that candidates preferably possess two or more of the selected competences and the same are all represented at Board level as the presence of a diverse range of skills and experiences ensures that all professional profiles are represented, encourages dialogue and helps achieving the efficient functioning of the Board.

Between such competences, to ensure that the Board of Directors can properly supervise any risk that may affect the sustainability of the Bank's business in a medium-long term perspective, including relevant impacts and opportunities, the Board selected as areas of competence respectively the Sustainability (ESG) and Legal, regulatory, AML and compliance.

Compliance with the diversity composition requirements identified in the 2024 qualitative and quantitative profile was checked by the Board at the end of the Directors' appointment process. Directors' personal qualities and gender diversity fully complied with the principles set in the theoretical profile. Furthermore, with reference to professional expertise accrued in the areas of competence envisaged under the profile, all the areas of competence were represented in the Board and the experience gained by all Directors was in line with the requirements provided for under the profile, considering that they possess good understanding of and experience in more than two of the required areas of competence. At the Report's approval date, the Board composition fully complies with the principles set in the theoretical profile; in particular, as to gender diversity, the female component is above the quota established under the applicable provisions.

Moreover, it should be noted that in UniCredit there is an active and permanent induction program for the Board members consisting, inter alia, of recurring trainings

sessions to preserve over time the expertise needed for the proper fulfilment of their duties.

* * *

Gender in UniCredit

With reference to the measures adopted by the Company to promote equal opportunities and treatment between genders within the whole organisation, it should be highlighted that at UniCredit, Diversity, Equity, and Inclusion (DE&I) are a business imperative to unlock the full potential of its people fostering a positive and inclusive work environment. This approach ensures sustainable growth, new business opportunities, and a cohesive work environment focused on productivity, personal and professional well-being, and the continuous engagement of its people. DE&I strategy goes beyond gender, encompassing broader diversity strands, and is fully integrated into the ESG framework and business agenda. Diversity, Equity and Inclusion are key tenets to be fulfilled in every key moment of its employees' journey, from recruiting and onboarding, to learning and development, performance management and compensation, in line with the corporate Culture and the Group's Values - Integrity, Ownership and Caring - that guide all actions and behaviours. Through the Diversity, Equity, and Inclusion Global Policy, UniCredit further enhances inclusion within the whole organisation, to ensure that internal procedures, policies and practices promote such principles and nurture a supportive working environment where individual differences are respected and valued.

UniCredit is committed to promote gender parity across all organisational levels and to ensure equal pay for equal work, providing equal opportunities and fair treatment.

UniCredit is accountable for the Diversity, Equity and Inclusion progress, setting up a monitoring process that includes relevant DE&I metrics and KPIs as well as data on gender diversity alongside indicators related to the diversity of people. UniCredit also makes available, both internally and externally, relevant data, commitments and initiatives leveraging on the Group communication channels and reporting.

* * *

For further information on the UniCredit corporate governance structure, in addition to the specific Sections contained in this Report, please see the Company's website where such information is available alongside information of an economic and financial nature, data, and documents of interest to Shareholders in general.

2. Information on the ownership structure

2.1 Share capital structure

As at December 31, 2024, the UniCredit fully subscribed and paid-in share capital amounted to Euro 21,367,680,521.48, divided into 1,551,419,850 ordinary shares of no nominal value.

UniCredit shares are listed on the Milan, Frankfurt and Warsaw regulated markets, respectively on Borsa Italiana S.p.A. (Euronext Milan), on the Frankfurt Stock Exchange and on the Warsaw Stock Exchange. The shares traded on the aforesaid markets have the same characteristics and offer the same rights.

No other types of shares, equity instruments or convertible or exchangeable bonds have been issued.

As at February 20, 2025, the UniCredit fully subscribed and paid-in share capital amounts to Euro 21,453,835,025.48, divided into 1,557,675,176 ordinary shares of no nominal value, following the free share capital increase aimed at servicing the Group Incentive System resolved by the Board of Directors on February 10, 2025, by virtue of the powers granted to it pursuant to Article 2443 of the Italian Civil Code by the Extraordinary Shareholders' Meetings of April 9, 2020, April 15, 2021, April 12, 2024.

Rights and obligations

Each ordinary share entitles holders to the right to cast one vote at ordinary and extraordinary Shareholders' Meetings. Shares give holders all the administrative and economic rights and obligations envisaged by law.

No stocks granting special controlling rights or special powers have been issued.

Other financial instruments granting the right to subscribe new shares

At the Report's approval date, there are no financial instruments granting the right to subscribe new shares linked to incentive systems.

For the sake of completeness, it should be noted that with regard to the capital increase approved by the Extraordinary Shareholders' Meeting of UniCredit S.p.A. on November 14, 2008, no. 967,564,061 ordinary shares, subscribed by Mediobanca - Banca di Credito Finanziario S.p.A. pursuant to the guarantee agreement executed with UniCredit S.p.A. were used to service the issue of and underlie Convertible and Subordinated Hybrid Equity-linked Securities ("Cashes") financial instruments. These Cashes were subscribed in full by institutional investors. Mediobanca gave the right of usufruct over such shares to UniCredit, maintaining bare ownership ("nuda proprietà") of the shares. As a result of reverse-split transactions on these shares conducted in December 2011 and January 2017, at the Report's approval date the number of the aforesaid ordinary shares is equal to 9,675,640.

2.2 Restrictions on stock transfers

At the Report's approval date, there are no restrictions on stock transfers, taking into account the 9,675,640 shares used to service the Cashes of which Mediobanca holds bare ownership (see the previous section on Share capital structure).

2.3 Relevant equity holdings

On the basis of the communications received in accordance with Section 120 of the TUF, direct and indirect relevant equity holdings as at December 31, 2024, registered on the Shareholders Register are stated below.

The Shareholders listed below hold more than 3%, and do not qualify for disclosure exemptions (as provided under Section 119/bis of CONSOB Rule no. 11971/99).

Declarant	Direct Shareholder	% of ordinary capital	% of voting capital
BlackRock Group		7.407%	7.407%
	BlackRock Fund Advisors	2.034%	2.034%
	BlackRock Institutional Trust Company, National Association	1.943%	1.943%
	BlackRock Advisors (UK) Ltd	1.178%	1.178%
	BlackRock Asset Management Deutschland Ag	0.971%	0.971%
	BlackRock Investment Management (UK) Ltd	0.479%	0.479%
	BlackRock Investment Management, Llc	0.353%	0.353%
	BlackRock Advisors, Llc	0.152%	0.152%
	BlackRock Asset Management Canada Ltd	0.103%	0.103%
	BlackRock Japan Co. Ltd	0.079%	0.079%
	BlackRock Investment Management (Australia) Ltd	0.061%	0061%
	BlackRock Financial Management, Inc.	0.045%	0.045%
	BlackRock Asset Management North Asia Ltd	0.005%	0.005%
	Aperio Group Llc	0.002%	0.002%
	Blackrock (Singapore) Ltd	0.000%	0.000%
	Blackrock International Limited	0.000%	0.000%

	3.102%	3,102%
Fidelity Management & Research Company LLC	1.851%	1.851%
LIAM LLC	0.408%	0.408%
Strategic Advisers LLC	0.322%	0.322%
Fidelity Institutional Asset Management Trust Company	0.270%	0.270%
Fidelity Management Trust Company	0.194%	0.194%
FMR Investment Management (UK)	0.057%	0.057%

The table below shows the relevant equity holdings in share capital as resulting following the free share capital increase aimed at servicing the Group Incentive System resolved by the Board of Directors on February 10, 2025, by virtue of the powers granted to it pursuant to Article 2443 of the Italian Civil Code by the Extraordinary Shareholders' Meetings of April 9, 2020, April 15, 2021, April 12, 2024.

Declarant	Direct Shareholder	% of ordinary capital	% of voting capital
BlackRock Group		7.377	7.377
	BlackRock Fund Advisors	2.026%	2.026%
	BlackRock Institutional Trust Company, National Association	1.935%	1.935%
	BlackRock Advisors (UK) Ltd	1.173%	1.173%
	BlackRock Asset Management Deutschland Ag	0.967%	0.967%
	BlackRock Investment Management (UK) Ltd	0.477%	0.477%
	BlackRock Investment Management, Llc	0.351%	0.351%
	BlackRock Advisors, Llc	0.151%	0.151%
	BlackRock Asset Management Canada Ltd	0.103%	0.103%
	BlackRock Japan Co. Ltd	0.079%	0.079%
	BlackRock Investment Management (Australia) Ltd	0.061%	0.061%
	BlackRock Financial Management, Inc.	0.045%	0.045%
	BlackRock Asset Management North Asia Ltd	0.005%	0.005%
	Aperio Group Llc	0.002%	0.002%
	Blackrock (Singapore) Ltd	0.000%	0.000%
	Blackrock International Limited	0.000%	0.000%

	3.090%	3.090%
Fidelity Management & Research Company LLC	1.844%	1.844%
LIAM LLC	0.407%	0.407%
Strategic Advisers LLC	0.321%	0.321%
Fidelity Institutional Asset Management Trust Company	0.269%	0.269%
Fidelity Management Trust Company	0.193%	0.193%
FMR Investment Management (UK)	0.057%	0.057%

At the Report's approval date, the information concerning the above-mentioned significant shareholdings in the share capital is unchanged.

There is no employee equity holding system in place whereby voting rights may be exercised by employee representatives.

2.4 Restrictions on voting rights

At the Report's approval date, there is no limitation on the exercise of voting rights.

At the Report's approval date, the voting rights of the 9,675,640 UniCredit shares subscribed by Mediobanca pursuant to the guarantee agreement executed with UniCredit S.p.A. and used to service the Cashes, in relation to which the aforementioned party granted a usufruct right to UniCredit, do not have voting rights (see the previous section on Share capital structure).

The Company knows of no Shareholders' agreements among relevant Shareholders as defined by Section 122 of the TUF.

2.5 Changes to control clauses and by-laws provisions on public purchase offers

UniCredit S.p.A. is not a Company controlled by any Shareholder or subject to any Shareholder agreement, as provided for under Italian law.

No UniCredit subsidiaries executed agreements that may be considered relevant pursuant to Section 123/bis of the TUF.

* * *

The UniCredit Articles of Association do not envisage exceptions to the provisions on the passivity rule envisaged under Section 104, sub-sections 1 and 1-bis, of the TUF.

The Articles of Association do not envisage the application of the counteracting rules envisaged under Section 104/bis, sub-sections 2 and 3, of the TUF.

2.6 Delegation of power to increase share capital and authorisations to purchase own shares

The Board of Directors was empowered by the Shareholders' Meeting to execute free share capital increases, with the exclusion of option rights, to service incentive plans for UniCredit Group employees (see Clause 6 of the Articles of Association). The Board of Directors was not granted any authority to issue other equity instruments.

The UniCredit Shareholders' Meeting, with the resolution adopted in its meeting held on April 12, 2024, authorised the Board of Directors to lunch two programmes for the purchase of treasury shares and their consequent cancellation without reduction of the share capital aimed at increasing remuneration in favour of Company's Shareholders (i.e., programmes named respectively as "2023 SBB Residual" and "2024 SBB Anticipation"). Both said programmes were concluded during the reference period (lastly, by deed of cancellation of treasury shares on December 18, 2024).

At the Report's approval date, UniCredit does not hold treasury shares.

3. Shareholders' Meetings

In compliance with the applicable provisions, the UniCredit Articles of Association envisage that the ordinary Shareholders' Meeting is convened at least once a year, within 180 days of the end of the financial year, to resolve upon the issues for which it is responsible pursuant to applicable laws and the Articles of Association. An extraordinary Shareholders' Meeting is convened, instead, whenever it is necessary to resolve upon any of the matters that are exclusively attributed to its jurisdiction by applicable laws.

Shareholders' Meetings are held on single call, in accordance with the provisions of law. However, to maintain adequate organisational flexibility, the Articles of Association retain the option for the Board to issue more than one call for single meetings.

In accordance with legal and regulatory requirements, Shareholders' Meetings are convened via a notice published on the Company's website, as well as through other channels provided for under applicable laws and regulatory provisions, including publication in daily newspapers in extract form. The Agenda of the Shareholders' Meeting is established in accordance with legal requirements and the Articles of Association by whomever exercises the power to call a Meeting.

By the deadline for publication of the Shareholders' Meeting call of notice provided for each item on the Agenda - or by any other deadlines envisaged under other legal provisions - the Board of Directors shall make publicly available a report on each of the items on the Agenda.

The right to ask for the integration of the Agenda may, according to the cases, methods and terms outlined in the applicable provisions, be exercised by Shareholders who individually or jointly represent at least 0.50% of share capital. Shareholders requesting additions to the Agenda shall prepare a report stating the reason for their resolution proposals on the new matters they propose for discussion. Shareholders may also submit further resolution proposals on items already on the Agenda, stating the reasons thereof.

The Shareholders' Meeting shall take place at the Company's Registered Office in Milan or at another location in Italy, as indicated in the Meeting call notice. The Meeting resolves with the majorities envisaged under applicable laws.

The Articles of Association do not provide for particular quorum. Relevant legal and regulatory provisions must be complied with for a Shareholders' Meeting and the resolutions it takes, to be valid.

In compliance with the provisions set forth in Article 2365 of the Italian Civil Code, Clause 23 of the Articles of Association grants the Board of Directors authority over resolutions on the following:

changes made to the Articles of Association to comply with legal requirements;
merger through incorporation of companies in situations envisaged under Articles 2505 and 2505-bis of the Italian Civil Code;
de-merger of companies in situations envisaged under Article 2506-ter of the Italian Civil Code;
the reduction of share capital in the event of a Shareholder withdrawing;
decisions on which Directors, in addition to those indicated in the Articles of Association, may represent the Company.

In compliance with the Articles of Association and pursuant to applicable provisions issued by Banca d'Italia concerning the remuneration and incentive policies and practices for banks and banking groups, in addition to establishing the compensation payable to the corporate bodies appointed by the Shareholders' Meeting, in its ordinary session the Shareholders' Meeting approves: (i) remuneration and incentive policies for members of the

supervisory, management and controlling bodies, as well as for remaining employees; (ii) equity-based compensation schemes; (iii) the criteria for determining the compensation to be granted in the event of early termination of employment or early retirement from office including the limits set for said compensation in terms of number of years of fixed remuneration as well as the maximum amount deriving from their application. Furthermore, during approval of remuneration and incentive policies, the ordinary Shareholders' Meeting may exercise the faculty to determine a ratio of variable-to-fixed remuneration for employees higher than 1:1, but in any case not exceeding a ratio of 2:1. In accordance with Section 123-ter of the TUF, the Shareholders' Meeting resolves on the Group Remuneration Policy and Report, explaining, inter alia, the Company's policy on the remuneration of Board of Directors members, the General Manager (when appointed), Executives with strategic responsibilities and, without prejudice to the provisions set forth by Article 2402 of the Italian Civil Code, the members of the corporate body charged with control functions, as well as the procedures used to adopt and implement this policy.

The Shareholders' Meeting is informed about the ways in which the Remuneration Committee may exercise its functions and on the activities it has carried out via the "Group Remuneration Policy and Report".

Legitimation, how to attend and voting rights

Pursuant to applicable provisions, the holders of voting rights from whom the Company has received notification through the broker holding their accounts by the deadline established by law are entitled to attend the Shareholders' Meeting. Those who hold voting rights may be represented at the Shareholders' Meeting via a written proxy. Since 2011 UniCredit identifies for each Shareholders' Meeting a "Designated Proxy-Holder" to whom the holders of voting rights may grant a proxy inclusive of voting instructions regarding all, or some of, the items on the Agenda free of charge.

The UniCredit Articles of Association provide an option for voting rights holders to participate remotely at Shareholder's Meetings via means of telecommunications, and to exercise their voting rights using electronic methods, referring the decision to activate such instruments to the Board of Directors on a single meeting basis.

As a rule, all Directors attend the Shareholders' Meeting.

The Board reports to the Shareholders' Meeting on the activities performed and planned within the framework of the management report. Furthermore, it makes every effort to ensure adequate information on all relevant items so as to enable Shareholders to take informed decisions on matters within their sphere of competence, in particular by ensuring that Directors' Reports and any additional information has been made available within the time frame established by law and by regulatory provisions in force.

Information on the functioning of the Shareholders' Meeting and on the exercise of Shareholders' rights is available on the Company's website (https://www.unicreditgroup.eu/en/governance/shareholders.html).

Shareholders' Meetings conduct

Since 1998 the Shareholders' Meeting has adopted rules oriented towards ensuring the orderly and effective conduct of ordinary and extraordinary meetings. The Regulations governing general meetings, most recently approved in April 2018, are available online at the UniCredit S.p.A. website under the Governance/Shareholder Section⁴ .

Clause 7 of the Regulations on general meetings states that those entitled to attend the Shareholders' Meeting are entitled to take the floor in respect of each of items presented for discussion. Shareholders intending to exercise this

⁴ The UniCredit website address where the Regulations governing general meetings are available is:

http://www.unicreditgroup.eu/en/governance/shareholders.html

right must ask the Chair for permission, via the Notary or the Secretary, providing the Chair with a written request containing details of the issue or the issues to which the request refers to, up until he declares discussions regarding the issue or the issues the request to take the floor refers to are closed. The Chair usually allows persons to take the floor as per the chronological order in which they have submitted their requests. The Chair may moreover authorise the submission of requests to take the floor by a show of hands.

* * *

In 2024, UniCredit's market capitalisation increased by ca. 16 billion, reaching 59.8 billion. In a positive trend for the European banking sector, UniCredit's stock price performance was +67.9%, overperforming (+42%) the sector benchmark (the performance of SX7P index, comprising the 600 largest banks in Europe, was +26% over the reference period).

As to changes that affected the Shareholder structure, during 2024, taking into account the threshold of market disclosure obligations that qualify as relevant shareholdings according to the TUF, BlackRock Inc. and FMR LLC have passed the 3% threshold.

No proposals were put to the Shareholders' Meeting to amend the Articles of Association with regard to the percentages set for exercising rights and prerogatives to safeguard minorities.

4. Board of Directors

4.1 Appointment and replacement

In accordance with applicable legal and regulatory provisions, UniCredit Directors are appointed on the basis of a slate voting mechanism ("voto di lista") in compliance with composition criteria concerning, among others, minority and independent Directors, and gender balance (for more on this, please see Clause 20 of the Articles of Association, available for consultation on the UniCredit website⁵ ).

The legitimate parties who are entitled to submit slates are the Board of Directors and Shareholders who individually, or jointly with others, represent at least 0.5% of share capital in the form of shares with voting rights at the ordinary Shareholders' Meetings. Each party entitled to file a slate of candidates may submit or contribute to the submission of just one slate (including via proxies or trustee companies). Shareholders belonging to the same group or Shareholders who are parties to a Shareholders' agreement concerning UniCredit shares may not submit more than one slate (including via proxies or trustee companies). Candidates must be included in one slate only, otherwise they are ineligible.

Pursuant to the mentioned Clause 20 of the Articles of Association, each slate shall include two sections: the first section containing the candidates for the office of member of the Board of Directors other than the candidates for the office of member of the Audit Committee and the second section containing only candidates for the office of member of the Audit Committee.

The UniCredit Articles of Association envisage that, regardless of the total number of the Board members, two Directors, other than members of the Audit Committee, shall be appointed from the second slate receiving the highest votes, without any connection with the Shareholders who, even jointly, filed, or voted for, the slate first by number of votes.

In compliance with the provisions of Section 147-ter of the TUF, UniCredit established that slates of candidates for the position of Director should be filed at the Registered Office no later than the twenty-fifth day prior to the date of the Shareholders' Meeting called to resolve on the appointment of members of the Board. Slates must be made publicly available at the Registered Office, on the Company's website and via other channels provided for under applicable laws, at least twenty-one days prior to the date of the Shareholders' Meeting. As regards the minimum percentage of share capital needed to submit a slate, Clause 20, sub-section 5, of the Articles of Association specifies that the percentage must be equal to 0.5% of the share capital in the form of shares with voting rights at an ordinary Shareholders' Meetings, consistent with the minimum shareholding percentage established by CONSOB (Section 144-quater of the CONSOB Issuers' Rules). When slates are submitted by the Shareholders, the ownership of the minimum number of shares required to file a slate is calculated with regard to the shares registered for each individual Shareholder, or for several Shareholders together, on the day on which the slates are filed with the Company.

Other than those set out by law, no particular rules apply to amending the Articles of Association.

⁵ The UniCredit website address where the Articles of Association are available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/articles-association-code-ethics.html

In compliance with applicable provisions, the Board of Directors establishes its qualitative and quantitative composition deemed to be optimal for the effective fulfilment of the duties and responsibilities entrusted to the body with supervisory functions by law, by the Supervisory Provisions and by the UniCredit Articles of Association. The Board also establishes requirements for UniCredit Directors to meet, in addition to the possession of requirements envisaged under applicable provisions. The Board has also adopted a procedure for identifying candidates for the posts of member of the Board of Directors, including the Chair and the Chief Executive Officer, to be applied in the event of the possible presentation by the Board of a list of candidates to be submitted to the Shareholders' Meeting, or the identification by the Board of the potential candidates suitable to cover the post of director on the occasion of the publication of the theoretical profile on the Company's website, and of a co-optation⁶ ,

Before appointing new members of the Board of Directors, and at the latest when the notice convening the Shareholders' Meeting called to resolve on their appointment is published, the Board shall inform Shareholders on the composition deemed to be optimal in order that the expertise required may be taken into consideration in the choice of candidates. Shareholders may obviously carry out their own assessment of the optimal composition of the body with supervisory functions, and submit candidacies consistent with that assessment, giving reasons for any difference from the analyses made by the Board. The outcomes of the check on the matching between the qualitative and quantitative composition deemed to be optimal and the one resulting from the appointment process are disclosed to Shareholders, to allow them to take the proper measures, in due time before the first Shareholders' Meeting called for the approval of the financial statements following the renewal of the body or of the majority of its members.

With regard to the qualitative and quantitative composition of the Board of Directors and the profile necessary for candidates to the position of Director, and in particular the time commitment and limits upon the maximum number of offices Directors may hold, as well as the diversity composition criteria for the body with supervisory functions, reference is made to the document⁷ "Qualitative and Quantitative Composition of the UniCredit S.p.A. Board of Directors", published on the Company's website, and in the information provided in Section 4.2 "Composition".

Succession plans

With reference to the recommendations in CONSOB Resolution no. DEM/11012984 dated February 24, 2011, and to the provisions of Article 4, recommendation 24, of the Italian Corporate Governance Code, please be informed that, since 2006, UniCredit has in place a structured Succession Planning process, aimed at the management and development of the Group's succession pipeline. The Group process refers to all top management positions (GEC and GEC-1) 8 , including the Chief Executive Officer position; at a local level, succession plans include a broader managerial population (GEC-2 and below) consistent with the strategic roles of each specific perimeter.

⁶ The UniCredit website address where the "Process for selecting candidates" approved by the Board of Directors is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies/selection-and-composition.html

⁷ The UniCredit website address where the "Qualitative and Quantitative Composition of the UniCredit S.p.A. Board of Directors" is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies/selection-and-composition.html

⁸ Members of the Group Executive Committee (GEC) and managers up to the first line reporting to the GEC.

Process

Succession Planning is strictly integrated into the annual Performance Management process that involves employee self-appraisal, managerial appraisal of employee's performance and potential, followed by a number of calibrations carried out at local and Group level aimed at obtaining a coherent vision of all managerial positions.

The outcomes of Performance Management, integrated with the analysis of skills and professional experiences, are the starting point for identifying successors for each target position, to then be discussed and validated at a local level. For the definition of the succession plans of the GEC and GEC-1 members holding strategic and top positions at Group level, the proposals are shared with the Head of Group People & Culture function and validated by the Chief Executive Officer.

With reference to manner and timeline of the review, the update of the succession plans occurs on a yearly basis. As a rule, at the end of each cycle, a results summary is discussed by the Nomination Committee, which reports to the Board of Directors on the main points discussed.

During the year, the Nomination Committee regularly analyses the evolution of the succession planning for the Chief Executive Officer and his/her first reporting line (GEC members and permanent guests to GEC), including the roles of Heads of the corporate control functions.

The Chief Executive Officer succession planning is reviewed periodically, to identify potential successors. The results of this process are shared with the Nomination Committee and/or with the Chair of the Board of Directors.

Content

Group Succession Planning promotes the growth of top management by ensuring the continuity and sustainability of the business, through the identification of successors in the event of emergency situations and in short and medium term planning. For all key managerial positions, performance, potential, skills and professional experience are analysed to fill the target positions.

In the event of an early or unexpected replacement of top management, including the Chief Executive Officer, the outcomes of the Succession Planning process constitute the reference point for the evaluation of possible candidates and decisions on new appointments.

4.2 Composition

Pursuant to the Articles of Association, the UniCredit Board of Directors may be composed of between a minimum of nine and a maximum of nineteen members, of whom at least three (and, in any case, no more than five) compose the Audit Committee. As at February 20, 2025, the number of Directors is fourteen, of whom four make up the Audit Committee.

Directors' term in office is three financial years, unless a shorter term is established at such time as they are appointed and ends on the date of the Shareholders' Meeting called to approve the financial statements relating to the last year in which they are in office.

The ordinary Shareholders' Meeting held on April 12, 2024, appointed the Directors for the financial years 2024- 2026, whose term runs until the date of the Shareholders' Meeting called to approve the 2026 financial statements.

According to Clause 20 of the Articles of Association and pursuant to applicable laws and regulations, the Board of Directors submitted a proposal to the abovementioned ordinary Shareholders' Meeting to establish the number of Directors and of the Audit Committee and appoint them.

In such circumstance, the Board of Directors recommended that when submitting slates of candidates Shareholders should take into account the document on the Board of Directors' qualitative and quantitative composition deemed to be optimal for the effective fulfilment of its duties and responsibilities, as approved by the Board in February 2024, to allow the best choice of candidates to be presented to the 2024 Shareholders' Meeting called for the appointment of Directors and members of the Audit Committee.

In particular, in such theoretical profile specific recommendations were formulated to ensure a balanced composition of knowledge, skills and experience and to promote inclusion and diversity across age, gender and geographical areas, as well as to adequately reflect the UniCredit Group size and operational complexity, also with a view to guarantee continuity and renewal at Board level. Such profile also recommended quantitative composition for Board and its Committees, included the Audit Committee.

As expressly provided for in the Articles of Association, with reference to the faculty held by the Board of Directors to submit its own slate of candidates, on February 16, 2024, the outgoing Board unanimously approved its own slate of candidates to the post of Director and of member of the Audit Committee. In execution of its February 2024 resolutions, the Board submitted a proposal to the Shareholders' Meeting to set at fifteen the number of the members of the Board of Directors and at four the number of the members of the Audit Committee to be appointed.

Slate candidates were chosen via the procedure for identifying candidates approved by the Board. The criteria adopted for issuing this slate complied with the requirements highlighted in the qualitative and quantitative profile approved by the Board.

Two slates were submitted, filed and published according to the deadline and in the terms provided for under applicable provisions and the Articles of Association, specifically:

• Slate no. 1 was submitted by the outgoing Board of Directors:

Section 1, containing the candidates for the office of Director, other than the candidates for the office of members of the Audit Committee, Mr. Pietro Carlo Padoan (designated as Chair), Mr. Andrea Orcel (designated as Chief Executive Officer), Ms. Paola Bergamaschi, Ms. Elena Carletti, Mr. Marcus Johannes Chromik, Mr. António Domingues, Mr. Jeffrey Alan Hedberg, Ms. Beatriz Ángela Lara Bartolomé, Ms. Maria Pierdicchi; Section 2, containing the candidates for the office of Director and member of the Audit Committee, Ms. Paola Camagni, Mr. Gabriele Villa and Ms. Julie Birgitte Galbo;

• Slate no. 2 was submitted by several institutional investors, with an overall shareholding equal to 1.41% of the share capital:

Section 1, containing the candidates for the office of Director, other than members of the Audit Committee, Mr. Vincenzo Cariello and Ms. Francesca Tondi;

Section 2, containing the candidates for the office of Director and member of the Audit Committee, Mr. Marco Giuseppe Maria Rigotti and Ms. Monica Petrella.

In addition to the above slates, the following documentation was submitted and published in accordance with prescribed deadlines and procedures:

the statement of Shareholders, others than those who, also jointly, hold a controlling or relative majority shareholding, stating that there is no connection with the latter, even indirectly, pursuant to Section 144 quinquies of CONSOB Issuers' Rules, taking into account the recommendations issued by CONSOB in Communication no. DEM/9017893, dated February 26, 2009;
an exhaustive information on the personal and professional characteristics of the candidates indicated on the slate (such as: curriculum vitae and a list of the directorships and controlling offices held in other companies);
the declarations with which each candidate accepts the position (subject to their appointment) and attests, under their own responsibility, the absence of ineligibility, forfeiture or incompatibility situations, and that they meet the requirements established under the applicable provisions, also of a regulatory nature, and the Articles of Association;
the declarations by each candidate concerning their fulfilment or not of the independence requirements pursuant to Section 148 of the TUF and Article 2399 of the Italian Civil Code, Sections 13 or 14 of the Decree issued by the Ministry of Economics and Finance no. 169/2020 and the Italian Corporate Governance Code.

Information on the personal and professional characteristics of each candidate, as shown in their curriculum vitae, declarations envisaged under applicable laws and the UniCredit Articles of Association, and, more specifically, declarations certifying their compliance or otherwise with the independence requirements prescribed by law and in the Italian Corporate Governance Code, may be found on the UniCredit website

(https://www.unicreditgroup.eu/en/governance/shareholders.html). In particular, when submitting their candidacies Mr. Padoan, Ms. Bergamaschi, Mr. Cariello, Ms. Carletti, Ms. Camagni, Mr. Chromik, Mr. Domingues, Ms. Galbo, Mr. Hedberg, Ms. Lara Bartolomé, Ms. Pierdicchi, Mr. Rigotti, Ms. Tondi and Mr. Villa declared their independence pursuant to the Decree, the TUF and the Article 2399 of the Italian Civil Code, as well as the Italian Corporate Governance Code.

The Shareholders' Meeting held on April 12, 2024, after resolving that the members of the Board of Directors should in total be fifteen, including four as members of the Audit Committee, as proposed by the outgoing Board, appointed the following Directors for the financial years 2024-2026:

as members of the Board of Directors other than members of the Audit Committee
i. Mr. Pietro Carlo Padoan, Mr. Andrea Orcel, Ms. Paola Bergamaschi, Ms. Elena Carletti, Mr. Marcus Johannes Chromik, Mr. António Domingues, Mr. Jeffrey Alan Hedberg, Ms. Beatriz Ángela Lara Bartolomé and Ms. Maria Pierdicchi, drawn from the Slate no. 1, submitted by the outgoing Board of Directors, which obtained the majority of the Shareholders' Meeting votes;
ii. Mr. Vincenzo Cariello and Ms. Francesca Tondi, drawn from the Slate no. 2, submitted by several institutional investors and voted by the minority shareholders attending the Meeting;
as members of the Board of Directors and of the Audit Committee
- i. Ms. Paola Camagni, Ms. Julie Birgitte Galbo and Mr. Gabriele Villa, drawn from the Slate no. 1;
- ii. Mr. Marco Giuseppe Maria Rigotti (Chair of the Audit Committee), drawn from the Slate no. 2.

At the Report's approval date, Ms. Paola Maria Di Leonardo is the UniCredit Board Secretary.

The Board composition resulting from the appointment process was:

quantitatively corresponding to that identified as optimal by the Board itself;
qualitatively corresponding to the theoretical profile established by the Board, as well as suitable pursuant to the requirements established under the applicable provisions and the ECB "Guide to fit & proper assessment".

Also taking into consideration information provided by the person concerned, compliance was achieved vis-à-vis requirements concerning experience, competence, integrity, fairness and independence, the requirements of independence of mind, as well as the adequate time to perform their duties (the time commitment recommended for an effective attendance at the Board and Committees meetings and limits upon the maximum number of offices a director may hold⁹ established under the applicable provisions).

With reference to the time commitment recommended for effective attendance at Board and Committees meetings, all Directors, inter alia, declared their ability to commit sufficient time to duly perform their functions. The commitments Directors declared were deemed to be compatible with the commitment required to conduct their duties at UniCredit, including sitting on Board Committees, where applicable.

Furthermore, with reference to professional expertise accrued in areas of competence envisaged under the theoretical profile [i.e., banking business; banking governance; financial and international markets; strategic planning; risk and control; legal/regulatory, AML and compliance; accounting and audit, digital and technology and sustainability (ESG)], all these areas were represented on the Board. Considering that, in addition to their international experience, they possess a good understanding of and experience in more than two areas of competence envisaged in the qualitative and quantitative profile, the experience gained by all Directors, including the member of the Audit Committee, is in line with the requirements identified in the profile.

Regarding the "collective suitability", the personal qualities of Directors, as well as the diversity requirements (including age, geographical mix and gender diversity), fully complied with the applicable provisions and the principles set in the Board theoretical profile.

The outcomes of the check on the matching between the qualitative and quantitative composition deemed to be optimal and the one resulting from the appointment process were disclosed to Shareholders via a press release (on May 6, 2024), to allow them to take the proper measures, in due time before the March 27, 2025, Shareholders' Meeting, the first Meeting called for the approval of the financial statements following the renewal of the body.

Following the resignation from the Board of Ms. Marcus Johannes Chromik, independent Directors, with effect from December 11, 2024, at the Reports' approval date the Board of Directors is made up of fourteen Directors, one is an executive and thirteen are non-executive Directors (with a quota equal to 93% of its members).

Specifically, with regard to the "collective suitability" of the Board at the Reports' approval date:

it presents an adequate diversity in terms of gender (with a quota equal to 50% of women, exceeding the minimum threshold for the less represented gender criterion set forth by the applicable provisions equal to at least two-fifths of the appointed Directors, and a ratio of female to male equal to 1), age (79% of the Directors are in the 50-65 years age range and 21% are over 65 years old) and geographical mix (36% of them come from countries other than Italy);
93% of the Directors meet the independence requirements provided by the Legislative Decree no. 58/1998 and the Italian Civil Code, the Ministry of Economy and Finance Decree no. 169/2020, as well as the Italian Corporate Governance Code;
93% of the Directors have international experience and skills in legal, regulatory, AML and compliance;

⁹ See the following section on the "Maximum number of offices held at other companies"

86% of the Directors have skills in financial and international markets, in banking business as well as in risk and control;
79% of Directors have skills in banking governance, strategic planning, and accounting and audit, as well as expertise in sustainability (ESG);
43% of the Directors have skills in digital and technology.
on average, the Directors possess eight of the areas of competence identified by the Board

The following chart shows the Board of Directors' composition at the Report's approval date, and any changes that occurred during the 2024 financial year.

Position	Members	In office since	In office until	Slate (M/m) *	Executive	Non-executive	Independent as per Code	Independent as per TUB	Independent as per TUF	Board meetings attendance % **	Number of other positions ***
Chair	Padoan Pietro Carlo	12-04-2024	Approval of 2026 financial statements	M		X	X	X	X	100	--
Deputy Vice Chair	Carletti Elena	12-04-2024	Approval of 2026 financial statements	M		X	X	X	X	100	--
Chief Executive Officer ◊	Orcel Andrea	12-04-2024	Approval of 2026 financial statements	M	X					100	2
Director	Bergamaschi Paola	12-04-2024	Approval of 2026 financial statements	M		X	X	X	X	93.33	1
Director	Camagni Paola	12-04-2024	Approval of 2026 financial statements	M		X	X	X	X	100	3
Director	Cariello Vincenzo	12-04-2024	Approval of 2026 financial statements	m		X	X	X	X	100	1
Director	Domingues António	12-04-2024	Approval of 2026 financial statements	M		X	X	X	X	100	2
Director	Galbo Julie Birgitte	12-04-2024	Approval of 2026 financial statements	M		X	X	X	X	100	3
Director	Hedberg Jeffrey Alan	12-04-2024	Approval of 2026 financial statements	M		X	X	X	X	100	--
Director	Lara Bartolomé Beatriz Ángela	12-04-2024	Approval of 2026 financial statements	M		X	X	X	X	100	2
Director	Pierdicchi Maria	12-04-2024	Approval of 2026 financial statements	M		X	X	X	X	100	2
Director	Rigotti Marco Giuseppe Maria	12-04-2024	Approval of 2026 financial statements	m		X	X	X	X	100	1
Director	Tondi Francesca	12-04-2024	Approval of 2026 financial statements	m		X	X	X	X	95.65	--

Director	Villa Gabriele	12-04-2024	Approval of 2026 financial statements	M	X	X	X	X	100	3
			Directors who left during the Reference Period
Deputy Vice Chair	Andreotti Lamberto	15-04-2021	12-04-2024	M	X	X	X	X	62.50	1
Director	Marcus Johannes Chromik (1)	12-04-2024	11-12-2024	M	X	X	X	X	92.86	1
Director	Molinari Luca	15-04-2021	12-04-2024	M	X	X	X	X	87.50	1
Director	Wagner Renate	15-04-2021	12-04-2024	M	X		X	X	87.50	6
Director	Wolfgring Alexander	15-04-2021	12-04-2024	M	X			X	100	2
	Quorum required for submission of slates for the latest appointment: 0.5%
	No. of meetings held during the Reference Period: 23
NOTE:
* M = Member elected from the slate that obtained the majority of the Shareholders' votes
m = Member elected from the slate voted for by the Shareholders' minority
** Meetings attendance percentage (number of meetings attended/number of meetings held during the concerned party's term of office with regard to the Reference
	Period)

*** Number of offices of management and control held at other listed companies or large companies. A list of such companies for each Director is attached to the Report

◊ Director in charge of the internal controls and risks management system

(1) Resigned effective from December 11, 2024

The Board of Directors members comply with the requirements envisaged under applicable provisions. Directors' personal qualities comply with the indications of the theoretical profile approved by the Board of Directors in February 2024 and meet the suitable requirements under the ECB's "Guide to fit and proper assessments".

For more details on the composition of this corporate body and on personal and professional characteristics of each Director, please see the information published on the UniCredit website¹⁰. With regard to the requirements UniCredit Directors must meet, in addition to those envisaged under applicable laws and regulatory provisions, please see the "Qualitative and Quantitative Profile of UniCredit S.p.A. Board of Directors" document, which is published on the Company's website.

The following charts shows the composition of the Board of Directors at the Report's approval date.

Directors' birth year and seniority in office since their first appointment date

Directors	Birth year	First appointment date
Bergamaschi Paola	1961	April 2024
Camagni Paola	1970	April 2024
Cariello Vincenzo	1965	April 2018
Carletti Elena	1969	February 2019

¹⁰ The UniCredit website address where the information on Directors is available is:

https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-directors.html

Domingues António	1956	April 2024
Galbo Julie Birgitte	1971	April 2024
Hedberg Jeffrey Alan	1961	April 2021
Lara Bartolomé Beatriz Ángela	1962	February 2020
Orcel Andrea	1963	April 2021
Padoan Pietro Carlo	1950	October 2020
Pierdicchi Maria	1957	April 2018
Rigotti Marco Giuseppe Maria	1967	April 2019*
Tondi Francesca	1966	April 2018
Villa Gabriele	1964	April 2024

(*) Mr. Rigotti was Chair of the UniCredit Board of Statutory Auditors from April 2019 to April 2024.

Core competencies

Each Director knowledge, skills and experience allows the Board to understand the business areas and main risks to which the UniCredit Group is exposed to. The table below shows for each Director in office at the Report's approval date the relevant skills and expertise in line with the provisions of the February 2024 theoretical profile, that the Board of Directors deemed to be significant in assessing both the personal qualities and the collective suitability of its own members.

	International	Financial and	Banking	Banking	Legal/regulatory,	Strategic	Risk and	Accounting	Sustainability	Digital and
	experience	international markets	governance	business	AML and compliance	planning	control	and audit	(ESG)	technology
Padoan Pietro Carlo	X	X	X	X	X	X			X
Carletti Elena	X	X	X	X	X		X	X	X
Orcel Andrea	X	X	X	X	X	X	X	X	X	X
Bergamaschi Paola	X	X	X	X	X	X	X	X		X
Camagni Paola	X	X			X		X	X	X
Cariello Vincenzo	X	X	X	X	X	X	X	X	X
Domingues António	X	X	X	X	X	X	X	X	X	X
Galbo Julie Birgitte	X	X	X	X	X	X	X	X
Hedberg Jeffrey Alan	X	X			X	X			X	X
Lara Bartolomé Beatriz Ángela	X			X		X	X		X	X
Pierdicchi Maria	X	X	X	X	X	X	X	X	X

Rigotti Marco Giuseppe Maria	X	X	X	X	X	X	X	X	X
Tondi Francesca	X	X	X	X	X	X	X	X	X	X
Villa Gabriele			X	X	X		X	X

*** * ***

The following chart highlights the means of attendance of Directors (in office as at December 31, 2024) at Board meetings held in 2024. The attendance to the meetings was allowed both in person and remotely.

	2024
Board of Directors	Meetings	Attendance	%	Means of attendance
				physical	by teleconference	via phone
Padoan Pietro Carlo (Chair)	23	23	100	15	8
Carletti Elena (Deputy Vice Chair)	23	23	100	16	7
Orcel Andrea (Chief Executive Officer)	23	23	100	14	9
Bergamaschi Paola	15	14	93.33	6	8
Camagni Paola	15	15	100	11	4
Cariello Vincenzo	23	23	100	18	3	2
Domingues António	15	15	100	8	7
Galbo Julie Birgitte	15	15	100	8	7
Hedberg Jeffrey Alan	23	23	100	16	7
Lara Bartolomé Beatriz Ángela	23	23	100	9	14
Pierdicchi Maria	23	23	100	13	8	2
Rigotti Marco Giuseppe Maria	15	15	100	11	4
Tondi Francesca	23	22	95.65	9	13
Villa Gabriele	15	15	100	12	3
average attendance	274	272	99.27	166	102	4

Time commitment and number of offices

In light of the provisions contained in the relevant regulations, the availability of time to be dedicated to performing the office, based upon the nature, quality and complexity of the same, is an essential requirement to be guaranteed by Directors, also in relation to the activities arising from attendance in the works of Board Committee, for members thereof.

According to its qualitative and quantitative profile, the UniCredit Board recommends that candidates accept the office only if they believe they are able to dedicate the necessary time to that position, considering the following factors: their other professional or personal commitments and circumstances, as well as the conduct of offices covered in other companies; the nature, scale and complexity of the activities performed, the size and the situation of the entities where such positions are held, and the place or country where such entities are based.

Also in line with the ECB guidelines, the Board carried out an estimate to be intended as a reference point to assess the minimum time needed for appropriate meeting attendance. Such estimate, which is summarised in the following chart, also takes into account the new structure of the Board, including the set-up of the Board Committees.

Board of Directors

Chair of the Board of Directors	2/3 days per week
Chief Executive Officer	full time
Non-executive Director	32 days per year

Audit Committee (included the 231 Supervisory Body)

Chair	80 days per year
Member	40 days per year

Governance and Sustainability Committee

Chair	= (*)
Member	12 days per year

(*) already included in the estimate provided for the Chair of the Board of Directors

Risk Committee

Chair	41 days per year
Member	31 days per year

Nomination Committee

Chair	24 days per year
Member	18 days per year

Remuneration Committee

Chair	21 days per year
Member	16 days per year

Related-Parties Committee

Chair	23 days per year
Member	17 days per year

With specific reference to Board of Directors and Committee meeting attendance percentages, this should not be lower than 75% per annum.

In the document dealing with the qualitative and quantitative profile as most recently approved in February 2024, the Board recalled the specific limits envisaged under the Decree issued by the Ministry of Economics and Finance no. 169 dated November 23, 2020, concerning the rules on suitability requirements and criteria for holding offices as corporate officer, inter alia, of banks, according to Section 26 of the TUB.

According to said provisions, each Director may hold an overall number of positions in banks or other commercial companies equal to one of the following alternative options:

• one executive position and two non-executive positions

• four non-executive positions

with the following specifications:

a) offices refer to positions held in Board of Directors, Supervisory Board, Management Board, Board of Statutory Auditors, or as General Manager; in foreign companies, offices refer to positions equivalent to those preceding, on the basis of relevant regulations applicable to the relevant companies;
b) for the purposes of calculating the above limits
- i. the position held in UniCredit is included;
  - ii. the following aggregation mechanism is applied: the total number of positions held is considered as a single office when the offices are held within (i) the same group, (ii) banks belonging to the same institutional protection scheme, and (iii) in companies not belonging to the UniCredit Group, in which UniCredit holds a qualifying shareholding as defined by Section 4 of the Regulation (EU) no. 575/2013, namely a direct or indirect holding in an undertaking which represents 10% or more of the share capital or of the voting rights or which makes it possible to exercise a significant influence over the management of that undertaking. The set of positions counted as a single position is considered as an executive position if at least one of the positions is executive; in other cases, it is considered as non-executive;
- iii. the following are not considered: offices held (i) in companies or entities whose sole purpose is to manage the private interests of a Director or of his/her spouse who is not legally separated, of a person bound by a civil union or a de facto cohabitation, or of a relative or a relative-in-law up to the fourth degree, and which do not require any type of day-to-day management by the Director; (ii) as a professional in a professionals' company; (iii) as a substitute statutory auditor.

The holding of one non-executive additional post, with respect to the above limits, is allowed only if it does not jeopardize the possibility of the Director to commit an adequate time to the post in UniCredit to carry out effectively his/her functions under the limitations and with the manners established by the afore-mentioned Decree no. 169/2020.

* * *

The following chart shows the overall number of offices of management and control held in other companies by the Directors in office at the Report's approval date. Compliance with the limits on the maximum number of offices that Directors may hold in other companies envisaged under the applicable provisions was evaluated by taking into consideration the weighting applicable to offices held in the same group, pursuant to declarations made by Directors themselves.

Director	Overall number of offices of management and control held in other companies
Bergamaschi Paola	1
Camagni Paola	3
Cariello Vincenzo	1
Carletti Elena	--
Domingues António	2

Galbo Julie Birgitte	3
Hedberg Jeffrey Alan	--
Lara Bartolomé Beatriz Ángela	2
Orcel Andrea	2
Padoan Pietro Carlo	--
Pierdicchi Maria	2
Rigotti Marco Giuseppe Maria	1
Tondi Francesca	--
Villa Gabriele	3

* * *

Moreover, Directors, included the members of the Audit Committee, must take into account the provisions of Section 36, Law Decree no. 201/2011 (a ban on interlocking directorships) which was approved as a statute under Law no. 214/2011, which establishes that the holder of a seat on a managerial, supervisory or controlling body, as well as top management officers in companies or groups of companies active in banking, insurance and financial markets, are forbidden from holding similar offices, or to exercise similar duties, in competing companies or groups of companies. The Board must ascertain whether such situations fall under the provision of Section 36 and potential new circumstances of supervening competition.

Induction initiatives and recurring training

In UniCredit there is an active permanent induction program for the Board members based on three-year cycles connected to the Board mandate, with the aim of ensuring an ad hoc training on a continuous basis that takes in account both their individual and collective needs.

The induction program and the recurring training respectively include sessions aimed at fostering the integration of the new Directors and trainings to preserve over time the expertise needed for the proper fulfilment of their duties.

In addition, individual training plans will be activated in the event it is deemed necessary to strengthen a Director's specific technical knowledge and expertise, also to increase the level of diversity and the collective experience of the Board of Directors.

Over the Reference Period, training sessions for the Board of Directors, or members of each Board Committee covering their competence area, have focused on topics relating to corporate governance, strategy, business, data protection and artificial intelligence, digital technology, cyber security, risks management, including the ESG topics, and legal/regulatory deep-dives, as well as the overall internal control system, with the aim of ensuring awareness and knowledge of the risk profile adopted by the Group.

More specifically, training schemes focused on the in-depth examination of the above-mentioned topics, were prepared and implemented.

4.3 Board of Directors' role

Meetings and functioning

During the Reference Period, the Board of Directors met twenty-three times, with an average length of about three hours and fifty-five minutes.

For the 2025 financial year, 15 meetings have been planned, of which 5 already held as at February 20, 2025.

One of the Chair's responsibilities is planning Board meetings also in respect of the items on the Agenda, which are proposed by the Chief Executive Officer. The activities are carried out with the support of the Board Secretary, who possesses adequate experience and assists the Board with impartial assistance and independence of judgement on all relevant aspects for the proper functioning of the corporate governance system. The Board, upon proposal of the Chair, provides for his/her appointment pursuant to the UniCredit Articles of Association, for three financial years, based on the assessment that he/she has skills and proven experience as appropriate to carry out the tasks inherent in the role.

The Secretary ensures compliance with the procedures relating to the functioning of the Board of Directors, assists the Chair in the performance of his/her activities, in particular the organization of the work of the Board, planning the timetable and setting the Agenda of the meetings of the Board of Directors, keeping minutes of the meetings. In the absence of the Secretary to the Board of Directors, the Board designates a person to replace him/her.

The Chair, in alignment with the Chief Executive Officer, can invite - where appropriate - executives competent on the matters on the Agenda to attend such meetings when the matter is discussed. In 2024, Group Executive Committee members, the Manager in charge of preparing the company's financial reports, as well as the Head of Internal Audit and the other members of Management at the Company and Group were invited to attend Board meetings, without voting rights, to report on specific issues as well as to assist the Chief Executive Officer in making presentations to the Board.

In particular, the Heads of control functions (i.e., Group Risk Management, Group Compliance, Group Legal and Internal Audit) attended all the ordinary Board's meetings - mainly in the Risk Committee section - except for the meetings focused on the results' approval, which involved the prevailing attendance of the CFO as well as of the Manager in charge of preparing the company's financial reports and the Group Risk Management. The functions related to the other Board Committees, whose activities are promptly reported to the Board, regularly attended Board's meetings (e.g., Group People & Culture e Group Strategy & ESG). Lastly, Group Digital & Information, Group Operations, Group Stakeholder Engagement, as well as the functions related to business areas (i.e., Group Client Solutions and the Heads of the geographical areas in which the Group is entailed) attended Board's meetings on a periodical basis to report on specific issues and to assist the Chief Executive Officer, according to the relevant Agenda.

The UniCredit Board and Board Committees Regulation establishes that, as a rule, appropriate pre-meeting documentation and information necessary for Directors to take resolutions in an informed manner are made available to Directors at least three days prior to the Board meeting. In the exceptional cases in which it was not possible to made available the necessary documentation pursuant to the above terms, the Chair ensured that adequate presentation of the topics was provided by the Chief Executive Officer during the Board meetings and sufficient time was devoted to said presentation and following discussions. In any case, the Chair endeavoured to ensure that the necessary time was devoted to an effective discussion of the items on the Agenda during the meetings and promoted contributions from the Directors.

Communications during meetings and the resolutions taken by the Board are recorded as minutes in an ad hoc ledger and signed by the Chair of the meeting and the Secretary. The minutes also give proper account of any disagreements expressed by Directors on specific topics and their motivations. As soon as available, minutes are, as a rule, submitted to the Directors at the next available Board meeting and filed at the Chair, Board and Board Committees Secretariat Office, where they are available for consultation by Directors. Where envisaged under applicable laws and regulations, a copy of the minutes containing the resolutions taken by the Board is sent to the Supervisory Authority.

Duties

Pursuant to Clause 23 of the Articles of Association, matters reserved to the Board of Directors' responsibility include resolutions on general guidance of, as well as the adoption and amendment of, industrial, strategic and financial plans for the Company, as well as periodic monitoring of their implementation.

Moreover, in compliance with the Board and Board Committees Regulation, the Board shall have exclusive competence for:

determining general operational guidelines for the Group's growth policies preparatory to drafting strategic, industrial and financial multi-year plans also pursuing a sustainable success as integral component of the Group's business strategy and medium to long-term performance, as well as operating budgets for the Company and the Group, in addition to periodically reviewing whether these guidelines match corporate activities and external circumstances, adopting and amending such plans and checking that they are appropriately implemented;
establishing guidelines for the internal controls system consistent with the established strategic guidelines and risk appetite, and according to instructions issued by the Supervisory Authorities and applicable laws. On a yearly basis, the Board sets out and approves the Group Risk Appetite Framework consistent with the budget process timeline and definition of the financial plan and establishes policies to govern the risks to which the Group may be exposed, as well as risk targets and tolerance thresholds, reviewing them periodically to ensure that they remain effective over time. Furthermore, with regard to credit risk, the Board approves general guidelines for the risk mitigation technique management system;
approving the UniCredit organisational structure and corporate governance, to ensure a clear distinction of responsibilities and functions, as well as preventing conflict of interest, concerning the corporate structure and Group governance models and guidelines. Furthermore, the Board verifies that the UniCredit overall corporate governance and organizational structure is correctly implemented, promptly implementing corrective measures to tackle any shortcomings or inadequacies detected;
examining and approving transactions undertaken by the Company and Group companies which are significant from a strategic, economic, balance-sheet and financial perspective.

Pursuant to Section 136 of the TUB, resolutions concerning obligations of any kind or purchase or sale agreements implemented by the UniCredit corporate officers, directly or indirectly, with the same Bank fall within the Board of Directors' exclusive responsibility.

Following to the adoption of the one-tier management and control system, the Company has ruled the terms of periodic reporting by the delegated bodies to the Audit Committee, in accordance with the laws and the Articles of Association, concerning significant transactions, including those in which one or more Directors have an interest on their own behalf or on behalf of third parties.

* * *

The Board of Directors:

• continuously monitors general management performance, with special reference to conflict of interest management - also by analysing the information received from the delegated bodies and the Board Committees,

and periodically comparing results against targets - as well as assessing the adequacy of the organisational, administrative and general accounting structure of UniCredit and, also by issuing policies and guidelines, of all of its strategically-relevant subsidiaries, with special reference to the internal control and risk management system and the conflict-of-interest management, ensuring that the Bank's structure matches the activities it undertakes and the business model adopted, as well as avoiding the creation of complex structures unjustified by operational ends;

• ensures that main corporate risks are correctly identified and measured, managed and monitored adequately, taking into account how they evolve and interact and, furthermore, establishing criteria for the compatibility of such risks with the sound and prudent management of the Company.

In particular, the Board identified the following controlled companies as having strategic relevance: UniCredit Bank GmbH, and UniCredit Bank Austria AG.

The role played by the Chair of the Board of Directors

The Chair is responsible for ensuring that the corporate governance system functions effectively, also with regard to any aspects related to internal and external communications, serving as an interlocutor for the Audit Committee and the other Board Committees.

While remaining neutral, the Chair contributes to an effective flow of information within the Board of Directors and between the Board of Directors and the Committees thereof, promotes dialogue among executive and non-executive positions, seeking the active participation of non-executive members in the Board's proceedings so that the resolutions it reaches are the result of adequate debate and an informed and effective contribution from all of its members.

In particular, the Chair ensures that:

i) in good time, Directors are sent supporting documentation on the Board's deliberations or, at the very least, initial information on the issues under debate;
ii) supporting documentation and information on resolutions, in particular documents distributed to non-executive members, are adequate in terms of quantity and quality in regard to the items on the Agenda;
iii) when preparing the Agenda and chairing Board discussions, issues of strategic relevance are given priority, and that all necessary time is set aside for them;
iv) the Heads of the corporate control functions have direct access to the Board of Directors when necessary. To this end, meetings between the Chair and the Heads of the corporate control functions are organized on a regular basis;
v) opportunities may be arranged for all Directors to meet when necessary, also apart from Board meetings ("offsite"), in order to discuss any relevant matters, including strategic issues;
vi) the self-assessment process is undertaken effectively, its terms and conditions comply with the degree of complexity of the Board's work, and envisaged corrective measures are adopted to tackle any detected shortcomings;
vii) inclusion programs and training schemes are prepared and implemented for members of the Board of Directors;
viii) succession plans for senior management positions are prepared and implemented.

Moreover, the Chair manages relations with Shareholders and the Supervisory Authorities with regard to matters falling within his/her remit and activities as a liaison to the Board of Directors and Shareholders' Meeting, in agreement with the Chief Executive Officer.

In order to effectively carry out his/her duties, the Chair, who has a non-executive role and does not undertake operational functions, even in a de facto manner, maintains necessary and advisable relations with the Chief Executive Officer, has access to all company functions, may attend Board Committee and managerial Committee meetings, receives information, including on specific topics, regarding the management of the Company and the Group as well as on the general current and expected performance of the management itself.

Where absent or impeded, the Chair is replaced by the Vice Chair. Where both the Chair and Vice Chair are absent or impeded, the meeting is chaired by the oldest Director.

Self-assessment

On February 20, 2025, the Board of Directors closed the recurring self-assessment process focused on the adequacy of the Board and its Committees in terms of composition and functioning. The self-assessment process, focused on the first year of the 2024-2026 mandate, has been performed in accordance with the provisions of the Board and Board Committees Regulation, adopted in compliance with Supervisory Regulations on banks' corporate governance, and in line with the recommendations of Article 4 of the Italian Corporate Governance Code.

For the performance of the self-assessment process, UniCredit engaged Spencer Stuart, external consultant selected by the Chair of the Board, upon proposal of the Nomination Committee, also on the basis of the neutrality, impartiality and independence of judgement requirements provided by the Board and Board Committees Regulation. In 2024, Spencer Stuart had some other professional relationships with the UniCredit Group of such relevance unable to compromise its independence.

In compliance with the provisions of the Board and Board Committees Regulation, the self-evaluation process also covers:

qualitative and quantitative composition, size, degree of diversity, professional training, experience (including managerial), seniority in the present post, a guaranteed balance of non-executive and independent members, adequacy of the appointments processes and selection criteria, and ongoing professional development;
meeting sessions, frequency, duration, the degree and form of attendance, sufficient time available to dedicate to the assignment, a trust-based relationship, cooperation and interaction among members, awareness of the role covered, and the quality of debate on the Board.

With assistance from Spencer Stuart, the process has been broken down into the following stages:

examination: carried out in accordance with the provisions of the Board and Board Committees Regulation;
assessment of the outcome of the self-assessment process, in order to identify key characteristics, strengths and weaknesses that emerged, as well as to draw up a proposal for actions deemed appropriate;
drawing up of the process outcome summary document: results from the analysis were set out in an ad hoc document which illustrates, among others, the methodologies used, the individuals involved, and the results achieved, highlighting strengths and weaknesses, and any proposed necessary corrective action.

The 2024 Board review follows similar initiatives that have been conducted on an annual basis by the Board of Directors since the formal adoption of the 2006 Italian corporate governance code.

Directors were asked to give their views on the functioning of the Board, highlighting the main topics and issues that they consider significant strengths and/or areas of improvement.

The self-assessment process, carried out through on-line and anonymous questionnaires, was focused on a variety of topics concerning the composition and functioning of the Board of Directors and its Committees, with the aim of supporting Directors in identifying further areas in which to improve the Board of Directors' performance. In addition to the completion of said questionnaires by all Directors, the process has included one-to-one interviews with Spencer Stuart consultants during which the most important aspects highlighted by each Director were discussed. As part of the process, Spencer Stuart consultants also attended Board and Board Committee meetings as silent observers and analysed relevant documentation.

In particular, the questionnaires and the interviews included different sections aimed at verifying:

the progress against the recommendations from the 2023 Board review and the mitigation plan put in place;
the Board and Committee size and composition;

the organization and conduct of Board and Committee meetings, with particular regard to the thoroughness and promptness of the information flows and to the support provided by the Secretariat of the Board of Directors and by the top management;
the role and responsibility of Directors, with a specific focus on the Chair and the Chief Executive Officer;
the dynamic of the Board and Committee discussions and the decision-making processes followed, in light of individual Directors' styles overall Board culture;
the effectiveness of the Board of Directors on key issues, such as, among others, the definition of corporate strategies, the internal control and risks management system, sustainability, etc.;
the Committee's functioning and the effectiveness of their activities in supporting the Board of Directors.

The first year of the 2024-2026 mandate has taken place against the backdrop of strong business performance and of a particularly important and eventful year for UniCredit, characterized by significant challenges and complexities which affected the Board and Committees activities in the first year of the team working together, including the Board renewal, the change in governance with the adoption of the one-tier model, the change in Committees and the impact of geopolitical challenges and M&A activities.

The results of the Board review for the 2024 highlight a positive overall picture of the conduct of UniCredit's Board of Directors and its Committees, demonstrating that these bodies operate effectively, in accordance with the best national and international corporate governance practices.

The following strengths arise from the analysis prepared by the advisor:

(i) UniCredit's Board is high caliber, with a solid structure and composition;
(ii) Board leadership is very strong, driven by a pragmatic Chair, a strong visionary and courageous Chief Executive Officer, and effective Committee Chairs;
(iii) Board documentation is detailed and of exceptional quality;
(iv) the Board is well prepared and able to constructively challenge management;
(v) the Board exercises strong oversight of the agreed strategic direction and clear supervisory of risk and internal controls.

The analysis carried out by the advisor also revealed some areas for improvement in order to make the Board of Directors' actions even more effective:

(i) clarify the role of the Deputy Vice Chair, also taking into account the period characterized by significant challenges and complexities;
(ii) clarify the operating model of the Audit and Risk Committees within the one-tier corporate governance system, to ensure that joint sessions are used appropriately to avoid duplication;
(iii) ensure that succession planning is prioritized, including regular updates to the Board;
(iv) schedule an off-site Strategy day to focus on long-term strategy;
(v) improve the Board documentation timeliness.

Competitive business

At the Shareholders' Meeting held on April 12, 2024, when the Board of Directors was undergoing renewal, no request of general and prior authorisation was submitted regarding the exercise of competing business by Board members, pursuant to Article 2390 of the Italian Civil Code.

No relevant cases pursuant to this Article emerged during the Board's assessments of the requirements envisaged by law for Directors appointed by the above-mentioned Shareholders' Meeting.

Furthermore, while it is up to each Director to report any such situation arising pursuant to Article 2390 of the Italian Civil Code, the Board of Directors was not required to assess the merits of any situations during the Reference Period.

4.4 Executive Directors

Chief Executive Officers

The empowerment (and disempowerment) of Directors is the Board's responsibility. It is the Board that sets out the subject matter, limits and performance criteria for delegation of powers.

The only Board member with managerial powers is the Chief Executive Officer, Mr. Andrea Orcel, to whom the Board of Directors granted powers, within pre-defined limits and also with the faculty to sub-delegate them, across all sectors of Bank business.

For information on what powers have been granted, please consult the "Managerial powers" to this Report.

Chair of the Board of Directors

The Chair has not been granted authorities for the management of the Company or power for the design of the corporate strategies and does not undertake operational functions, not even in a de facto manner, and therefore does not fulfil any executive role. The Chair does not hold a relevant share of the Company equity.

Other executive Directors

None of the Directors who sit on the UniCredit Board of Directors - besides the Chief Executive Officer - can be defined as executive pursuant to the Italian Corporate Governance Code's recommendations.

Reporting to the Board

Information flows among and within the corporate bodies is a prerequisite for achieving managerial efficiency and effective control objectives.

UniCredit has procedures to ensure suitable qualitative and quantitative information flows among its corporate bodies, in line with the applicable provisions. The Board and Board Committees Regulation identifies a list of parties required to dispatch information flows on a regular basis to corporate bodies, including an illustration of minimum content and the timing of the main flows.

In particular, in the exercise of all the proposal and decision-making powers and/or power to submit information to the Board of Directors, the Chief Executive Officer was the recipient of the information flows that Bank structures address to the body with supervisory functions, in compliance with the legal and regulatory provisions in force at the time.

Furthermore, the Chief Executive Officer, having been empowered by the Board to carry out activities the Company may undertake pursuant to Clause 4 of the Articles of Association, has provided the Board of Directors - with the methods and timeframe established - with adequate information flows on the exercise of delegated powers, specifically highlighting any relevant associated risk, according to the terms and conditions defined by the Board itself. Information on such powers is contained in the "Managerial powers" Annex to this Report.

4.5 Independent Directors

In compliance with the provisions in force from time to time as well as in line with the criteria envisaged under the Italian Corporate Governance Code, the independence of non-executive Directors, included the members of the Audit Committee, shall be assessed by the Board of Directors upon their appointment, as well as during the mandate upon the occurrence of circumstances concerning their independence and, in any case, at least once a year, on the basis of information provided by the Directors themselves or however available to the Company, also considering any circumstance that affects or could affect such requirement, as well as the outcomes of the evaluation carried out by the Audit Committee (as body charged with control functions) with reference to its members.

The outcome of these Board assessments shall be disclosed to the market after the appointment, through a press release and, subsequently, via the Corporate Governance Report.

Since several years UniCredit deploys a structured process for gathering and analysing the information on the existence of direct or indirect relationships (credit, business/professional and employee relationships, as well as significant offices held) that Directors and other connected subjects may have with UniCredit and Group companies. Said process complies with the assessment criteria identified by the Company for an overall evaluation of both objective and subjective aspects concerning any relevant relationship and is also based on quantitative parameters defined in monetary terms.

The Nomination Committee and the Board of Directors assessed with a positive outcome the independence requirements of the Directors based on the declarations made by the concerned parties and on information available to the Company. In 2024, the Board ascertained the Directors' independence requirements during the evaluation carried out for the renewal of the Board in its meeting held on May 6, 2024, following the evaluation carried out by the body charged with control function for the perimeter under its remit.

With specific reference to the independence requirements laid down by the Italian Corporate Governance Code, the information contemplated therein was taken into account, including the information relating to the existence of direct or indirect relationships (credit, business/professional and employee relationships, as well as significant offices held) that Directors and their other connected subjects may have with UniCredit and Group Companies.

In order to assess the potential significance of these relationships, the Board decided to consider not only predefined economic thresholds, which - if exceeded - could "automatically" indicate that the independence was compromised, but to make an overall evaluation of both objective and subjective aspects. Therefore, the following criteria were taken into account: (i) the nature and characteristics of the relationship; (ii) the amount in absolute and relative terms of the transactions; and (iii) the subjective profile of the relationship.

More specifically, for the purposes of assessing the significance of such relationship, the Board considered the following information, where available:

for credit relationships, the amount in absolute value of the credit granted, its weighting in relation to the system and, where appropriate, the economic and financial situation of the borrower;
for business/professional relationships, the nature of the transaction/relationship, the amount of the consideration and, where appropriate, the economic and financial situation of the counterparty;
for offices held in Group companies, the total amount of any additional remuneration.

The above-mentioned criteria and information were also taken into due consideration in assessing the independence of the Chair, designated to said role and qualified as independent candidate within the slate presented by the outgoing Board of Directors.

In all the above cases, all the parties involved (Director or family member; UniCredit or Group Company) and, for relationships with companies/entities, the nature of the "connection" (post held/controlling interest) with the Director or the family member, were taken into account.

Also in view of the above, at its May 6, 2024, meeting, the Board of Directors checked that non-executive Directors met the independence requirements. In particular, with regard to Directors whose information acquired highlighted the existence of such relationships, the Board came to the conclusion that they were not of a nature such as to affect the Director's independence.

Within said evaluation credit relations with UniCredit and/or Group companies have been identified - and evaluated as being not significant on the basis of the above-mentioned adopted criteria - for the Chair Mr. Padoan, the Deputy Vice Chair Ms. Carletti and Directors Ms. Bergamaschi, Mr. Cariello, Mr. Hedberg, Ms. Pierdicchi, Mr. Rigotti and Mr. Villa and relations of a business/professional nature with UniCredit and/or Group Companies for Director Mr. Villa.

In detail:

Chair Mr. Pietro Carlo Padoan has direct and indirect credit relations of family members;
Deputy Vice Chair Ms. Elena Carletti has direct and indirect credit relations of family members of low amount;
Director Ms. Paola Bergamaschi has indirect credit relations of family members;
Director Mr. Vincenzo Cariello has indirect credit relations of family members of low amount;
Director Mr. Jeffrey Alan Hedberg has direct credit relations of low amount;
Director Ms. Maria Pierdicchi has indirect credit relations of family members of low amount;
Director Mr. Marco Giuseppe Maria Rigotti has direct and indirect credit relations of family members of low amount;
Director Mr. Gabriele Villa has indirect credit relations of family members of low amount and relations of a professional nature of family members.

With reference to the Board of Directors' composition at the Report's approval date, the number of independent Directors as defined in the Italian Corporate Governance Code provisions is equal to 13. The overall outcome of the assessments is stated below:

"Independent" Directors pursuant to the criteria envisaged under Section 2, recommendation 7, of the Code:

Ms. Bergamaschi, Mr. Cariello, Ms. Carletti, Mr. Domingues, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Padoan, Ms. Pierdicchi and Ms. Tondi.

"Independent" Directors pursuant to the criteria envisaged under Section 2, recommendations 7 and 9, of the Code:

Ms. Camagni, Ms. Galbo, Mr. Rigotti and Mr. Villa.

"Independent" Directors pursuant Section 148 of the TUF and of the Italian Civile Code, as well as to Section 26 of the TUB and the Decree issued by the Ministry of Economics and Finance no. 169/2020: Ms. Bergamaschi, Ms. Camagni, Mr. Cariello, Ms. Carletti, Mr. Domingues, Ms. Galbo, Mr. Hedberg, Ms. Lara Bartolomé, Mr. Padoan, Ms. Pierdicchi, Mr. Rigotti, Ms. Tondi and Mr. Villa.

Also in line with the February 2024 theoretical profile of the Board, the number of the independent Directors according to the Italian Corporate Governance Code, the TUB, as well as to the TUF and the Italian Civil Code, respectively equal to 93% of the body's members, is deemed to be suitable both for the Company's needs, also in terms of the functioning of the Board of Directors and its Committees, and for an effective discussion within the body.

Independent Directors' meeting

Independent Directors meet, without the other Directors, at least once a year and, in any case, when requested by one independent Director, in order to assess matters deemed of interest, including those related to the functioning of the Board of Directors and to the corporate management. All the independent Directors shall strive to be present at such meetings. The general rules applicable to the notice of calling of the meetings of the Board of Directors shall apply to the calling of such meetings,

An independent Director - designated to such end - coordinates the meetings and promotes the debate on the relevant topics discussed. The meetings of the independent Directors do not determine the taking of any decision.

In 2024, as a rule, a meeting among independent Directors was held following each Board of Directors' meeting. The topics discussed during these meetings concern in-depth issues deemed of interest, as well as topics relating to the functioning of the Board of Directors and the relation between the Board and the management. All the nonexecutive Directors, other than the Chief Executive Officer, had been invited to such meetings.

Furthermore, on November 6, 2024, a meeting of the Independent Directors was held focusing in-dept discussion on the Board effectiveness.

4.6 Lead Independent Director

The UniCredit Board of Directors has not so far designated an independent Director as Lead Independent Director, considering that the conditions set forth by the Italian Corporate Governance Code for his/her appointment do not pertain:

(i) where the chair of the board of directors is the person in charge of managing the company (i.e., the chief executive officer) or holds significant managerial powers;
(ii) where the office of chair is held by the person controlling, also jointly, the company;
(iii) where requested by the majority of independent directors.

5. Audit Committee

Appointment and composition

Pursuant to the UniCredit Articles of Association, the Audit Committee, appointed by the Shareholders' Meeting within the Board of Directors, is composed of at least three, and, in any case, no more than five, Directors, who serve for the term of the Board of Directors in which they were appointed. The number of members of the Audit Committee is established by the Shareholders' Meeting.

The UniCredit Articles of Association envisage that a member of the Audit Committee, or two members, if the Audit Committee is composed of five Directors, shall be appointed from minorities. The Chair of the Audit Committee is appointed by the Shareholders' Meeting among the Directors elected by the minorities.

The members of the Audit Committee (i) must all be independent directors, (ii) must meet the requirements set forth by the applicable laws and regulations, as well as those established under the Articles of Association, and (iii) may hold positions as director or statutory auditor in other companies within the limits provided by the laws and regulations. They shall not hold posts at bodies other than those with controlling functions at other companies belonging to the UniCredit Group or in companies in which UniCredit holds, even indirectly, a strategic shareholding.

With reference to the meeting of the experience requirements, at least one of the members of the Audit Committee, or at least two, if the Committee is composed of more than three members, must be enrolled with the Legal Auditors Register and must have practiced legal auditing of accounts for a period of no less than three years.

With regard to the Company's activities, the members who are not enrolled with the Legal Auditors Register must have at least three years' overall experience in the exercise, also alternatively, of the specific activities recalled in Clause 20, paragraph 2, of the Company's Articles of Association.

The Chair of the Audit Committee must be enrolled with the Legal Auditors Register and must have practiced legal auditing of accounts for a period of not less than five years, or must have at least five years' overall experience in the exercise, also alternatively, of the specific activities provided under current provisions.

Pursuant to the Italian Corporate Governance Code it is also established that all members of the Audit Committee must be independent, meaning they do not have, nor have recently had, not even indirectly, with the Company or subjects related to it, relations able to influence their independence of mind.

The ordinary Shareholders' Meeting held on April 12, 2024, set at four the number of the members of the Audit Committee and appointed its members, on the basis of a slate voting mechanism ("voto di lista"), for the financial years 2024-2026, whose term runs until the date of the Shareholders' Meeting called to approve the 2026 financial statements.

Their appointment took place pursuant to Clause 20 of the Articles of Association and in accordance with applicable laws and regulatory provisions. For information on the appointment process, please refer to the previous Section 4, "Board of Directors" (4.2, Composition).

In particular, the Shareholders' Meeting held on April 12, 2024, appointed the members of the Audit Committee within the Board of Directors, as follows:

• from Slate no. 1, submitted by the outgoing Board of Directors, which obtained the majority of Shareholders' votes, Ms. Paola Camagni, Ms. Julie Birgitte Galbo and Mr. Gabriele Villa;

• from Slate no. 2, submitted by several institutional investors, which obtained the minority of Shareholders' votes, Mr. Marco Giuseppe Maria Rigotti (Chair of the Audit Committee).

Moreover, the Shareholders' Meeting resolved on the annual remuneration to which members of corporate bodies are entitled to for the entire term of their office, taking also into account the commitment required for its members.

Without prejudice to the fulfilment of the requirements established under the applicable provisions, the Audit Committee's composition resulting from the appointment process, also on the basis of the declarations provided by the concerned parties, qualitatively corresponded to the February 2024 theoretical profile and was also suitable according to the applicable provisions.

In particular, with reference to the Audit Committee composition:

three members are enrolled with the Legal Auditors Register and have practiced legal auditing of accounts according to the applicable provisions;
all members meet the independence requirements provided by the Legislative Decree no. 58/1998 and the Italian Civil Code, the Ministry of Economy and Finance Decree no. 169/2020, as well as the Italian Corporate Governance Code (with a quota equal to 100%);
its composition presents an adequate diversity in terms of gender (with a quota equal to 50% of women and a ratio of female to male equal to 1), and geographical mix (25% of its members comes from countries other than Italy);
all members have skills in legal, regulatory, AML and compliance, in risk and control as well as in accounting and audit (with a quota equal to 100%). Furthermore, 50% have skills in Sustainability (ESG).

With reference to the time commitment recommended for an appropriate attendance to the meetings of the Board and Board Committees, the members of the Audit Committee declared their ability to commit sufficient time to duly perform their functions in the Company.

As at February 20, 2025, the Audit Committee has the following composition. The table footnotes also show the composition of the Board of Statutory Auditors prior to the adoption of the one-tier model and the relevant percentages of attendance at its meetings.

Directors making up the Audit Committee	Position/Status	In office since	In office until	Slate (M/m) **	% ***
Rigotti Marco Giuseppe Maria	Chair of the Audit Committee – non-executive and independent as per	12-04-2024	Approval of 2026 financial	m	100%
	Code, TUB and TUF		statements
	Member of the Audit Committee –		Approval of
Camagni Paola	non- executive and independent as per	12-04-2024	2026 financial	M	100%
	Code, TUB and TUF		statements
	Member of the Audit Committee –		Approval of
Galbo Julie Birgitte	non-executive and independent as per Code,	12-04-2024	2026 financial	M	100%
	TUB and TUF		statements
	Member of the Audit Committee –		Approval of
Villa Gabriele	non-executive and independent as per Code,	12-04-2024	2026 financial	M	100%
	TUB and TUF		statements
----- Members who left during the Reference Period ----
--
Quorum required for submission of slates for the latest appointment: 0.5%
No. of meetings held during the Reference Period: 27

NOTE

* M = Member elected from the slate that obtained the majority of Shareholders' votes
m = Member elected from the slate voted for by the Shareholders' minority
** Meetings attendance percentage (number of meetings attended/number of meetings held during the concerned party's term of office over the Reference Period)

Board of Statutory Auditors in office as at the date of the adoption of the one-tier model and relevant meeting's attendance percentage: Mr. Marco Giuseppe Maria Rigotti (Chair, 100%); Permanent Statutory Auditors Mr. Claudio Cacciamani (100%), Ms. Benedetta Navarra (91%), Mr. Guido Paolucci (100%); Ms. Antonella Bientinesi (95%).

As members of the body charged with control functions of a company with listed shares, Committee members are also subject to the rules on the limitation of directorships laid down in Section 148-bis of the Legislative Decree no.58/1998 and the related implementing regulations: these rules set out the limits and parameters to be applied to determine the limit on the number of offices held, as well as the manner and deadline of the disclosure to CONSOB and the public.

For any further details on the composition of the Audit Committee and each member' personal and professional characteristics, please refer to the information published on the UniCredit website¹¹ . With regard to the requirements the UniCredit members of the Audit Committee must meet, in addition to those envisaged under applicable laws and regulatory provisions, as well as under the Articles of Association, please refer to the Directors' theoretical profile published on the Company's website.

The following chart shows the birth year and seniority in office since their first appointment of current members of the Audit Committee at the Report's approval date.

Member of the Audit Committee	Birth date	First appointment date
Rigotti Marco Giuseppe Maria	1967	April 2019*
Camagni Paola	1970	April 2024
Galbo Julie Birgitte	1971	April 2024
Villa Gabriele	1964	May 2024

(*) Mr. Rigotti was the Chair of the UniCredit Board of Statutory Auditors from April 2019 up to April 2024.

* * *

The following chart highlights the means of attendance of the members of the Audit Committee (in office as at December 31, 2024) at meetings held during 2024. The attendance to the meetings was allowed both in person and remotely.

¹¹ The UniCredit website address where the information concerning the members of the Audit Committee is available is:

https://www.unicreditgroup.eu/en/governance/governance-bodies/audit-committee.html

	2024
Audit Committee	Meetings	Attendance	%	Means of attendance
				physical	by teleconference	via phone
Rigotti Marco Giuseppe Maria	20	20	100%	20
Camagni Paola	20	20	100%	20
Galbo Julie Birgitte	20	20	100%	12	8
Villa Gabriele	20	20	100%	16	4
average attendance	80	80	100%	68	12

Roles and Responsibilities

The Audit Committee performs the duties and functions set out by the applicable provisions, and the additional ones set forth by the Board and Board Committees Regulation adopted by the company's Board of Directors pursuant to the Articles of Association.

In particular, such duties include the responsibility for overseeing (i) the adequacy of the organizational and accounting set-up adopted by the Company, (ii) the completeness, adequacy, functionality, and reliability of the business continuity plan, (iii) the completeness, adequacy, functioning and reliability of the overall internal controls system and its compliance with the relevant rules; (iv) the compliance with laws, regulations and the Articles of Association, as well as the proper management, (v) the external auditing of the accounts and the consolidated accounts, the independence of the external audit firm and the financial and non-financial information process; (iv) the concrete implementation means of the corporate governance rules established in the codes of conduct drafted by companies managing regulated markets or by associations, which the Company, through public disclosure, declares to adhere to.

The Audit Committee tightly works with its corresponding bodies in the Group's subsidiaries and verifies that UniCredit correctly exercises the strategic and managing control activities on Group companies. Additionally, it carries out checks on foreign branches, in accordance with the provisions issued by Banca d'Italia and in line with the risks taken by the same branches.

In agreement with the Chair, the Audit Committee members can, also individually, request the bodies charged with management and control functions of the subsidiaries to receive information on the performance of corporate transactions or on specific activities carried out by the companies.

The Audit Committee investigates the causes of, and remedies to, management irregularities, performance anomalies, and shortcomings in the organizational and accounting structures, requesting the adoption of appropriate remediation plans and corrective measures. In order to perform its tasks, and in particular to fulfill its obligation to promptly inform Banca d'Italia, and where provided, other Supervisory Authorities on detected irregularities, in the management of the bank or violations of the law the Audit Committee is vested with all the powers provided for by the laws and regulations in force and, in particular, its members may proceed at any time, even individually, to acts of inspection and control. The Audit Committee, to perform its functions, can avail itself of corporate structures and functions.

The Audit Committee presents to the Shareholders' Meeting (called upon to approve the annual financial statements) a report on the supervisory activity performed, and on omissions and censurable facts detected.

Functioning

The Audit Committee has full autonomy in the organization of its functioning and in performing its activities.

The Chair of the Audit Committee performs the duties envisaged by the regulations of Banca d'Italia, including guaranteeing the effectiveness of the debate among its members, and ensuring that the resolutions are the result of adequate and informed contribution of its members.

Committee meetings are convened by the Chair with a frequency adequate to the fulfillment of Committee tasks and plan of activities and whenever events or circumstances reasonably require a meeting to be called upon.

A notice calling the meeting must be sent out to all members of the Committee called upon at least three days before the meeting, unless the situation is an emergency, or the circumstances reasonably require that a meeting is immediately called upon. To ensure informed and effective participation, the notice must also include the Agenda, unless special confidentiality-related precautions apply. The Chair is responsible for the proper prioritization of the items in the Agenda consistently with their relevance and ensures that those having strategic relevance are discussed with priority, and that all necessary time is devoted to them. The attendees to the meeting receive notice as well reasonably in advance and are informed about the item(s) on the Agenda that they are expected to report on or discuss.

The Audit Committee is properly formed when the majority of its members are present, with resolutions being carried as per the outright majority of votes cast by those present. In the event of a tie, the vote of the Chair shall prevail.

If the Chair of the Audit Committee deems it appropriate, meetings of the Committee may be held by means of telecommunication, provided that each of the attendees may be identified by all the others and that each of the attendees is in a position to intervene in real time during the discussion of the topics being examined, as well as receive, transmit and view documents.

The general provisions on the functioning of the Board Committees provided by the Board and Board Committees Regulation apply to the Audit Committee, as amended or supplemented by the following special provisions:

Audit Committees meets as a rule at least every month;
minutes of the meetings are prepared by the secretary, signed by the Chair and by all the members attending the meeting (instead of being signed by Chair and Secretary) and archived in a dedicated ledger;
a copy of the minutes of the Audit Committee is sent to the Supervisory Authority where required by laws and regulation or if the Committee is compelled to do so by an order or instruction issued by said Authority.

In line with the Italian Corporate Governance Code recommendation, Audit Committee member(s) can attend the meetings of any other Committee.

In performing its duties, the Audit Committee constantly coordinates its activities with the Internal Audit function and the External Auditing firm.

Activities performed

In 2024, starting from its appointment, the Audit Committee held 20 meetings lasting on average approximately three hours and twenty-five minutes in ordinary session and seven meetings as Supervisory Body 231.

For the 2025 financial year, 40 meetings of the Audit Committee, of which 11 as 231 Supervisory Body. As at February 20, 2025, 7 meetings have been held.

With reference to the independence requirements, the Audit Committee, as body charged with control function, shall assess the independence of its members, in compliance with the provisions in force from time to time as well as in line with the criteria envisaged under the Italian Corporate Governance Code. Such assessment is carried out upon their appointment, as well as during the mandate upon the occurrence of circumstances concerning their independence and, in any case, at least once a year, on the basis of information provided by the concerned parties or however available to the Company, also considering any circumstance that affects or could affect such requirement.

The Audit Committee checked the compliance with the independence requirements for the Directors making up the Audit Committee upon the appointment of its members during its meeting held on May 6, 2024, based on the declaration made by the concerned parties and on information available to the Company.

With specific reference to the independence requirements laid down by the Italian Corporate Governance Code, the information contemplated therein was taken into account, including the information relating to the existence of direct or indirect relationships (credit, business/professional and employee relationships, as well as significant offices held) that the Directors making up the Audit Committee, and their other connected subjects, may have with UniCredit and Group Companies.

More specifically, the assessment of the potential significance of such relationships, was carried out on the basis of the criteria adopted by the Board of Directors, to which reference is made (see previous Section 4.5. Independent Directors).

Also in view of the above, at its May 6, 2024, meeting, the Audit Committee checked that its members comply with the independence requirements. In particular, with regard to the members whose information acquired highlighted the existence of such relationships, the Audit Committee came to the conclusion that they were not of a nature such as to affect their independence. The results of the evaluation carried out by the Committee were shared with the Board of Director, so that it could take them into consideration under its overall assessment of the independence requirements of all the Board's members.

For further information on the Committee's activities performed, please also refer to the 'Report of the Audit Committee to the Shareholders' Meeting of March 27, 2025, prepared according to Section 153, paragraph 1, of Legislative Decree no. 58/1998.

6. Other Board of Directors' Committees

With the exception of the Audit Committee, which is inherent to the one-tier model adopted by the Company and is appointed by the Shareholders' Meeting, the Board of Directors, in order to better assess the topics under its remit, also in line with the provisions of the Code, has established five Committees, vested with research, advisory and proposal-making powers and competent in different areas, according to the applicable provisions: the Governance and Sustainability Committee, the Risk Committee, the Nomination Committee, the Remuneration Committee and the Related-Parties Committee. Their duties are carried out in accordance with the rules set by the Board.

The Committees consist, as a rule, of three up to five members. The members of each Committee, and among them the Chair, are appointed and dismissed by the Board of Directors. The term in office of Committee members is the same as that of the Board of Directors.

The Committee members must have the necessary knowledge, skills and experience to perform the roles, duties and tasks assigned to them and ensure that any other corporate positions they hold in other companies or entities (including non-Italian ones) are compatible with their availability and commitment to serve as a Committee member.

Considering the size of the Board of Directors and the number of independent members of the Board, the Board ensured that Committees are not composed of the same group of members that forms another committee.

In particular, the Risk Committee, the Nomination Committee and the Remuneration Committee are composed of non-executives Directors and predominantly by independent Directors; the Related-Parties Committee is composed only by independent Directors within the meaning of the Italian Corporate Governance Code. Such Committees must be differentiated from each other by at least one member and, if a Director appointed by the minorities is present among Board members, that Director is a member of at least one Committee. The Chair of each Committee shall be chosen from the independent members.

The Board of Directors does not have under its remit any of the functions which are assigned to the specialist Committees on appointments, risks and remuneration in the Code. Committee functions have been allocated among the various Committees consistently with the Code's provisions. None of these Committees performs multiple functions pertaining to two or more committees as envisaged under the Code.

The Committee's tasks are coordinated by the Chair, who exercises all necessary powers for the proper functioning of the Committee. Each Committee draws up an annual plan of activities to ensure the fulfilment of its tasks. Committee meetings are convened by the Chair with a frequency adequate to the fulfilment of Committee tasks and plan of activities and whenever events or circumstances reasonably require a meeting to be called upon.

A notice calling the meeting of each Committee must be sent out to all members of the Committee called upon at least three days before the meeting, unless the situation is an emergency, or the circumstances reasonably require that a meeting is immediately called upon. To ensure informed and effective participation, the notice must also include the Agenda, unless special confidentiality-related precautions apply. The Chair is responsible for the proper prioritization of the items in the Agenda consistently with their relevance and ensures that those having strategic relevance are discussed with priority, and that all necessary time is devoted to them. Notice calling the meeting of any Committee is also sent to the Chair of the Audit Committee to enhance the information gathering and the effectiveness of the performance of control duties entrusted to it (including by enabling its attendance to the meetings).

With reference to the Related-Parties Committee's meetings, only in case of urgency, e.g., in specific cases dealing with transactions falling into the decision-making powers of the Board of Directors scheduled to take place promptly after the Related-Parties Committee meeting, a meeting may be called upon serving at least twelve-hour notice thereof.

Committee meetings are valid if attended by the majority of their members and their resolutions are taken with a majority of votes cast by those attending. Should the Chair be absent or impeded from attending, the meeting shall be chaired by the oldest Committee member. If the Chair of the Committee deems it appropriate, meetings of the Committee may be held by means of telecommunication, provided that each of the attendees may be identified by all the others and is in a position to intervene in real time during the discussion of the topics being examined, as well as receive, transmit and view documents.

Each Committee, on proposal of its Chair, appoints a secretary who may or may not be a member of the Committee. The Secretary supports the Chair in the preparation of the Committee meetings and drafting of the minutes.

The minutes fairly reflect the discussions and conclusions occurred during the meetings, including questions and disagreements expressed by Committee members on specific topics and their motivations. Minutes of the meeting (along with materials attached thereto, if any) are available for consultation by any of the Committee members and by any member of the Audit Committee.

With reference to the composition of the Board Committees, on April 12, 2024, the Board of Directors, appointed by the Shareholders' Meeting held on the same date, set the number of members of each Committee and appointed members to them, taking into account, inter alia, each Director's expertise and experience. More specifically, the Board set:

at four the number of members of the Governance and Sustainability Committee and of the Risk Committee, appointing the following Directors as respective members:
- ➢ Mr. Pietro Carlo Padoan (Chair), Ms. Elena Carletti, Mr. Vincenzo Cariello and Mr. Jeffrey Alan Hedberg;
- ➢ Ms. Elena Carletti (Chair), Ms. Paola Bergamaschi, Mr. Marcus Johannes Chromik and Mr. Marco Giuseppe Maria Rigotti;
at three the number of the members of the Nomination Committee, the Remuneration Committee and of the Related-Parties Committee, appointing the following Directors as respective members:
- ➢ Mr. Jeffrey Alan Hedberg (Chair), Ms. Beatriz Ángela Lara Bartolomé and Mr. António Domingues;
- ➢ Mr. António Domingues (Chair), Ms. Paola Bergamaschi and Ms. Maria Pierdicchi;
- ➢ Ms. Maria Pierdicchi (Chair), Mr. Vincenzo Cariello and Ms. Francesca Tondi.

Following the resignation of the Director Mr. Marcus Johannes Chromik, the Board of Directors appointed Ms. Francesca Tondi as member of the Risk Committee in its meeting held on January 28, 2025.

The following chart shows Committees composition at the Report's approval date, and any changes that occurred during the 2024 financial year, following the adoption of the one-tier management and control system. The table footnotes also show the composition of the Board Committees prior to the adoption of the one-tier model and the relevant percentages of attendance at their meetings.

OTHER BOARD OF DIRECTORS' COMMITTEES			Governance and Sustainability Committee		Risk Committee		Nomination Committee	Remuneration Committee		Related-Parties Committee
Members	Position/Status	*	**	*	**	*	**	*	**	*	**
Padoan Pietro Carlo	Chair of the Board of Directors – Non-executive and independent as per Code, TUB and TUF	C	100%
Carletti Elena	Deputy Vice Chair – Non-executive and independent as per Code, TUB and TUF	M	100%	C	100%
Orcel Andrea	Chief Executive Officer – executive
Bergamaschi Paola	Director – non-executive and independent as per Code, TUB and TUF			M	100%			M	100%
Camagni Paola	Director and member of the Audit Committee – non-executive and independent as per Code, TUB and TUF
Cariello Vincenzo	Director – non-executive and independent as per Code, TUB and TUF	M	100%							M	100%
Domingues António	Director – non-executive and independent as per Code, TUB and TUF					M	100%	C	100%
Galbo Julie Birgitte	Director and member of the Audit Committee – non-executive and independent as per Code, TUB and TUF
Hedberg Jeffrey Alan	Director – non-executive and independent as per Code, TUB and TUF	M	100%			C	100%
Lara Bartolomé Beatriz Ángela	Director – non-executive and independent as per Code, TUB and TUF					M	100%
Pierdicchi Maria	Director – non-executive and independent as per Code, TUB and TUF							M	100%	C	100%

No. of meetings held during the Reference Period			RiskC: 13 NC: 9
	TUB and TUF
Johannes	independent as per Code,	M (2)		76.92%
Chromik Marcus	non-executive and
	Director –
		----- Members who left during the Reference Period -----
	TUB and TUF
	independent as per Code,
Villa Gabriele	non-executive and
	Audit Committee –
	Director and member of the
	TUB and TUF
Tondi Francesca	independent as per Code,		M(1)	--	M	92.31%
	non-executive and
	Director –
	TUB and TUF
Giuseppe Maria	independent as per Code,
Rigotti Marco	non-executive and	M	100%
	Audit Committee –
	Director and Chair of the

Note:

* A "C" (Chair) or an "M" (Member) in this column shows that the member of the Board of Directors belongs to the Committee and also indicates his/her position

** Meetings' attendance percentage (number of meetings attended/number of meetings held during the concerned party's term of office with regard to the Reference Period)

(1) Office held since January 28, 2025

(2) Office held until December 11, 2024

Composition of the Committees until April 12, 2024 (traditional model) - number of meetings carried out from January 1 to April 12, 2024, and relevant attendance percentage:

Internal Controls & Risks Committee (no. 8 meetings): Ms. Elena Carletti (Chair, 100%), Mr. Pietro Carlo Padoan (100%), Ms. Francesca Tondi (100%) and Mr. Alexander Wolfgring (100%);
Corporate Governance & Nomination Committee(no. 3 meetings): Mr. Lamberto Andreotti (Chair, 100%), Ms. Maria Pierdicchi (100%) and Mr. Alexander Wolfgring (100%);
ESG Committee (no. 3 meetings): Ms. Francesca Tondi (Chair, 100%), Mr. Jeffrey Alan Hedberg (100%) and Ms. Beatriz Ángela Lara Bartolomé (100%);
Remuneration Committee (no. 6 meetings): Mr. Jeffrey Alan Hedberg (Chair, 100%), Mr. Luca Molinari (83.33%) and Ms. Renate Wagner (83.33%)
Related-Parties Committee (no. 3 meetings): Ms. Maria Pierdicchi (Chair, 100%), Mr. Vincenzo Cariello (100%) and Ms. Elena Carletti (100%).

Upon invitation of Committee Chairs, or as provided for in the Board and Board Committees Regulation and upon prior information to the CEO, persons other than its members may attend Committee meetings. Attendees include without being limited to managers of the corporate functions of the Company and of the other entities belonging to the Group that are competent on the matters on the Agenda of the meeting or persons appointed in the corporate bodies of said entities.

If the Committee has availed of an external expert, then said expert can be invited by the Chair of the Committee to attend the meeting(s) when the matter in scope of his/her engagement is discussed, subject to adequate confidentiality undertakings by said expert with respect to the discussion partaken and any content related thereto (in whatever form it becomes known to him/her).

In line with the Italian Corporate Governance Code recommendation, Audit Committee member(s) can attend meetings of any other Committee.

During the Reference Period, the spending requirements of the Board Committees were met by an ad hoc budget. In fact, in order to perform their duties, Board Committees have access to the financial resources necessary to guarantee their operational independence and, within the limitations of the budget approved by the Board of Directors, may consult external experts. In the event of specific requirements, the relevant budget may be supplemented.

Appropriate qualitative and quantitative information flows from and to the Committees, and interactions of the Committees among each other and with the Board of Directors, the management and the competent functions of the Company are established to enable their proper functioning consistently with their scope, as envisaged by applicable laws and regulations.

Committees may liaise among each other as appropriate to ensure a better performance of their functions and a more effective coordination and exchange of information. To this end, Committees may also hold joint meetings on topics of common interest, when deemed necessary and if agreed by the Chairs of the Committees involved.

The Chair of each Committee reported to the Board of Directors on the activities carried out during Committee meetings at the first available Board meeting, as well as whenever requested to do so by the Board of Directors or by applicable laws and regulations, with the support of specific documentation. The Chair of each Committee also reported to the Board the opinions that the Committee he/she chairs provided pursuant to laws and regulations.

Board Committees' functions and competencies are set out in the UniCredit Board and Board Committees Regulation as resolved by the Board¹² . For information on Board Committees composition, please refer to the UniCredit website¹³ .

* * *

The following charts highlight the means of attendance of the other Board Committees members (in office as at December 31, 2024) at meetings held during 2024. The attendance to the meetings was allowed both in person and remotely.

	2024
Governance and Sustainability		Attendance	%	Means of attendance
Committee	Meetings			physical	by teleconference	via phone
Pietro Carlo Padoan (Chair)	5	5	100	1	4
Carletti Elena	5	5	100	4	1
Cariello Vincenzo	5	5	100	4	1
Hedberg Jeffrey Alan	5	5	100	4	1
average attendance	20	20	100	13	7

¹² The UniCredit website address where the Board and Board Committees Regulation is available is: https://www.unicreditgroup.eu/en/governance/governance-bodies.html

¹³ The UniCredit website address where information on Directors is available is:

https://www.unicreditgroup.eu/en/governance/governance-bodies/board-of-directors.html

	2024
Risk Committee					Means of attendance
	Meetings	Attendance	%	physical	by teleconference	via phone
Carletti Elena (Chair)	13	13	100	13
Bergamaschi Paola	13	13	100	8	5
Rigotti Marco Giuseppe Maria	13	13	100	12	1
average attendance	39	39	100	33	6

	2024
Nomination Committee	Meetings	Attendance	%	Means of attendance
				physical	by teleconference	via phone
Hedberg Jeffrey Alan (Chair)	9	9	100	8	1
Domingues António	9	9	100	7	2
Lara Bartolomé Beatriz Ángela	9	9	100	4	5
average attendance	27	27	100	19	8

	2024
Remuneration Committee		Attendance	%	Means of attendance
	Meetings			physical	by teleconference	via phone
Domingues António (Chair)	10	10	100	6	4
Bergamaschi Paola	10	10	100	2	8
Pierdicchi Maria	10	10	100	5	5
average attendance	30	30	100	13	17

	2024
Related-Parties Committee		Attendance	%	Means of attendance
	Meetings			physical	by teleconference	via phone
Pierdicchi Maria (Chair)	16	16	100	8	8
Cariello Vincenzo	16	16	100	8	8
Tondi Francesca	13	12	92.31	4	8
average attendance	45	44	97.78	20	24

6.1 Governance and Sustainability Committee

Composition

According to the provisions of the Board and Board Committees Regulation, the Governance and Sustainability Committee consists of four independent Directors. One of the members is the Chair of the Board of Directors, who is also the Chair of the Committee.

At the Report's approval date, the composition of the Committee is the following: Mr. Pietro Carlo Padoan (Chair), Ms. Elena Carletti, Mr. Vincenzo Cariello and Mr. Jeffrey Alan Hedberg.

All members of the Committee comply with the independence requirements provided under the Italian Legislative Decree no. 58/1998 and the Italian Civil Code, the Decree issued by the Ministry of Economics and Finance no. 169/2020, as well as the Italian Corporate Governance Code (with a quota equal to 100% of its members).

* * *

In 2024, the Governance and Sustainability Committee held 5 meetings. On average, Committee meetings lasted approximately 1 hours and 54 minutes. For the 2025 financial year, 7 Committee meetings have been planned. At the Report's approval date, 2 meetings have been held.

In 2024, upon invitation of Committee Chair, the Secretary of the Board of Directors, the Chief Executive Officer and the Chair of the Audit Committee, as well as managers of the Company for specific topics on the Agenda attended the meetings of the Governance and Sustainability Committee. Moreover, a member of the Audit Committee attended a meeting of the Committee.

In particular, the Committee meetings were attended by:

Group Legal, 4 meetings;
Group People & Culture, 3 meetings;
Group Finance, 1 meeting;
Group Operations, 1 meeting.

Roles and Responsibilities

The Governance and Sustainability Committee provides advice and support to the Board of Directors on matters related to corporate governance and in fulfilling its responsibilities while pursuing a sustainable success as integral component of the Group's business strategy and long-term performance.

As to the Governance, the Governance and Sustainability Committee supports the Board of Directors with reference to the design and the implementation of UniCredit corporate governance system, corporate structure and Group governance models and guidelines and on special projects pertaining to the above (if any). To this purpose, the Committee:

i) oversights the consistency of the Bank's corporate governance with applicable laws, rules and regulations (in particular with the Italian Corporate Governance Code) and monitors their developments as well as international and national best practices, updating the Board of Directors where material changes thereof are detected and have repercussions on the existing Company corporate governance;
ii) reviews the Corporate Governance report to be published;
iii) submits to the Board of Directors, when appropriate or necessary, proposals for amendments to the corporate governance system, corporate structure and Group governance models and guidelines (e.g., Board and Board Committees roles, responsibilities and functioning, delegation of powers), providing the rationale for said amendments to be adopted;
iv) liaises with corresponding corporate bodies of the Group entities on corporate governance matters brought to its attention as appropriate.

As to Sustainability, the Committee supports the Board of Directors on Sustainability and ESG related matters (with the exception of all risk related ESG components - e.g., Climate and Environmental risks - which fall under the Risk Committee's remit). To this purpose the Committee, upon evaluation of its Chair and the CEO, carries out preliminary activities, analyzes and submits proposal on the sustainability and ESG framework, policies and guidelines.

Activities performed

In 2024, the Committee supported the Board in corporate governance activities mainly concerning aspects of the set-up and functioning of the newly established one-tier system (delegation of powers, regulation of corporate bodies, onboarding and training of Directors), the considerations on ECB inspections impacting corporate bodies and the evaluation of new organizational set-ups of some corporate functions (Group Legal, including the separation from the Chair and Board Secretariat, Group Finance and Group Operations).

Moreover, the Committee:

monitored the work of the Committee during its first months in office, considered the adoption of the new governance model, specifically discussing the aspects of set-up and functioning of Board Committees and their relevant information flows;
supported the Nomination Committee (also meeting jointly) in the process for the selection of the candidate for the role of Board Secretary and in the review of the perimeter of the relevant personnel;
was informed about the novelties introduced by Law 21/2024 (Legge Capitali) awaiting CONSOB's implementation rules.

The Committee, through its Chair, carried out the activities under its remit with the support of the Company's structures. In 2024 external consultants were not used.

6.2 Risk Committee

Composition

According to the provisions of the Board and Board Committees Regulation, the Risk Committee consists of four nonexecutive Directors.

At the Report's approval date, the composition of the Risk Committee is the following: Ms. Elena Carletti (Chair), Ms. Paola Bergamaschi, Mr. Marco Giuseppe Maria Rigotti and Ms. Francesca Tondi.

The members of the Committee have the experience required under applicable provisions, covering the provided areas of competence, related to finance and risk assessment and management.

* * *

The Group Risk Officer and the Head of Internal Audit attend the Committee meetings. Upon invitation of the Committee Chair, the Chief Executive Officer, other Directors, the Manager in charge of drafting the company financial reports, as well as personnel belonging to the Company and the Group, may attend Committee meetings. A member of the Audit Committee attended 4 meetings of the Committee and another member attended 1 meeting of the Committee.

During 2024, the Committee meetings were attended by:

the Heads of the corporate control functions (Internal Audit, Group Compliance and Group Risk Management);
the Chair of the Board of Directors upon invitation of the Committee's Chair;

the Manager in charge of drafting the company financial reports in occasion of discussions dealing with accounting and linked topics;
corporate officers of the following additional Company functions/Group Companies, for the topics under their remit that from time to time are part of the Agenda:
- Group Finance, in 4 meetings;
- Group Regulatory Affairs, in 5 meetings;
- Group Digital & Information, in 2 meetings;
- Group Operations, in 1 meeting;
- Group People & Culture, in 1 meeting;
- Group Legal, in 1 meeting;
- Macroeconomic Analysis, in 3 meetings.

In 2024, the Committee did not use external consultants.

Roles and Responsibilities

In the context of the one-tier model adopted by the Company, the Risk Committee provides advice and support to the Board of Directors on risk management related matters, according to the provisions of laws and regulations, performing all the activities instrumental and necessary for the Board to make a correct and effective determination of the "Risk Appetite Framework" and of the risk management policies.

More in detail, the Committee carries out preliminary activities, analyzes and submits proposals to support the Board of Directors including on the following topics:

defining and approving risk management strategic guidelines, framework and policies (including the noncompliance risk, climate and environmental risks, risk data quality). Within the RAF, the Committee performs those tasks as necessary for the Board of Directors to define and approve the risk objectives (risk appetite) and the tolerance threshold (risk tolerance);
examining the annual funding plan;
verifying correct implementation of risk strategies, management policies and RAF, and
defining policies and processes for evaluating corporate activities, including verification that the price and conditions of client transactions comply with the risk-related business model and strategies.

The Risk Committee also examines the risk assessments carried out and those planned by the corporate control functions on yearly basis for determining their own annual plans of activity.

Pursuant to the Italian Corporate Governance Code, the Risk Committee opines on aspects relating to the identification of the main corporate risks and supports the Board in assessments and decisions concerning the management of risks attached to prejudicial occurrences which the same Committee became aware of.

Based on the succession plans prepared by the Nomination Committee, the Risk Committee identifies and proposes to the Board of Directors the candidate suitable for the appointment as Head of the Risk Management function or assesses his/her termination. Moreover, the Chair of the Risk Committee is consulted beforehand for the identification and appointment of the Head of Group Compliance.

Without prejudice to the competences of the Remuneration Committee, the Risk Committee checks that the incentives underlying the remuneration and incentive system comply with the RAF, particularly taking into account risks, capital and liquidity.

Activities performed

In 2024, the Risk Committee held 13 meetings. On average, Committee meetings lasted approximately 3 hours and 20 minutes. For the 2025 financial year, 14 Committee meetings have been planned. At the Report's approval date, 4 meetings have been held.

In 2024, the Committee has performed information-gathering, consultative and proposition-making functions with regard to the duties assigned to it by the Board of Directors. In addition to the execution of the ordinary activity (8 meetings), 5 extraordinary meetings have been held to allow a deeper evaluation of some important aspects related to risk topics.

Furthermore, in 2024, the Committee has established the necessary functional links with the Audit Committee, in order to carry out the activities deemed to be common to the two bodies and exchanging information of mutual interest within the sphere of their respective competencies. On this regard, three meetings out of those held by the Risk Committee were held jointly with the Audit Committee.

Finally, among the meetings held by the Risk Committee, one was held jointly with the Nomination Committee, with reference to the succession plan of the Group Risk Officer.

6.3 Nomination Committee

Composition

According to the provisions of the Board and Board Committees Regulation, the Nomination Committee consists of three non-executive Directors.

At the Report's approval date, the composition of the Committee is the following: Mr. Jeffrey Alan Hedberg (Chair), Mr. António Domingues and Ms. Beatriz Ángela Lara Bartolomé.

* * *

During 2024, 9 meetings of the Nomination Committee were held, each one with an average length of 1 hour and 8 minutes. For the 2025 financial year, 5 Committee meetings have been planned. At the Report's approval date, 2 Committee meetings have been held.

In 2024, upon invitation of Committee Chair, the Chair of the Board of Directors, the Secretary of the Board, the Chief Executive Officer, the Chair of the Audit Committee and Directors members of the Governance and Sustainability Committee, as well as managers of the Company for specific items on the Agenda attended the meetings of the Nomination Committee.

In particular, the Committee meetings were attended by:

Group People & Culture, 6 meetings;
Group Legal, 4 meetings;
Group Compliance, 2 meetings;
Interna Audit, 1 meeting;

Head of Germany, 1 meeting.

Roles and Responsibilities

The Nomination Committee supports the Board of Directors on matters related to its composition and to the nomination and succession planning of the Management of the Company.

The Nomination Committee:

a) submits proposals to the Board regarding the optimal qualitative and quantitative composition of the Board, and the maximum number of seats held by Directors in other companies considered compatible with effectively fulfilling these roles at UniCredit;
b) submits proposals, at least once every three years, to the Chair of the Board of Directors concerning the selection of external advisor supporting the Board in conducting the Board's self-assessment process, as well as opines and supports the Board in the self-assessment process, as directed by the Chair of the Board of Directors;
c) sets targets for the least well represented gender in corporate bodies as well as for management and staff belonging to the Group, and prepares a plan to achieve said targets.

The Nomination Committee provides opinions and support to the Board of Directors also regarding:

a) the assessment on the compliance of Board Directors with the requirements provided by applicable laws and the Articles of Association (including the ban on interlocking directorships laid down by applicable laws), and the assessment that they collectively and individually abide by the optimal qualitative and quantitative composition of the Board identified by the Board itself;
b) the selection of candidates for the seats of Chair, Chief Executive Officer and Director of UniCredit, in the event of co-optation, and, should the Board present its own list of candidates for the position of independent Director for approval by the UniCredit Shareholders' Meeting, taking into due account any recommendations from shareholders, as per the process approved by the Board;
c) the appointment of the Chief Executive Officer and, upon proposal of the Chief Executive Officer, of the General Manager, Deputy General Managers and other Executives with strategic responsibilities;
d) the assessment on the compliance of the General Manager, the Manager in charge of preparing the company's financial reports and the other Heads of the main corporate functions, with the requirements provided by applicable laws and the Articles of Association, if any;
e) the definition of appointment and succession plans for the Chief Executive Officer, General Manager, Deputy General Managers;
f) the definition of policies for the succession plans for the Executives with strategic responsibilities;
g) the contribution to the identification of candidates proposed to the Board for the roles of Heads of corporate control functions, in compliance with the specific policies approved by the Board; coordinating with the Risk Committee and the Audit Committee for the proposals which are under their remit;
h) the definition of the policy for the appointment of corporate officers (members of the Board of Directors, Board of Statutory Auditors and Supervisory Board) in Group companies;
i) the designation of corporate officers (members of the Board of Directors, Board of Statutory Auditors and Supervisory Board) in the main companies;
l) the performance of market scouting /assessments /hiring proposals for specific roles that fall in the remit of the Board.

Activities performed

In 2024, the Committee interacted mainly with the functions of Group People & Culture and Group Legal.

The Committee discussed the adoption of a new approach aimed at further fostering the ongoing strengthening of the Bank's internal talent pool with reference to the succession plans of the Chief Executive Officer and the Executives with strategic responsibilities.

The Committee also examined the succession plan of the heads of the corporate controlling functions (also meeting jointly with the Risk Committee).

Moreover, the Committee:

supported the Board Chair in the process for the selection of the candidate for the role of Board Secretary, first discussing the ideal profile for said role, coordinating and meeting jointly with the Governance and Sustainability Committee;
supported the Board Chair in the selection of the external consultant that supported the Board in the annual selfassessment process in terms of composition and functioning;
verified that the requirements of current national and European regulations for corporate officers were met, particularly those regarding independence and interlocking ban.
reviewed proposals for the designation of officers in the corporate bodies of the Group's main companies of the Group;
was informed about the novelties introduced by Law no. 21/2024 (Legge Capitali) awaiting CONSOB's implementation rules.

Last, the Committee launched the process for selecting a new Board member following the resignation of Director Mr. Chromik in December 2024.

The Committee, through its Chair, carried out the activities under its remit with the support of the Company's structures. In 2024 external consultants were not used.

6.4 Remuneration Committee

For the required information on the Remuneration Committee's set-up, tasks and functioning, please refer to paragraphs "Role of the Remuneration Committee" and "Report on the Remuneration Committee" in the "2025 Group Remuneration Policy and Report", drawn up in accordance with Section 123-ter of the TUF, Section 84-quater of the CONSOB Issuers' Rules, and the provisions set forth under First Part, Title IV, Chapter 2, Policies and practices on remuneration and incentive of Banca d'Italia Circular no. 285/2013.

6.5 Related-Parties Committee

Composition

The Related-Parties Committee consists of three Directors who are all independent within the meaning of the Italian Corporate Governance Code.

At the Report's approval date, the composition of the Related-Parties Committee is the following: Ms. Maria Pierdicchi (Chair), Mr. Vincenzo Cariello and Ms. Francesca Tondi.

Roles and Responsibilities

The Related-Parties Committee oversees issues concerning transactions with related parties pursuant to CONSOB Regulation no. 17221/2010 and with associated parties pursuant to Banca d'Italia Circular no. 285/2013 (Part III, Chapter 11), carrying out the specific role attributed to independent Directors by the aforementioned provisions.

Furthermore, it carries out any other duties assigned to it within the Global Policy for the management of transactions with persons in conflict of interest, as applicable from time to time¹⁴ .

In order to enable the Related-Parties Committee to carry out its duties, the Company's competent offices ensure a constant monitoring of transactions in scope of the procedures for the identification and management of transactions with related and/or associated parties, also in view of enabling the Committee to assess cases of voluntary exemption and to propose corrective actions.

In the exercise of the duties assigned to it under applicable laws and regulations, to the Related-Parties Committee are entrusted by the current Global Policy the following duties:

formulating prior, motivated and binding opinions for the purposes of the UniCredit S.p.A. Board of Directors' resolution on the overall suitability of the Global Policy and subsequent updates to achieve the objectives established in the external provisions. Said opinions are additional to those requested from the corporate body charged with control functions;
formulating prior and motivated opinions, when expressly required, in the event of transactions with members of the Combined Perimeter¹⁵ either directly or indirectly with UniCredit, concerning the Company's interest in the performance of such transactions, as well as the profitability and substantial correctness of the conditions of such transactions;
becoming timely involved, in the event of transactions of "greater significance" with members of the Combined Perimeter - if deemed necessary by the Committee, through one or more delegated members - in the negotiation phase and in the preliminary phase through the reception of an exhaustive and updated information flow, including the right to request information, as well as issue observations to the delegated bodies and the persons in charge of carrying out negotiations or the preliminary phase;
pursuant to section 4, paragraph 1, lett. e-bis) point (i) of the CONSOB Regulation, examining, on the basis of information flows received on a semiannual basis, also through the use of sample selection methods, the application of the cases of voluntary exemption provided for by the above-mentioned Global Policy in order to examine the adequacy of the same - also in view of its periodic review - and to formulate any corrective measures;
pursuant to section 4, paragraph 1, lett. e-bis) point (ii) of the CONSOB Regulation, verifying the proper application of the exemption conditions to transactions of "greater significance" defined as "ordinary" and "concluded at market or standard conditions", notified to the Committee pursuant to Section 13, paragraph 3, letter c) of the CONSOB Regulation, as well as to the above Global Policy. Upon receipt of the report, the Chair of the Committee shall immediately call the Committee to conduct the relevant review.

* * *

For each individual transaction subject to assessment, Committee members must be different from the counterparty, its associated parties and/or any entities related to it.

If a Committee member is a counterparty to the transaction under examination (or is related/associated with the counterparty), he/she must promptly inform the Chair of the Board of Directors and the Committee Chair (provided he/she is not in a conflict of interest situation), and abstain from attending Committee meetings and supporting the activities pertaining to the transaction in which the relationship exists. Having consulted with the Committee Chair (provided he/she is not in a conflict of interest situation), the Chair of the Board of Directors shall immediately take

¹⁴ The UniCredit website address where the Global Policy Transactions with related parties, associated persons and corporate officers ex. Section 136 of the CBA is available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/related-parties-and-associated-persons.html

¹⁵ Persons at Group level subject to procedures - which apply jointly - as envisaged under the Global Policy, pursuant to both CONSOB Resolution no. 17221/2010 and Banca d'Italia Circular no. 285/2013.

steps to temporarily replace the member who has this conflict of interest with another member from the Board of Directors who qualify as independent pursuant to the Italian Corporate Governance Code.

If the Chair of the Committee acknowledges that (i) a transaction needs to be analyzed urgently or an opinion is required in the context of a negotiation process which is underway, and (ii) the majority or all members of the Related-Parties Committee are unable to meet or carry out the required activities in time to enable the accomplishment of the transaction within the timeline envisaged for that, then he/she shall promptly inform the Chair of the Board of Directors of this situation and, in any case, no later than the day after the he/shew as informed that the majority or all Committee members were not available.

Having consulted with the Chief Executive Officer and determined that the transaction cannot be delayed, the Chair of the Board of Directors immediately takes steps to identify up to three independent Directors to temporarily sit on the Related-Parties Committee and replace those who were not available so that the functioning of the Committee is not prejudiced.

In both the aforementioned cases, the replacing member(s):

must be provided with available information on the transaction to be opined upon in due time before the Related-Parties Committee meeting in which said transaction has to be analyzed;
retain the duties inherent in the role undertaken until the specific transaction in scope of their replacement is conclusively decided by the competent bodies, and remain(s) involved in the decisions taken by the Related-Parties Committee.

Activities performed

In 2024, the Related-Parties Committee held 16 meetings (on average, each Committee meeting lasted 1 hour and 10 minutes). For the 2025 financial year, 13 meetings have been planned for the Related-Parties Committee. At the Report's approval date, 7 meetings have been held.

In 2024, Company and Group Managers and personnel, as well as advisors belonging to major Italian and foreign consultancy and law firms, attended Committee meetings to discuss specific items on the Agenda.

In particular, the Committee meetings were attended by managers or employees from:

Group Legal, 13 meetings;
Group Risk Management, 4 meetings;
Group Compliance, 2 meetings;
Internal Audit, 3 meetings;
Group M&A and Corporate Development, 8 meetings;
Group Finance, 1 meeting;
Group Real Estate, 2 meetings;
Group People & Culture, 2 meetings;
UniCredit Factoring S.p.A., 1 meeting;
UniCredit Bank Austria AG, 6 meetings.

A Statutory Auditor of UniCredit also attended the 2024 Committee's meetings, when the traditional corporate governance model was in force, on a periodic rotation basis as defined by the body charged with control functions. Since April 2024, following the adoption of the one-tier model, the Chair and another member of the Audit Committee attended respectively to 1 and 2 meetings of the Related-Parties Committee.

In 2024, the Committee issued three favourable opinions on transactions related to UniCredit S.p.A. and its subsidiaries. For the issuance of one of the above opinions, which was also subject to conditions, the Committee availed itself of the activity of an expert, after having assessed the meeting of the independence requirements provided by Annex 4 of CONSOB Regulation - and of the professional experience to perform their duties.

Furthermore, on November 5, 2024, the Committee issued a positive opinion for the benefit of the Board of Directors on the new release of the Global Policy "Transactions with related parties, associated persons and Corporate Officers ex art. 136 CBA", which was updated to align it to the new corporate governance model, to enhance the effectiveness of operational and monitoring processes, and to clarify some qualifying issues that have arisen during the Global Policy implementation.

The activity carried out by the Committee in 2024 also concerned the analysis of the periodic information drafted, according to the Global Policy, by:

Group Risk Management, on the Group's overall exposure arising from transactions with components of the Combined Perimeter;
Presidio Unico, (i) on the transactions subject to a voluntary exemption of UniCredit and of the subsidiaries with components of the Combined Perimeter, consistently with the CONSOB Regulation and the Global Policy. The mentioned information flow, on a six-monthly basis, was functional to the performance by the Committee of the examination tasks on the correct implementation of voluntary exemption cases, with the support of the competent business structures, invited to attend 2 meetings devoted to the Committee's controls; (ii) on the topics which are relevant for the Combined Perimeter.

Lastly, the Committee received the following information "on a voluntary basis" regarding:

the outcomes of the second-line controls performed by the Compliance function, on the existence and completeness of the procedures which are appropriate to ensure the compliance with the requirements established by the legal framework and by the internal rules on the process for managing the transactions with components of the Combined Perimeter;
the analysis performed by Presidio Unico on the "correlation title" of the components of the Combined Perimeter, with specific reference to the companies which are associated directly and indirectly with UniCredit S.p.A.;
the monitoring performed by Presidio Unico on the operations with the main related parties in the last three years;
the implementation status of the recommendations issued by the Internal Audit function concerning the relatedparties management process;
the project activities and relevant progress on topics relating to related-parties transactions;
training activities to Group employees on topics relating to related party transactions.

7. Directors' remuneration[Indemnities to Directors in the event of resignation, dismissal or termination of employment following a public purchase offer]

For the required information on compensation for executive Directors, non-executive Directors and Executives with strategic responsibilities, as well as on indemnities to Directors in the event of resignation, dismissal or termination of employment following a public purchase offer (as per Section 123/bis, sub-section 1, letter i), of the TUF), please refer to the section on "Compensation to members of the corporate bodies charged with strategic supervision and control functions and Executives with Strategic Responsibilities" in the "2025 Group Remuneration Policy and Report", drawn up in accordance with Section 123/ter of the TUF, Section 84/quater of the CONSOB Issuers' Rules, and the provisions set forth under First Part, Title IV, Chapter 2, Policies and practices on remuneration and incentive of Banca d'Italia Circular no. 285/2013.

8. Directors' interests and related-parties transactions

Risks arising from transactions with persons in a potential conflict-of-interest situation are governed, inter alia, by the Regulation CONSOB adopted in Resolution no. 17221/2010 and subsequent updates, by regulations on "Risk activities and conflicts of interest with associated parties" provided for under Third Part, Chapter 11 of Banca d'Italia Circular no. 285/2013, as well as regulations on the obligations of corporate officers at Banks pursuant to Section 136, Legislative Decree no. 385/1993.

Under this regulatory framework, with the unanimous and favourable opinion of the Related-Party Committee and the Audit Committee, on December 12, 2024, the UniCredit Board of Directors approved the update of the "Global Policy Transactions with related parties, associated persons and corporate officers ex Section 136 of the CBA" (available on the UniCredit website) with the aim of defining principles and setting out rules for controlling risks that may arise out of a possible conflict of interest caused by a party's close ties with bank decision-makers.

Intended as an organic evolution towards unifying aspects of governance and areas of enforcement, procedural and organisational approaches (due to the significant similarities between CONSOB's regulations on related parties and the Banca d'Italia's on associated parties), this Global Policy details provisions to be complied with when managing transactions with persons in a potential situation of conflict of interest, as defined by the above-mentioned regulations.

Here below is the list of enforcement areas which are handled jointly by the provisions in the Global Policy:

governance issues and the associated roles of the Board of Directors, the Related-Parties Committee and the Audit Committee;
organisational structures for overseeing and managing transactions with related and associated parties;
perimeter of CONSOB related parties and Banca d'Italia associated parties;
criteria for identifying and detecting transactions with related parties and associated parties, including those of greater relevance;
cases of exemption set out in the CONSOB Regulations and through Banca d'Italia provisions, and exemptions at UniCredit pursuant to the powers provided for under such provisions;
procedures for arranging and approving transactions with related and associated parties;
checks and rules for adoption of the Policy within the Group.

Taking into consideration the peculiarities that characterise these provisions, references are also provided on the following:

disclosure- and transparency-related obligations required by CONSOB with reference to transactions with related parties;
risk activities with associated parties pursuant to Banca d'Italia supervisory reporting terms;
monitoring prudential limits and risk appetite levels of associated persons.

The current version of the Global Policy is available on the UniCredit website¹⁶ .

* * *

¹⁶ The UniCredit website address where the Global Policy on Transactions with related parties, associated persons and corporate officers ex section 136 of the TUB is available is:

https://www.unicreditgroup.eu/en/governance/our-governance-system/related-parties-and-associated-persons.html

Compliance with legal requirements on the interests of company Directors and related-parties transactions being unaffected, through its Global Policy the Company must also comply with Section 136 of Legislative Decree no. 385/1993 concerning the obligations incumbent upon bank corporate officers, according to which such officers may not take on any obligation, directly or indirectly, with the bank that they manage, direct or control, unless it is approved unanimously by the supervisory body, and with the person concerned abstaining, and with the favourable vote of the controlling body's members. Accordingly, corporate officers are required to report the names of individuals or companies with whom entering into relations might constitute an indirect obligation that substantially refers to a corporate officer.

A transaction with a related party involving a bank's corporate officer or a party related to such individual falls under the provisions of Section 136 of the Legislative Decree no. 385/1993 and the relevant decision-making procedures. In such cases, the Related Parties Committee must be granted an early, timely and complete information flow for transactions of greater or lesser relevance not falling under the foreseen cases of exemption.

9. Internal controls and risks management system

The internal controls system is an essential part of the overall governance system at a bank. It plays a central role in their organisation and can help to ensure the effective management of risks and how they interrelate, to ensure that the activities carried out complies with the corporate strategies and policies, and is founded on sound and prudent management principles.

An effective internal controls system is a prerequisite for value creation over the medium-to-long term, safeguarding asset quality, correctly perceiving risk and appropriately allocating capital.

The UniCredit Group internal controls system, in its ordinary governance setup, is based on:

control bodies and functions, in particular involving (each one under respective sphere of competence) the Board of Directors, the Risk Committee, the Audit Committee as corporate body charged with control functions, the Chief Executive Officer, as well as the functions and the managerial committees with specific tasks to that regard;
information flows and coordination procedures among parties involved in internal controls and risks management system;
Group Governance mechanisms.

9.1 Bodies and functions

The Board of Directors and the Risk Committee

Guidelines for internal controls and the risks management system are defined by the Board of Directors, having verified their consistency with the strategic guidelines and the risk appetite established by the Board, accordingly with the regulations issued by the Supervisory Authorities and the applicable provisions. Consequently, the Board is able to ensure that the main risks are properly identified and measured, managed and monitored in the appropriate manner, also taking into account how they evolve and interact and, furthermore, establishing criteria for the compatibility of such risks with sound and prudent management of the Company.

Within this context, on a yearly basis the Board of Directors defines and approves a Group Risk Appetite Framework that is consistent with the budget process timeline and definition of the financial plan, in order to ensure that business develops within the desired risk profile and in accordance with national and international regulations.

The Risk Appetite Framework summarises the Group's desired risk profile, including identification of significant risks to which the Group is exposed, by defining thresholds for the following indicators:

regulatory indicators to ensure compliance at all times with the Supervisory Authority requirements (e.g., the Common Equity Tier 1 Ratio and the Liquidity Coverage Ratio);
managerial indicators, to monitor the evolution of key variables from both a strategic and Risk Appetite point of view defined to ensure the steering of all key financial risks (e.g., Credit, Liquidity and Interest Rate Risk, Market and Sovereign Risk), Profitability, Non-Financial Risks (e.g., Operational Risk, ICT, Cyber Risk, Compliance Risk) and Climate and Environmental Risks.

In the second half of the 2024, the Group Risk Appetite Framework has been set for the 2025 to sustain the way towards the Company's strategic objectives in a controlled risk environment. The key elements have been re-defined and re-evaluated, including the macro scenario underlying the 2025 budget, key risks and risk trends. Enhancements of the framework included the cascading of some KPIs from Group level also to the Group Companies.

The Group Risk Appetite Framework for 2025 was approved by the Board.

The Group Risk Appetite Framework, which includes both the quantitative component (i.e., RAF dashboard) and the qualitative component (i.e., Risk Appetite Statement), is consistently implemented at relevant Group companies and cascading to more granular levels through Group Risk Strategies. The quantitative component includes for each KPI the definition of relevant target, trigger and limit: (i) the targets represent the amount of risk the Group is willing to take on in normal conditions, and they form the reference thresholds for development of the business, (ii) the triggers represent the maximum acceptable level of deviation from the defined target thresholds. They are set so as to assure that even under stress conditions the Group can operate within the maximum level of acceptable risk; the managerial committee Group Executive Committee and the Board of Directors shall be informed of trigger breaches; (iii) the limits are hard points that represent the maximum level of risk acceptable for the Group; if a limit is breached, the Board of Directors must be involved in assessing and deciding upon possible corrective measures.

The Board of Directors is supported by the Risk Committee and the Audit Committee, under their respective spheres of competence, in its decision-making activities relating to the internal controls and risks management system.

Under its sphere of competence, the UniCredit Board of Directors approves the setting up of corporate control functions, defining their duties and responsibilities, forms of coordination and collaboration, and information flows between them and the corporate bodies. Additionally, with the support of the Risk Committee and of the Audit Committee, it draws up coordination documents envisaged on the subject by Banca d'Italia Circular no. 285/2013 and has entrusted the Chief Executive Officer with the implementation of the guidelines established by the Board itself by designing, managing and monitoring the internal controls and risks management system. Within this framework, the Board of Directors ensures that corporate control functions are stable and independent, and that they may access all Bank and Group Companies' activities and any data relevant for performing their respective duties.

At least once a year, after having consulted the Audit Committee, the Board of Directors assesses the adequacy of the organisational structure and the quality and quantity of employees of the function responsible for compliance with regulations (Group Compliance) and, after having also consulted the Risk Committee, the risk management functions (Group Risk Management). Furthermore, the Board defines any changes regarding the internal audit function's (Internal Audit) organisation and personnel.

Moreover, the Board of Directors approves the following strategies.

Credit Strategies

Under Basel II Pillar II, Group Credit Risk Strategies represent an advanced credit risk management instrument, targeted at ensuring consistency between budget targets and the Risk Appetite Framework. Taking into consideration the macroeconomic and credit scenario, projections in the economic and industry sector, as well as business initiatives and strategies, Credit Strategies provide a set of guidelines and operational limits broken down by the countries and business segments in which the Group operates, with the goal of identifying the desired risk profile and business line positioning in order to ensure growth consistent with the Group Risk Appetite Framework, while at the same time optimising the overall credit risk impact without precluding profitable business opportunities.

Financial Risk Strategies

At Group level, the UniCredit "Group Financial Risk" function manages the setting of overall limits on the Group's financial risks (i.e., liquidity, interest rate, credit spread, market, counterparty and trading credit risks).

To this end, the Holding Company's "Group Financial Risk" function acts in tight coordination with:

the Group Companies' Financial Risk functions, which in accordance with the Group business model are entitled to take on exposures to financial risks either in the trading or in the banking book. The relationship with local Financial Risk functions, within the overall process of negotiating operational limits alongside the business functions, is designed to ensure consistency of the limits with the returns assigned to them in the budget, taking into account dynamics, risk indicators derived from historically observed data, expected market developments and proposed business initiatives;
the "Strategic & Integrated Risks" Group Risk Management function in charge of the Group Risk Appetite, with the aim of verifying the limits-related impact on Regulatory and Economic Capital within an iterative process conceived to ensure that limits are consistent with the capital allocation approved at Group level, taking into consideration income goals defined in the annual and strategic plans.

The UniCredit Board sets out the guidelines for the internal controls system, verifying its consistency with established strategic orientations and risk appetite, as well as its capacity to detect the evolution of corporate risks and how they mutually interact, ensuring that the main risks are properly identified, measured, managed and monitored in the appropriate manner, through the Risk Committee and the Audit Committee activities, under their respective spheres of competence, in particular, on the basis of:

reports by the Heads of corporate control functions: the compliance function (Group Compliance), the risk management function (Group Risk Management), the internal audit function (Internal Audit), the anti-money laundering function (Anti-Financial Crime Compliance) and the validation function (Group Internal Validation);
information from the Manager in charge of drafting the company financial reports in compliance with the international accounting standards and with regulations relevant to preparing the consolidated financial statements;
any useful information related to monitoring overall corporate risks provided by the relevant Company structures and/or by the audit firm assigned to undertake statutory accounting supervision.

At least yearly, the Board approves the activities programme prepared by the corporate control functions, including the yearly audit plan, and examines their periodic or ad hoc reports and information flows. Moreover, it approves the multi-year audit plan.

In addition, the Board ensures that the internal controls system and corporate organisation are constantly harmonized with the principles enshrined in laws and regulations applicable from time to time, verifying on at least annual basis the completeness, adequacy, efficacy and effective functioning of the internal controls and risks management system; should shortcomings or discrepancies emerge, the Board promptly ensures the adoption of appropriate corrective measures, whose efficacy should subsequently be assessed.

Chief Executive Officer

Notwithstanding the Board of Directors' authority over the establishment of corporate control functions and the definition of related roles and responsibilities, the Chief Executive Officer manages the internal controls and risks management system, with support from relevant functions. This includes:

(i) identifying the Company's risks and submitting them to the Board of Directors. To this end, the Chief Executive Officer must have in-depth knowledge about all corporate risks and, as part of an integrated managementoriented approach, their reciprocal relationships, taking into account how external circumstances (including macroeconomic risks) evolve;

(ii) implementing the strategic guidelines, RAF and risk management policies defined by the Board, by providing for the design, management and monitoring of the internal controls and risks management system. In the supervision of these activities, the Chief Executive Officer is supported by the managerial committee Group Executive Committee and the Group Risks/Controls Committee (i.e., Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee), chaired by the Chief Executive Officer, in which sessions topics related to the system of internal controls, related remedial plans, as well as issues related to risk management and monitoring are addressed.

The Chief Executive Officer is responsible for taking all necessary steps to ensure that the organisation and internal controls system comply with the principles and requirements envisaged under applicable legal provisions. Furthermore, on an ongoing basis and with assistance from the competent functions (as well as directly sitting on ad hoc managerial committees aimed at overseeing and/or controlling risks), he supervises the proper management of overall corporate risks and the adequacy, and the effectiveness and efficiency of associated protective structures, including by means of defining optimal policies for managing such risks. To that end, at all levels he facilitates dissemination of an integrated risk culture spanning the various types of risk.

With specific reference to the non-compliance risk, the Chief Executive Officer ensures that compliance risk is adequately managed. As such, the Chief Executive Officer:

defines adequate compliance procedures and policies;
establishes effective communication channels to ensure that all levels of staff are aware of the compliance safeguards for their tasks and duties;
ensures that the policies and procedures are followed at the Bank and, should any violation occur, makes sure the appropriate corrective measures are taken;
sets out the information flows designed to ensure the top bodies of the Company are fully aware of how compliance risk is being managed.

In addition, the Chief Executive Officer must, in collaboration with the Group Compliance function:

identify and assess, at least once a year, the key compliance risks that the Bank is exposed to and then plan related action/responses. Planning must include weaknesses (in policies, procedures, implementation or execution) that arise during Company operations and the need to face any new compliance risks that are picked up following the annual risk assessment;
report (either on his/her own initiative or further to a request) to the Board of Directors and the Audit Committee on whether the bank's current management of compliance risk is adequate;
promptly inform both the Board of Directors and the Audit Committee on any major compliance breaches.

The Chief Executive Officer has also been appointed by the Board of Directors as representative responsible for AML/CTF (with executive role), for Italian and Group perimeters. In this role, he constitutes the main contact point between the AML/CTF compliance officer, and the corporate bodies charged with strategic supervision and management (executive) functions of the Holding Company; he ensures the corporate bodies have the information necessary to fully understand the relevance of the ML risks exposure. He also ensures that the Group AML/CTF compliance officer, both at Italian and Group level, carries out his duties effectively.

In particular, in his role as representative responsible for AML/CTF, the Chief Executive Officer performs the following main functions:

monitoring that AML/CTF policies, procedures and internal control measures are adequate and proportionate;
supporting the corporate bodies charged with strategic supervision and management (executive) functions of the Holding Company in the assessments concerning: organizational structure; allocation of resources of the AML function, including the eventual choice of assigning the responsibility of the anti-money laundering function (AML Officer) to the same responsible for AFC/AML;
ensuring that corporate bodies are periodically informed about activities carried out by the AML/CTF compliance officer and interactions with the Authorities;
verifying that the AML/CTF compliance officer has direct access to all the necessary information, has sufficient human & technical resources and instruments and is informed of any ML/TF-related deficiency identified;

reporting the corporate bodies on violations and critical issues concerning AML/CTF and recommending appropriate actions;
ensuring that issues and proposal of remediations represented by the AML/CTF compliance officer are assessed by the Board of Directors;
ensuring that the corporate bodies have all the necessary information to exhaustively understand the relevance of the concerns raised.

As for third-level controls carried out by the Internal Audit function, the Chief Executive Officer is informed of guidelines for auditing activities, may make suggestions to integrate the annual control plan, and may request specific auditing not foreseen in the annual plan.

Within this field, the Chief Executive Officer makes sure that the Board of Directors engages in effective, ongoing dialogue and exchange, with support from the corporate functions that report to him as Head of the internal structure, in order to allow him to review the choices and decisions they adopt over time. To that end, the Chief Executive Officer receives information from corporate functions necessary to assure the supervision required of him, at managerial committees meetings which he attends as Chair and through specific, systematic information flows.

Moreover, the Chief Executive Officer promotes initiatives and actions that are necessary to ensure the ongoing completeness, adequacy, functionality and reliability of the internal controls system, reporting to the Board of Directors on the outcome of checks, designing and implementing any necessary corrective or remedial measures if deficiencies or anomalies arise, or should relevant new products, activities, services and processes be introduced.

Audit Committee

The Audit Committee plays a key role in the internal controls system and carries out the functions entrusted to it by the Circular no. 285/2013 issued by Banca d'Italia in its capacity as control body.

The UniCredit Audit Committee is responsible for overseeing the completeness, adequacy, functionality and reliability of the internal controls system and its compliance with the relevant rules. Accordingly:

(i) it is heard by the Board on the control systems' overall architecture and expresses opinions on the compliance with principles that internal controls systems and corporate organization shall respect (including on the Internal model validation process);
(ii) without prejudice to the competence of the Risk Committee, it oversees the adequacy and functionality of the process and of the overall architecture of the RAF governance and the compliance of the ICAAP process with the relevant provisions, it being also heard by the Board on ICAAP and ILAAP annual reports.

The Audit Committee is required to verify the adequacy of all functions and structures involved in the internal controls system, of the correct performance of their duties and of their efficient coordination (e.g., by supporting the Board with respect to the coordination documents envisaged under Bank of Italy Circular no. 285/2013 and in defining policies on the outsourcing of such functions). To best achieve this, the Committee issues opinions on the requirements that corporate control functions shall comply with, it verifies that such functions comply with the Board's guidelines and pre-examines their activity programmes (including audit plans) and annual reports, as well as periodic and significant reports drafted by the Internal Audit function.

The Audit Committee monitors the independence, adequacy, effectiveness, and efficiency of the Internal Audit function and may entrust it with the performance of audits on specific operational areas.

Based on the succession plans prepared by the Nomination Committee, the Audit Committee identifies and proposes to the Board of Directors the candidate suitable for the appointment as Head of Group Compliance, after having consulted the Chair of Risk Committee in that respect, and Head of Internal Audit, or assesses their termination.

Moreover, the Audit Committee opines on the Company policy on the outsourcing, including the outsourcing of corporate control functions (if any).

The Audit Committee is responsible for overseeing the concrete implementation means of the corporate governance rules established in the codes of conduct drafted by companies managing regulated markets or by associations, which the Company, through public disclosure, declares to adhere to.

The Audit Committee performs the tasks attributed to the Supervisory Body pursuant to the Italian Legislative Decree no. 231/2001 and regulated by the Organisation and Management Model adopted by the Company. In such respect, the Audit Committee has autonomous powers of initiative and control and oversees on the functioning and compliance of the Model and takes care of its update. To allow the Audit Committee to appropriately perform such tasks, in its capacity as 231 Supervisory Body, a specific budget is granted by the Board of Directors according to the mentioned Model.

The Audit Committee is responsible for establishing appropriate functional links with the Internal Controls & Risks Committee and the Remuneration Committee, in accordance with their specific skills.

Control functions

In compliance with applicable laws and drawing inspiration from international best practice, the types of control at UniCredit are structured on three levels:

line controls (so-called first-level controls), in charge of the corporate functions responsible for business/ operational activities, aimed at ensuring the proper carrying out of the transactions;
risk and compliance controls (so-called second-level controls), in charge of the Group Compliance and Group Risk Management functions, each regarding the matters in their sphere of competence;
internal audit (so-called third-level controls), in charge of the Internal Audit function.

The Group Compliance, Group Risk Management and Internal Audit functions are separated and hierarchically independent from the corporate functions that carry out the activities subject to their control. The Board of Directors has exclusive competence over the appointment and removal of the Heads of said corporate control functions, liaising with the involved Board Committees as appropriate.

As per Banca d'Italia Circular no. 285/2013, corporate control functions also include the anti-money laundering and validation functions, both independent and set up within Group Compliance and Group Risk Management, respectively.

In addition to the corporate control functions, in compliance with regulatory provisions, control functions also include the functions charged with control tasks pursuant to legal, regulatory or self-regulatory provisions (e.g., the Manager in charge of preparing the company's financial reports).

The Compliance function

The mission of Group Compliance, under the responsibility of the Group Compliance Officer, role covered by Ms. Serenella De Candia, is to monitor the management of the non-compliance risk¹⁷ as well as to assist the Group, its Management, the corporate bodies and employees in carrying out their activities in compliance with mandatory rules, internal procedures and applicable best practices.

¹⁷ Non-compliance risk can be defined as the risk of incurring legal or administrative penalties, financial losses, or damage to reputation as a result of non- compliance with mandatory rules regulating financial and banking undertakings, codes of conduct and standards of "good practice managing."

Bank and Group's companies' Compliance function are independent, drawing on human and technological resources that are qualitatively and quantitatively adequate to the tasks to be performed, reporting directly to senior management and the corporate bodies, and with access to all corporate information and participates to decisionmaking processes; when necessary, it can elevate an issue directly up the hierarchical higher levels.

Group Compliance has a proactive role in advising the Bank functions on regulatory requirements, especially on new products, processes, business initiatives, commercial campaigns, marketing materials, and sets rules of conducts, guidelines, and standards - for its perimeter of competence - to be observed.

Group Compliance monitors the management of the non-compliance risk according to a risk-based approach, i.e., an approach that, based on the ongoing assessment of Group activities and the regulatory framework and corporate environment, focuses its activities and priorities on the areas, standards, processes and procedures most at risk of non-compliance.

Consistently with this approach, the non-compliance risk monitoring, with respect to all corporate activities (with the exception of laws and regulations falling within the scope of Group Risk Management) is carried out directly¹⁸ , through the organizational units that are part of Group Compliance, on most relevant regulations with regards to non-compliance risk like the ones concerning banking and financial activities, conflicts of interests management, transparency to customers and consumer safeguard regulation.

As far as other regulations are concerned (e.g.: tax laws, Law on Health and Safety at Work) and with reference to UniCredit S.p.A. only, the Compliance function monitors indirectly¹⁹, by providing/validating compliance risk assessment methodologies and procedures to/for the so-called "Presidi specialistici", in place within other business structures, and verifying that they are correctly implemented.

Group Compliance pursues these objectives in particular by:

promoting a culture that encourages compliance with the law, internal regulations and the Global Rules, and by ensuring the training and continued professional updating of employees on Compliance related topics;
identifying, assessing and monitoring non-compliance risk, including the development and monitoring of compliance with Global Rules whose aim is the mitigation of those risks;
implementing a quality assurance program, both at Group and company level;
establishing relationships with the Authorities (Supervisory Authorities, Trade Associations, Legislator, etc.) together with other relevant structures and promoting a continuous dialogue with such Authorities for the area of competence;
cooperating, when necessary, with other Competence Lines within the Group, and especially with other structures that oversee the management and control of risk (specifically, Internal Audit, Group Risk Management) in order to improve the overall consistency and ensure adequate and continuous mutual information flows;
periodically communicating with and providing assistance to the senior management and the Board of Directors on non-compliance risk management, including by participating in the Group Executive Committee and other managerial Committees;
providing guidelines on compliance significant topics to business representatives and other Competence Lines, through proactive advice and upon request, i.e., by providing advice on laws, regulations, codes, practices, products, business lines and organizational structures also at local level;
fulfilling legal requirements concerning anti-money laundering reporting for UniCredit S.p.A., through the appointment of a AML Responsible (AML Officer), in accordance with Banca d'Italia provisions of March 10, 2011, laying down implementing provisions concerning anti-money laundering organization, procedures and internal

¹⁸ Compliance has a direct oversight on the thematic areas defined in the IR 995 of July 18, 2024 - Group Compliance Framework (App. 1), as well as supports the Supervisory Body in its task of monitoring the functioning and compliance of the Model 231/2001.

¹⁹ As envisaged in the "Indirect Model for the supervision of compliance risk" approved by a specific resolution of the Board of Directors.

controls, such AML officer being tasked with promoting a unified anti-money laundering approach in Italy and coordinating the anti-money laundering managers appointed by other centralized Italian Group Companies; - fulfilling legal requirements regarding the personal data processing for UniCredit S.p.A., through the appointment of a Data Protection Officer, in compliance with Regulation (EU) no. 2016/679 of April 27, 2016, laying down provisions on the organization, procedures and evaluation of the impact of data protection, playing a coordinating role at Group level.

Group Compliance is in charge of guiding, coordinating and monitoring compliance matters at Group level; as part of these responsibilities, Group Compliance can perform centralized functions with regard to Compliance matters on behalf of the Italian Group Companies.

The Group Risk Management function

Under the responsibility of the Group Risk Officer, the Group Risk Management structure's mission is to:

optimise the quality of the Group's assets, minimising the risk cost in accordance with the risk/profitability goals set for the business areas;
ensure the strategic steering and definition of the Group's risk management policies;
define and provide the Heads of the Business Functions and Group Companies with the criteria for assessing, managing, measuring, monitoring and communicating risk. It also ensures that the procedures and systems designed to control risk at Group and individual Group Company level are coherent;
help to build a risk culture across the Group by training and developing, together with the competent Group People & Culture;
help to find ways to rectify asset imbalances, where needed in conjunction with the Group Financial Officer;
help the Business Functions achieve their goals, including by assisting in the development of products and businesses (e.g., innovation of credit products, competitive opportunities linked to the Basel accords, etc.);
support the Chief Executive Officer in defining the Group Risk Appetite proposal, to be shared in the managerial committee Group Executive Committee and submitted for approval to the Board of Directors, as preliminary and preparatory step for the yearly and multi-yearly budget plan pertaining to the Group Financial Officer. The Group Risk Appetite shall include a series of parameters defined by the Group Risk Officer, with the contribution of the Group Financial Officer and of other relevant Group functions; each parameter can be complemented by limits and thresholds proposed by the Group Risk Officer and targets proposed by the Group Financial Officer and/or by the relevant Group functions, each respecting their mission and internal regulations. The Group Risk Officer is responsible for ensuring the overall coherence of the proposed parameters and values. Furthermore, the Group Risk Officer is responsible for ensuring to the Chief Executive Officer and the Board of Directors the coherence of the Group Risk Appetite with the Group strategic guidelines, as well as the coherence of the budget goals with the Group Risk Appetite setting and the periodical monitoring of the RAF. The Group Financial Officer remains responsible for monitoring the performances of the Group and of the business functions, in order to identify possible underperforming areas and the related corrective measures.

Such mission is accomplished by coordinating the Group's risks management as a whole. More specifically, it involves carrying out the following macro-functions:

governing and checking credit, cross-border, market, balance sheet, liquidity, ICT, operational and reputational, climate and environmental risks at Group level as well as any other risks relating to Basel II Pillar II (e.g., strategic, real estate, financial investment, business risks), by defining risk strategies and limits, developing risk measurement methodologies, performing stress tests and portfolio analysis;
supervising, on a Group level and for UniCredit S.p.A., Basel accord related activities;
coordinating the internal capital measurement process within the "Internal Capital Adequacy Assessment Process" ("ICAAP") and coordinating activities for drawing up the "ICAAP Regulatory Report";
performing internal validation activities, at Group level, on systems for measuring, credit, operating and market risks, or Basel II Pillar II risks on related processes and data quality and IT components, as well as on models for pricing financial instruments, in order to check that they conform to regulatory requirements and in-house standards, overseeing consequently the non-compliance risk regarding to such regulatory requirements;

ensuring that the competent Bodies/Functions get adequate reports;
developing the strategy and oversee the management, process, targets and disposals of Non-Performing Exposures/NPE, repossessed assets and any other distressed assets for the entire Group. The Group Risk Officer defines the criteria/rules for identifying the exposures and assets for sale and portfolio targets;
drafting and managing risk policies, both at Group level (Global Rules) and at Parent Company level, on the performance of risk-related activities for which UniCredit S.p.A. is competent as well as ensuring the monitoring;
defining framework and performing second-level controls on risks, within the Group and the Parent Company;
assigning ratings for banks and for the Group's major exposures, carrying out the relevant mapping, at Group level, and managing the "rating override" process with regard to Group-wide rating systems as well as those for measuring the credit risk of UniCredit S.p.A.'s counterparts;
defining the minimum standards and guidelines for validating IT infrastructures and data quality, credit risks, operating risks and Basel II Pillar II risks, for feeding Group and Parent Company reports on credit risk and for feeding credit risk measurement models.

In order to strengthen the capacity of independent steering, coordination and control of Group risks, to improve the efficiency and the flexibility on the risk decision process and to address the interaction among the relevant risk stakeholders, specific Committees are in place.

The managerial committees Group Executive Committee, Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee support the Chief Executive Officer in the role of steering, coordinating and monitoring the strategic and all categories of risks (included compliance risk), at Group level, as well as defining the Group Recovery Plan.

The Group Risk Management function sets up specific information flows to ensure full knowledge about the Group's risks exposure and underlying factors, as well as trends for significant variables included in the Risk Appetite Framework. This information, of which the Chief Executive Officer is aware, in part through chairing the managerial committee Group Executive Committee and the Group Risks/Controls Committee (i.e., Group Financial and Credit Risk Committee and Group Non-Financial Risks and Controls Committee), chaired by the Chief Executive Officer, also with a view to draft proposals/reports for the Board of Directors, mainly relates to the topics summarised below:

Risk Appetite Framework, liquidity risk management adequacy (ILAAP) and capital adequacy (ICAAP);
activities performed, checks carried out and related outcomes of all covered risk types;
development, validation and maintenance of the risks measurement and control system, also through the assessment performed by internal validation function.

The UniCredit Group Risk Officer is Mr. Thiam Joo Lim.

The Internal Audit function

The UniCredit Internal Audit function, which reports to the Board of Directors, steers, coordinates and monitors the Group's internal audit activities, and performs third-level control activities as well as on-site inspections on the Parent Company and on the Group's Companies that have outsourced internal audit activities to UniCredit on an inservice company basis ("In service Companies"). In addition, as the Group's Internal Audit function it may conduct on-site controls on any Group Company.

The Internal Audit function acts in compliance with the Internal Audit Group Charter, which defines its mission, responsibility, organisational reporting, tasks and authority.

As independent function, Internal Audit plays an integral part in the internal controls system, carrying out assurance and consulting to evaluate, add value to and improve the internal controls system of UniCredit and its Group.

Internal Audit adheres to the Global Internal Audit Standards.

The Officer in charge of the Internal Audit function

The Head of the Internal Audit function is Mr. Guglielmo Zadra and he reports, either directly or via the Audit Committee, to the Board of Directors at least once a year, and, in particularly important cases, at the next available meeting, on the adequacy, effectiveness and efficiency of the internal control system.

The Head of the Internal Audit function is not in charge of any operational areas and reports hierarchically to the Board of Directors.

In addition, after hearing the Audit Committee's opinion, the Board of Directors has exclusive competence over determining the variable portion of remuneration for the Head of the Internal Audit function, based on criteria and parameters not connected to Bank performance.

In compliance with the Internal Audit Group Charter, the Internal Audit function performs the following activities:

develops and executes an annual audit plan and a multi-year audit plan using an appropriate forward-looking risk-based methodology, taking into account trends and emerging risks. In this context, organisational changes and projects identified by Senior Management and/or governing bodies are considered to be relevant. Both plans are submitted for approval to the Board of Directors after examination by the Audit Committee;
ensures adequate audit coverage, taking into account the competencies of the external auditors and Supervisory Authorities, including a reasonable overview of expenses;
issues periodic reports to the Board of Directors and to the Audit Committee, that summarise the main findings of audit activities at Group level;
undertakes special investigations, including on its own initiative, at UniCredit S.p.A. and within the Group, reporting the results to Senior Management and corporate bodies;
maintains a professional audit staff with sufficient knowledge, skill, experience and professional certification to meet the requirements stated in the Internal Audit Group Charter;
reports to the Board of Directors on matters designed to assess Internal Audit performance, including emerging trends and best practices in internal auditing;
ensures fair and transparent communication with Supervisory Authorities on audit activities;
establishes a quality assurance and improvement programme to make it possible to assess internal audit activities and promote professional development.

Specifically, the Head of the Internal Audit function prepares a quarterly report to provide corporate bodies and Senior Management with an overall assessment of the internal controls system. This report includes not only an assessment of the internal controls system, but also summary information on what activities audit has performed, the main risks emerged, and the implementation status of Management action plans.

Updates are also provided on a regular basis regarding the progress status of the annual plan.

Detail is provided of information flows from the Head of Internal Audit to the corporate bodies in a dedicated internal regulation.

The Head of the Internal Audit function arranges the Audit Plan, based on the Risk Assessment results and in compliance with the Group Audit guidelines. The Audit Plan takes into consideration requests made by the Supervisory Authorities and the corporate bodies.

The Board of Directors has empowered the Internal Audit function to have unlimited access to all corporate functions, records, minutes of all consultative and decision-making committees, Company property and staff.

The Head of the Internal Audit function may draw on an appropriate annual budget, which is submitted to the competent corporate bodies for approval.

Finally, the Internal Audit function plays its role in steering, coordinating and controlling the audit activities at Group level. Within this responsibility continuously updates the existing internal regulation framework in order to better support the audit process during its implementation, reporting and monitoring phases.

The Manager in charge of preparing the company's financial reports and other company roles and positions

The Manager in charge of preparing the company's financial reports is, starting from July 1, 2023, Mr. Bonifacio Di Francescantonio, Head of the Financial & Regulatory Disclosure structure at UniCredit.

In compliance with Clause 34 of the UniCredit Articles of Association, the Manager in charge of preparing the company's financial reports is appointed by the Board of Directors - subject to the mandatory favourable opinion of the Audit Committee, and for a maximum term of three years - to carry out the tasks attributed to this role under laws and regulations in force, establishing his/her powers, resources and remuneration; this person is chosen from among company executives who possess all of the following professional qualifications:

a) a degree (or equivalent) in economics, business administration or finance, obtained in Italy or abroad;
b) at least three years' experience as head of an internal structure devoted to preparing the financial statements, or as Chief Financial Officer (or equivalent) at a listed Italian or foreign joint stock company (including UniCredit and its subsidiaries);
c) an employment rank at the time of appointment of Executive or higher.

In performing his duties, the Manager in charge of preparing the company's financial reports may count on cooperation from all UniCredit Group structures.

The Board of Directors ensures that the Manager in charge of preparing the company's financial reports is granted with the powers and resources necessary to perform the duties attributed under the laws and regulations in force and shall comply with all the relevant administrative and accounting procedures.

The Manager in charge of preparing the company's financial reports issues certifications and declarations, when requested, also jointly with the bodies delegated thereto, as per laws and regulations in force.

9.2 Financial reporting process, including on a consolidated basis

As regards the main features of the internal control system in relation to the financial reporting process of consolidated and non-consolidated information, in accordance with the provisions of Section 154-bis of Italian Legislative Decree no. 58/1998, the UniCredit Manager in charge of preparing the company's financial reports draws up, and ensures effective application of adequate administrative and accounting procedures for drafting the UniCredit S.p.A. individual and consolidated financial statements.

Jointly with the Chief Executive Officer, through appropriate certification of the annual and consolidated financial statements and the consolidated half-year financial report, the Manager in charge of preparing the company's financial reports is required to certify:

the adequacy and effective application of administrative and accounting procedures;
compliance with applicable international accounting standards recognised by the European Community under Regulation (EC) no. 1606/2002 of the European Parliament and the Council dated July 19, 2012;
correspondence to the results of accounting books and records;
suitability to provide a fair and correct representation of the economic and financial situation of the company and all consolidated companies;

• inclusion in the report on operations of a reliable analysis of the operating trend and results, as well as the circumstances of the company and consolidated undertakings, and a description of the main risks and uncertainties to which they are exposed.

To fully comply with regulatory requirements, the Board of Directors approved a specific Global Policy - "Internal control system on financial reporting (Law no. 262/05 - Manager in Charge)", in which general rules are laid out along with a description of responsibilities and relationships between the Holding Company and the Companies belonging to the Group in assessing the status of the internal controls system for Financial Reporting, in compliance with the Italian Law on savings (Law no. 262/2005).

Furthermore, a Global Process Regulation, governing processes and procedures for applying the above-mentioned general criteria, was approved and sent to Group companies.

The adopted internal control system aims at ensuring correct and complete Financial Reporting through:

reinforcement and enhancement of Corporate Governance in relation to risks, by ensuring:
- the take-up of responsibilities for risk monitoring at executive level;
- a set of rules and behaviours established and implemented by Top Management;
- raising of awareness at operational level of risks associated with producing Financial Reporting;
the systematic monitoring of significant risks by the relevant functions for compliance with the abovementioned Law.

The internal controls system for Financial Reporting adopted by the Company includes the application of a common methodological framework, based on:

using a consistent, centrally-developed internal controls system model based on internationally-acknowledged methodological standards, the "Internal Control - Integrated Framework (CoSO)" and the "Control Objective for IT and Related Technologies (Cobit)";
updating and broadcasting within the Group on the basis of centrally-established parameters.

Operational implementation of the adopted model envisages:

the definition of parameters for identifying subsidiaries required to implement the internal controls system over Financial Reporting in accordance with the provisions of Italian Law no. 262/2005;
the identification, for the Holding Company and subsidiaries involved in activities envisaged under Law no. 262/2005, of administrative and accounting, business, governance and support processes that have a significant impact on financial statement items;
the detection for such processes of the existing controls and the owners in charge of first-level controls at individual companies and support units, including Back-office and Information Technology (IT); owners are required first and foremost to ensure assessment of the effectiveness of controls, pointing out any possible action necessary to reduce levels of associated risk. Therefore, each and every procedure and control must be documented, assessed, tested and validated, and individual managerial responsibility must be defined for carrying out the activities involved.

For the Group subsidiaries, a flow of internal certifications is in place for the internal controls system on Financial Reporting, following the approach adopted by the Holding Company. This entails:

giving the governing bodies of Companies responsibility for certifying adequacy and the effective application of both administrative and accounting procedures as well as controls on the Information System to the Holding Company;
setting roles for the local Manager in Charge and the Chief Executive Officer within the Companies involved, assigning them responsibility for systematically reporting to their respective governing bodies on the status of the internal controls system on Financial Reporting, along with any improvement action plan;
sharing a data repository in order to facilitate consolidation of risk and control values within the Group and support take-up of a common language and approach for describing, assessing, testing and monitoring internal control system adequacy.

Moreover, the Global Policy envisages for the involvement of Holding Company governing bodies; in particular, the Manager in charge of preparing the company's financial reports provides:

to the Board of Directors and the Audit Committee, a report regarding the internal control system on Financial Reporting on the occasion of the presentation of the UniCredit S.p.A. financial statements, the consolidated financial statements and the consolidated half-year financial report;
to the Audit Committee and to the Group Non-Financial Risks and Controls Committee a summary on the results of the analysis of the internal control system on Financial Reporting of the relevant Companies, on the occasion of the UniCredit S.p.A. financial statements, the consolidated financial statements and the consolidated half-year financial report;
to the Audit Committee and to the Group Non-Financial Risks and Controls Committee, an update on the status of any remediation actions on internal control system on Financial Reporting of the relevant Companies, on the occasion of the first and the third quarter consolidated interim reports.

9.3 Sustainability reporting process

Starting from the sustainability reporting relating to December 2024, the relevant internal control system has been defined and implemented with the aim of guaranteeing the integrity, completeness, reliability and accuracy of the sustainability data and information subject to external disclosure, also with a view to compliance with the requirements established by law.

The framework of the internal control system on sustainability was defined by reflecting the existing framework on financial reporting adopted by the Parent Company, described in the previous paragraph, and adapting it to the characteristics of ESG reporting. This approach therefore involves the application of a common methodological framework, based on the use of a coherent and centrally developed internal control system model inspired by the internationally recognized standard issued by the "Committee of Sponsoring Organization of Treadway Commission" (CoSO) and updated in March 2023 introducing the so-called "Internal Control over sustainability reporting" which recalls the "Internal Control - Integrated Framework" referring to financial reporting.

In this context, in compliance with the provisions of Section 154-bis of the Legislative Decree no. 58/1998, paragraph 5-ter, the delegated management bodies and the manager in charge of preparing the corporate accounting documents (or other manager with specific skills in the field of sustainability reporting) certify, with a specific report, that the Sustainability Statements included in the Consolidated Report on Operations has been drawn up in compliance with the reporting standards applied pursuant to Directive 2013/24/EU of the European Parliament and of the Council, of June 26, 2013, and of the legislative decree adopted in implementation of Section 13 of law 21 no. dated February 15, 2024, and with the specifications adopted pursuant to Section 8(4) of Regulation (EU) no. 2020/852 of the European Parliament and of the Council of June 18, 2020.

In UniCredit, a Sustainability Reporting manager within the Group ESG structure, Mr. Giuseppe Zammarchi, has been designated for the issuing of the above mentioned certification with reference to the 2024 financial year.

9.4 Coordination procedures among parties involved in the internal controls and risks management system

According to Banca d'Italia provisions, the UniCredit S.p.A. "Document of corporate bodies and control functions" is drafted to define the control bodies' and functions' tasks and responsibilities, information flows among different functions/bodies and between the latter and corporate bodies, and coordination and cooperation procedures to implement when sectors to be controlled have potentially overlapping areas or allow the development of synergies.

The UniCredit means of cooperation and coordination among its control functions range from mutual information flow exchange to the attendance at managerial committee meetings focused on control-related topics.

In addition, interactions between second and third level corporate control functions are part of what is overall a steady and active cooperation framework, for the most part formalised via specific internal regulations, and performed through the functions of:

participation in defining and/or updating internal regulations on risk and control-related matters;
mutual exchange of information flows, documents or data, e.g. relating to planning controls and monitoring the results thereof, and control functions access to any internal resource or corporate information in line with their specific control-related needs;
attendance at Board Committee and managerial Committee meetings (systematically or on demand), if provided;
attendance on an ad hoc basis at Work Groups set up from time to time on risk and control topics.

Enhanced interaction among control functions and the provision of constant activity updates to corporate bodies have the ultimate goal of building a corporate governance environment that, over time, is able to safeguard sound corporate management also through the more efficient supervision of risks at all levels of the Company.

9.5 Group governance mechanisms

An effective internal controls system is also based on appropriate governance mechanisms through which UniCredit, as a Holding Company, conducts its management and coordination of Group Companies, in accordance with the law and regulations in force²⁰ .

In particular, UniCredit acts through:

indicating "representatives" at corporate bodies (Board of Directors members at companies with a traditional system, or Supervisory Board members) and at key management positions within Group companies;
a management/functional system ("Group Managerial Golden Rules") that defines mechanisms for coordinating Group management, assigning specific responsibilities and powers to the Heads of UniCredit functions for corresponding functions at the Group Companies as described below;
the definition, enactment and monitoring of Group rules take-up (the "Global Rules") by companies;
disseminating best practice, methods, procedures and developing IT systems to standardise operating procedures within the Group and achieve the most effective risk management and wider operational efficiency²¹ .

Group's managerial and functional system cuts across existing corporate structures. One example is the Competence Lines, which create a strong functional link between the Holding Company's structures and corresponding structures at companies, complying with the responsibilities assigned by local law and regulations to members of corporate bodies and employees, as well as the hierarchical relationships within each company.

Based on the above managerial and functional system, Heads of Competence Lines (and Heads of business/service functions in their respective areas of expertise) have specific powers in relation to budget issues, defining policies and guidelines/competence models and to ensure monitoring of Global Rules implementation by the Group Companies.

²⁰ Specifically, Section 61 of the TUB and the Supervisory Regulations for banks issued by Banca d'Italia.

²¹ Preserving, where needed, local specificities/best practices

In accordance with the Group Managerial Golden Rules guidelines, UniCredit issues Global Rules to regulate, among others, relevant activities for the purposes of compliance with law and/or risk management to foster Group stability and ensure a unique approach to corporate planning and overall efficiency.

9.6 Organisation Model as per Legislative Decree no. 231/2001

To ensure the adequacy and effectiveness of the "Organization and Management Model pursuant to Legislative Decree no. 231/2001" of UniCredit S.p.A. (hereinafter the "Model 231/2001") its continuous update is carried out also monitoring the organizational changes and the internal and external regulations, both by integrating and modifying the parts that constitute it.

In particular, on June 26, 2024, the UniCredit Board of Directors approved an updated version of the Model 231/2001, following the positive evaluation of the Supervisory Body (meeting held on June 10, 2024) in order to: (i) reflect the new governance of the Bank in relation to the attribution of the role of Supervisory Body 231 to the Audit Committee; (ii) introduce the new offences relating to the pre-tender phase in public tenders («Disturbed freedom of enchantment», and «Disturbed freedom to choose a contractor») and the transfer of values («Fraudulent transfer of values») in implementation of the Law no. 137/2023; (iii) update the Model in line with the results of audit interventions and of checks on Protocols carried out by a dedicated team within Compliance function.

At the Report's approval date, the Model 231/2001 consists of:

a General Section: composed of seven chapters, describing the purpose and perimeter of the Model 231/2001, the regulatory framework, the Supervisory Body, the disciplinary system, staff information and training, and keeping the Model 231/2001 up to date. The following documents are attached to the General Section of the Model 231/2001:
- a "List of predicate offences and illegal conduct", containing a description of crimes and offences referred to under Legislative Decree 231/2001 and regarding banking activity in general;
- the "Code of Ethics pursuant to Legislative Decree no. 231/2001" that contains the rules with which all Model recipients must comply in order to ensure that their conduct is always guided by the criteria of fairness, collaboration, loyalty, transparency and mutual respect, as well as to avoid conduct that may constitute a crime or an offence pursuant to the Italian Legislative Decree no. 231/2001;
a Special Section, the "Decision Protocols", containing principles of conduct and control to be complied with in performing "activities at risk", that is to say activities where the risk of committing a crime was signalled.

Furthermore, to supplement the Model 231/2001, the "Information Note" mentions the main internal regulation governing the at-risk activities described in all Decision Protocols.

The Model 231/2001's principles and contents are addressed to members of the corporate bodies, to all UniCredit employees, including those seconded, and to external subjects who, although not being part of UniCredit pursuant to contract relationships, within the scope of existing relationships take part in carrying out the Bank's activities.

The Model 231/2001 recipients are therefore required to abide by the principles contained in the Model 231/2001 and to report to the Supervisory Body any breaches of rules in the Model 231/2001 or relating to criminal activities.

9.7 Whistleblowing

In July 2015, during an update to its Supervisory Regulations for banks (Circular no. 285/2013), Banca d'Italia established specific requirements on whistleblowing by employees on illegal actions or breaches of the applicable provisions and internal processes, some of which are additional to those currently implemented at UniCredit.

These additional requirements (among which there is the identification of a Head of the whistleblowing system, an obligation to inform the whistle-blowers and reported persons about developments of any investigation set up following the whistleblowing, and formalisation of the investigation time frame) have been set out and the whole whistleblowing system was submitted to the Board of Directors for its approval.

Supervisory regulations also require banks to prepare an annual report on the proper functioning of internal systems for reporting violations, which contains "aggregate information on the results of the activities carried out as a result of the reports received".

On November 26, 2019, Directive (EU) no. 2019/1937 on the protection of persons who report violations of the law in the European Union was published and all Member States were required to transpose it, including Italy, which on March 10, 2023, issued the Legislative Decree no. 24/2023 transposing the above-mentioned Directive.

The main innovations concerned:

the subjective scope of application, extended also to persons whose employment relationship has not yet started (selection or pre-contractual stages) or who are in a testing period, as well as to former employees;
the extension of the protection measures against acts of retaliation and their application to other subjects;
the conditions for internal and external reporting;
action on the organisational and management models of entities pursuant to the Legislative Decree no. 231/2001.

UniCredit's internal whistleblowing process complies with the requirements of the laws in force and ensures that whistleblowers do not fear being penalised, guaranteeing confidentiality, privacy protection, maximum confidentiality and protection from any form of retaliation, direct or indirect, connected to the report.

Information on the conduct that can be reported and the procedures to be followed, including the channels that can be used, are also available on UniCredit's website.

9.8 Auditing firm

Having heard the proposal of the corporate body charged with control functions, for financial years 2022-2030, the UniCredit Shareholders' Meeting held on April 9, 2020, resolved to appoint the audit firm KPMG S.p.A. for statutory accounting supervision of the UniCredit separate and consolidated financial statements and a limited review of brief interim consolidated financial statements, pursuant to Section 13, sub-section 1, and Section 17 of Legislative Decree no. 39/2010. In addition, the firm was commissioned to check that the Company's accounting records are properly maintained and that its operations are correctly reflected in the accounting records.

The External Auditing firm's report expresses its opinion on the consistency of the report on operations and of specific information included in the report on corporate governance and ownership structure with the financial statements, as well as their compliance with legal provisions pursuant to Section 14, sub-section 2, letter e), of Legislative Decree no. 39/2010 (as last amended by Legislative Decree no. 135/2016) and Section 123-bis, subsection 4, of Legislative Decree no. 58/1998.

Under a separate engagement, KPMG S.p.A. also issued the auditor's attestation on the compliance of the sustainability reporting, included in an ad hoc section of the Report on Operations of the consolidated financial statements, as set forth by Section 154-bis, subsections 5-ter, of the Legislative Decree no. 58/1998.

10. Handling of corporate information

The Board and Board Committees Regulation designates the body with supervisory functions to define procedures for internal management and the public disclosure of documents and information concerning the Company, including inside information.

In particular, in June 2018 the Bank adopted a dedicated procedure to evaluate, manage and disclose insider information to the market. This procedure was reviewed at first in February 2022 and afterwards in December 2023.

In detail, the process envisages the following activities:

a) the assessment of the potential/relevant inside nature of the specific information. The analysis can be conducted with Group Compliance in case the preliminary assessment is not conclusive. The Group Financial Officer is consulted for his/her assessment of materiality based on the economic impact of the potential event.

Moreover, any employee who believes that he/she is in possession of specific relevant information regarding the UniCredit Group, the disclosure of which could affect the price of UniCredit S.p.A. shares or other financial instruments issued by UniCredit, is required to promptly report this to Group Compliance;

b) the adoption of appropriate and effective measures to ensure the confidentiality of relevant/inside information, as long as it has not been disclosed to the public.

To this end, once the potential price sensitivity has been assessed, a specific Relevant Information List pursuant to CONSOB Guidelines is entered and maintained using dedicated IT tools.

c) monitoring the evolution of the specific relevant information. In particular, the function owner of the information is responsible for the final evaluation on the Information having gained inside nature. Once inside information is flagged, the function owner of the information triggers the process for preparing a draft press release informing Group Media Relations, which will subsequently take over drafting and public disclosure;
d) alternatively, after a preliminary evaluation of the existence of regulatory requirements, a decision to delay disclosure of inside information to the public may be taken. This decision is adopted by a specific working group, whose members are the Head of Group Strategy & ESG, the Head of Group Stakeholder Engagement, the Group Compliance Officer, the Group Legal Officer and the Group Financial Officer. In such cases, an insider list is timely opened in order to properly monitor circulation of the information and ensure its confidentiality. Once the conditions for delaying communication of such information to the public cease to exist, the above-mentioned process is activated for preparing the draft press release and formally informing CONSOB of the delay to the public disclosure of inside information in accordance with provisions of law;
e) the assignment to Group Media Relations the responsibility of publishing the press release to the market through the "S.D.I.R.-N.I.S." system, to Borsa Italiana and CONSOB. Press agencies will have access to the system directly.

Under the procedure, it is envisaged that if the press release relates to an event of major importance, supported by Group Compliance, the Head of Group Media Relations announces to CONSOB and Borsa Italiana its submission in advance.

Press releases are published on the Company's website during market opening time on the day after their disclosure.

Press releases are available on the UniCredit website for at least five years after disclosure.

Since UniCredit is listed also on the Frankfurt and Warsaw Stock Exchanges, in order to ensure harmonised information, public disclosure of inside information is made according to procedure in a synchronised manner to all categories of investors and in all Member States where UniCredit shares are traded;

f) a specific escalation process to UniCredit for Group companies with respect to this information which directly regards these companies but may also have an impact on the price of financial instruments issued by UniCredit. Rules are provided for such cases to evaluate and manage possible inside information.

All Directors are duty-bound to maintain the confidentiality of documents and information obtained while performing their duties and to comply with the procedures UniCredit has adopted for its internal management and external disclosure of such documents and information.

In particular, to monitor and ensure correct internal management of documentation sent to Board members prior to Board meetings, it is specifically envisaged that they acquire such documentation exclusively via an IT platform protected by two-level access keys.

This procedure ensures not only greater speed in sharing documents and information, as well as faster delivery and traceability of individuals who have access to them, but also confidential document delivery via a system of personal, protected passwords given to each Director.

11. Relations with shareholders and other relevant stakeholders

In order to foster dialogue with institutional and private investors, analysts and rating agencies, as well as to maintain a constant flow of market-related information, UniCredit has specialised, readily-recognisable, easy-toaccess sections on its website (Governance and Investors sections) where it provides information on its governance structure and on the Company's internal organisation in order to ensure that Shareholders stay informed as they exercise their rights. The site also offers economic/financial information on the Company and other up-to-date Company relevant materials of interest to Shareholders as a whole.

All documents and information are available in both Italian and English.

Also, in line with the Italian Corporate Governance Code provisions, ad hoc structures were set up to handle relations with Shareholders in general and with investors, in particular, in compliance with provisions, also of internal kind, on corporate information. In detail:

within Group Stakeholder Engagement, Group Investor Relations is in charge of managing dialogue with institutional investors, whether or not they are Shareholders and in general with financial analysts, rating agencies and, supporting other structures, proxy advisors, providing the market with timely, transparent and accurate information with the aim of supporting a fair valuation of the Group;
within Group Legal, Group Corporate Affairs & Shareholding is in charge of overseeing and managing relations with Italian and foreign private (i.e. non-institutional, including foundations) Shareholders and managing their requests.

The following dedicated channels are available:

a dedicated e-mail address ([email protected]) for institutional investors;
a toll-free number, 800 307 307 (only for calls within Italy); dedicated e-mail ([email protected]) for noninstitutional Shareholders.

The Head of Group Investors Relations is Ms. Magdalena Palczynska.

Shareholders may also communicate with the Company via its website, albeit not in real time.

For specific matters related to corporate governance-related topics, remuneration policies and ESG (Environmental, Social & Governance) matters, Group Investor Relations has involved and coordinated itself with Group Corporate Affairs & Shareholding, Group People & Culture and Group Strategy & ESG departments to strengthen long-term constructive dialogue with institutional investors and their proxy advisors on such matters. In particular, in agreement with the Remuneration Committee, within the Group People & Culture department, the Group Reward structure, is in charge of managing the dialogue with investors on remuneration-related matters, enabling an exchange on mutual expectations and needs when drawing up remuneration policies. For information on the annual dialogue process with institutional investors and proxy advisors managed by the Group People & Culture department, please refer to the Group Remuneration Policy and Report.

Furthermore, it should be noted that during the course of 2024, the Group Corporate Affairs & Shareholding structure also kept up a calendar of contacts with institutional investors and their proxy advisors oriented towards long-lasting and constructive dialogue on corporate governance-related topics as well as on composition and functioning of the Board of Directors. In the same year, the Group Strategy & ESG department was involved in meeting with institutional investors aimed at discussing sustainability issues and, more specifically, Group ESG strategy, its

integration into the Bank overall strategy and the definition of the path towards carbon neutrality (NET Zero) by 2050.

* * *

In regard of the engagement, since March 2019 the Board of Directors adopted a specific internal policy to govern any possible request for meetings and/or for information addressed to Board of Directors' non-executive member by UniCredit Shareholders, both institutional or non-, and/or any related proxy advisor, given the growing number of requests from institutional investors who hold stakes in Italian listed companies and seek direct contact not only with company offices in charge of managing such issues, but also with the Board of Directors and, more specifically, with the Chairs of Board Committees.

More specifically, according to the above internal policy, dialogues with Shareholders and/or any related proxy advisor are held by (i) the Chair of the Board of Directors, in agreement with the Chief Executive Officer, if related to strategic corporate governance topics or to the functioning of the Board of Directors; (ii) the Chief Executive Officer, in agreement with the Chair of the Board, if related to strategic business topics or to the bank's management.

Each Chair of the Committees may directly maintain the meetings only for specific requests falling under the Board Committee's competencies, and on previous agreement with the Chair of the Board. In such cases, the Chairs of the Board Committees report to the Chair of the Board of Directors and to the Chief Executive Officer on any discussed topic and on the meetings' outcomes. Also the Board of Directors will be informed at its first available meeting.

Dialogues occurs in full compliance with the applicable laws, such as, for example, the rules on the inside information, in observance of any constraints resulting, in particular, from the market abuse regulation and the principle dealing with the Shareholders' equal treatment (on an information basis).

In 2024, the Chair and the Chief Executive Officer informed the Board of Directors, during its first available meeting, on the key points of the Shareholders' engagement and related updates.

The engagement policy of UniCredit is available on the Company's website in the Governance/Corporate Bodies section²² .

²² UniCredit website address where the engagement policy (annex C of the Board and Board Committees Regulation) is available is: http://www.unicreditgroup.eu/en/governance/governance-bodies.html

Annex 1 - Positions held by UniCredit Directors at other listed companies or large companies

DIRECTORS	POSITIONS HELD
Pietro Carlo Padoan Chair		--	--

Elena Carletti Deputy Vice Chair		--	--

Andrea Orcel Chief Executive Officer	Director of EIS Group Ltd.		NO
	Chair of the Supervisory Board of UniCredit Bank GmbH	YES

Paola Bergamaschi Director	Member of the Board of Directors of AIG Inc.		NO

Paola Camagni	Member of the Board of Directors of Telecom Italia (TIM) S.p.A.		NO
Director and member of the Audit Committee	Member of the Board of Directors of FSI SGR S.p.A.		NO
	Chair of the Board of Statutory Auditors of AGI- Agenzia Giornalistica Italia S.p.A.		NO

Vincenzo Cariello Director	Member of the Board of Directors of A2A S.p.A.		NO

António Domingues Director	Member of the Board of Directors of Banco CTT		NO
	Member of the Board of Directors of Haitong Investment Bank S.A.		NO

Julie Birgitte Galbo Director and member of the	Chair of the Board of Directors of Gro Capital		NO
Audit Committee	Member of the Board of Directors of Commonwealth Bank of Australia		NO
	Chair of the Board of Directors of Trifork AG		NO

Jeffrey Alan Hedberg Director		--	--

Beatriz Ángela Lara	Sole Director of the AHAOW Moment S.L.		NO
Bartolomé Director	Member of the Board of Directors of FINCOMUN Mexico		NO

DIRECTORS	POSITIONS HELD	Company belonging to the UniCredit Group
Maria Pierdicchi Director	Member of the Board of Directors of Aidexa Holding	NO
	Member of the Board of Directors of Eccellenze d'Impresa S.r.l.	NO

Marco Giuseppe Maria Rigotti Director and Chair of the Audit Committee	Chair of the Board of Directors of Alisarda S.p.A.	NO

Francesca Tondi Director		-- --

Gabriele Villa Director and member of the	Statutory Auditor of Edison S.p.A.	NO
Audit Committee	Statutory Auditor of Italmobiliare S.p.A.	NO
	Statutory Auditor of TdE – Transalpina di Energia S.p.A.	NO

Annex 2 - Delegation of powers

Without prejudice to the authorities assigned to the Board of Directors by laws and the Articles of Association, the Board has granted the Chief Executive Officer the following powers, within pre-defined limits and also with the faculty to further sub-delegate, across all sectors of the Bank's business:

credit activities;
equity capital market transactions with an underwriting risk;
appointment of corporate officers in the governing bodies of companies (including non-participated companies), entities and other bodies as well as assignment of related remuneration;
management of shareholdings, concerning in particular (i) transactions on shareholdings already held or to be acquired; (ii) instructions for the exercise of voting rights at the Shareholders' Meetings (both ordinary and extraordinary) of its directly participated companies (control/joint control or non-controlled shareholdings); (iii) entering into and/or amending or terminating Shareholders' agreements related to (direct and indirect) controlling or non-controlling shareholdings;
funds transactions of any kind, regardless of whether they belong to the Group;
short and medium/long term liquidity management activities for UniCredit and the Group;
management of Banking and Trading Book positions, not attributable to debt capital market activities on the Trading Book and to equity capital markets transactions;
activities connected to the marketing of products and services, including of third parties, and to the identification of conditions;
powers to authorise expenses and investments for Bank management, within the limits set by the annual Boardapproved strategies and cost estimate;
powers concerning the staff management, in compliance with the collective responsibility principle during the set-up phase;
definition of and amendments to organisational structures and the organisational book, without prejudice to the Board's remit for (i) changing the powers and responsibilities of structures/roles belonging to the first reporting line to the Board itself and to the Chief Executive Officer; and (ii) setting up/amending/cancelling Managerial Committees where the Chief Executive Officer is an ordinary member that modify mission, members and quorum;
decision-making powers on matters pertaining to "restructuring" or "non-performing exposures";
decision-making powers on matters pertaining to expected losses and waivers due to capital and/or capitalised interests, disbursements and settlement offers, arising from proceedings of any nature (including administrative and tax), either on the active or passive side, judicial or extrajudicial (including mediation/conciliation proceedings), incidents or customer complaints;
selling/disposal and management of the Bank's real-estate and movable assets;
decision-making powers with regard to activities related to debt capital markets on the trading book, for the definition of limits to be assigned for each counterpart (single issuer/economic group), in reason of counterparty credit standing and the transaction's characteristics;
deciding the limits for overall individual issuer exposure on the trading book (single counterparty/economic group), regardless of the type of instruments on the trading book, based on the creditworthiness of the counterparty and transaction's characteristics;
recordings in profit and loss account for the settlement of outstanding items and operating errors;
transactions related to firms, going concerns and/or "en-bloc" legal relationships.

* * *

In order to ensure proper management of and effective control on these delegated powers, the Chief Executive Officer has provided the Board of Directors, according to the ways established by the Board itself, with adequate information flows specifically highlighting any relevant associated risk.

UniCredit S.p.A. Joint stock company - Registered Office and Head Office: Piazza Gae Aulenti, 3 Tower A, 20154 Milan, Italy - Registered in the Register of Banking Groups and Parent Company of the UniCredit Group, with code 02008.1; ABI code 02008.1 - Fiscal Code, VAT number and Registration number with the Company Register of Milan-Monza-Brianza-Lodi: 00348170101 - Member of the National Interbank Deposit Guarantee Fund and the National Compensation Fund - Stamp duty paid virtually, if due - Auth. Agenzia delle Entrate, Ufficio di Roma 1, no. 143106/07 of 21.12.2007.

AI assistant

Unicredit — Governance Information 2025

4272_cgr_2025-02-25_83eec6a2-1f0a-4207-ab8c-92e0a4307664.pdf

Setting the benchmark for excellence

Index

Glossary

1. Issuer profile

Foreword

The Italian Corporate Governance Code

The Report on corporate governance and ownership structure

Profile and structure

Shareholder structure

Corporate governance model

Shareholders' Meeting

Board of Directors

Composition and diversity

Appointment process

Qualitative and quantitative composition

Requirements

Chief Executive Officer

Audit Committee

Composition and diversity

Members appointed by minorities

Requirements

Other Board Committees

Diversity Policies

Training, professional experience, age

Gender in UniCredit

2. Information on the ownership structure

2.1 Share capital structure

Rights and obligations

Other financial instruments granting the right to subscribe new shares

2.2 Restrictions on stock transfers

2.3 Relevant equity holdings

2.4 Restrictions on voting rights

2.5 Changes to control clauses and by-laws provisions on public purchase offers

2.6 Delegation of power to increase share capital and authorisations to purchase own shares

3. Shareholders' Meetings

Legitimation, how to attend and voting rights

Shareholders' Meetings conduct

4. Board of Directors

4.1 Appointment and replacement

Succession plans

Process

Content

4.2 Composition

Directors' birth year and seniority in office since their first appointment date

Core competencies

* * *

Time commitment and number of offices

Board of Directors

Audit Committee (included the 231 Supervisory Body)

Governance and Sustainability Committee

Risk Committee

Nomination Committee

Remuneration Committee

Related-Parties Committee

Induction initiatives and recurring training

4.3 Board of Directors' role

Meetings and functioning

Duties

The role played by the Chair of the Board of Directors

Self-assessment

Competitive business

4.4 Executive Directors

Chief Executive Officers

Chair of the Board of Directors

Other executive Directors

Reporting to the Board

4.5 Independent Directors

In detail:

"Independent" Directors pursuant to the criteria envisaged under Section 2, recommendation 7, of the Code:

"Independent" Directors pursuant to the criteria envisaged under Section 2, recommendations 7 and 9, of the Code:

Independent Directors' meeting

4.6 Lead Independent Director

5. Audit Committee

Appointment and composition

NOTE

Roles and Responsibilities

Functioning

Unicredit Governance Information 2025

*** * ***