REPORT ON THE CORPORATE GOVERNANCE AND ......4. BOARD OF DIRECTORS 4.1 Role of the Board of Directors (pursuant to Art. 123-bis, paragraph 2, letter d) of the Consolidated Finance

1 Report on corporate governance and the ownership structure

This is an English courtesy translation of the original documentation prepared in Italian language. Please consider that only the original version in Italian language has legal value.

REPORT ON THE CORPORATE GOVERNANCE

AND OWNERSHIP STRUCTURE OF UBI BANCA S.p.A.

in accordance with Art.123-bis of the

Consolidated Finance Act Website: www.ubibanca.it Financial year: 2019 Date: 28th February 2020

http://www.ubibanca.it/


Unione di Banche Italiane Società per azioni abbreviated to UBI Banca Spa Head Office and General Management: Piazza Vittorio Veneto 8, Bergamo (Italy)

Operating offices: Bergamo, Brescia and Milan

Member of the Interbank Deposit Protection Fund and the National Guarantee Fund

A member of the UBI VAT Group with VAT No. 04334690163

Tax Identification Number and Bergamo Company Registration No. 03053920165

ABI (Italian Banking Association) 3111.2 Register of Banks No. 5678 Register of Banking Groups No. 3111.2

Parent of the Unione di Banche Italiane Banking Group

Certified email address (P.E.C.): [email protected]

www.ubibanca.it



CONTENTS GLOSSARY INTRODUCTION 1. PROFILE OF THE ISSUER

- Developments in governance - Social and environmental responsibility.

2. INFORMATION ON THE OWNERSHIP STRUCTURE as at 28th February 2020 (pursuant to Art. 123-bis, paragraph 1 of the Consolidated Finance Law) a) Structure of the share capital (pursuant to Art. 123 bis, paragraph 1, letter a) of the

Consolidated Finance Law) b) Restrictions on transfer of securities (pursuant to Art. 123 - bis, paragraph 1, letter b) of the

Consolidated Finance Law) c) Significant investments in share capital (pursuant to Art. 123-bis, paragraph 1, letter c) of the

Consolidated Finance Law) d) Instruments which grant special rights (pursuant to Art. 123-bis, paragraph 1, letter d) of the

Consolidated Finance Law) e) Shareholding by employees: exercise of voting rights (pursuant to Art. 123-bis, paragraph 1,

letter e) of the Consolidated Finance Law) f) Restrictions on voting rights (pursuant to Art. 123-bis, paragraph 1, letter f) of the

Consolidated Finance Law) g) Shareholders’ agreements known to UBI Banca in accordance with Art. 122 of the

Consolidated Finance Law (pursuant to Art. 123 bis paragraph 1, letter g) of the Consolidated Finance Law)

h) Change of control clauses (pursuant to Art. 123-bis, paragraph 1, letter h) of the Consolidated Finance Law) and provisions of the articles of association concerning public tender offers to purchase (pursuant to Art. 104, paragraphs 1-ter and 104-bis, paragraph 1 of the same law)

i) Powers to increase the share capital and authorisations to purchase treasury shares (pursuant to Art. 123-bis, paragraph 1, letter m) of the Consolidated Finance Law)

l) Management and co-ordination (pursuant to Art. 2497 et seq of the Italian Civil Code)

3. COMPLIANCE (pursuant to Art. 123-bis , paragraph 2, letter a) of the Consolidated Finance

Law)

4. BOARD OF DIRECTORS 4.1 Role of the Board of Directors (pursuant to Art. 123-bis, paragraph 2, letter d) of the

Consolidated Finance Law) 4.2 Appointment and replacement (pursuant to Art. 123-bis, paragraph 1, letter l) of the

Consolidated Finance Law) 4.3 Composition of the Board of Directors (pursuant to Art. 123-bis, paragraph 2, letters d) and

d-bis) of the Consolidated Finance Law) - Chairwoman - Chief Executive Officer - Requirements of Independence: Independent Directors - Suitability requirements for the position


- Diversity in the composition of the Board of Directors - Self-assessment - Induction Programme

4.4 Functioning of the Board of Directors (pursuant to Art. 123-bis, paragraph 2, letter d) of the Consolidated Finance Law)

5. MANAGEMENT CONTROL COMMITTEE 5.1 Role of the Management Control Committee (pursuant to Art. 123-bis, paragraph 2, letter d)

of the Consolidated Finance Law) 5.2 Appointment and replacement (pursuant to Art. 123-bis, paragraph 1, letter l) of the

Consolidated Finance Law) 5.3 Composition of the Manage Control Committee (pursuant to Art. 123-bis, paragraph 2, letters

d) and d-bis of the Consolidated Finance Law) - Suitability requirements for the position - Diversity in the composition of the Management Control Committee - Self-assessment

5.4 Functioning of the Management Control Committee (pursuant to Art. 123-bis, paragraph 2, letter d) of the Consolidated Finance Law)

6. INTERNAL COMMITTEES OF THE BOARD OF DIRECTORS (pursuant to Art. 123-bis, paragraph 2, letter d), of the Consolidated Finance Law): - APPOINTMENTS COMMITTEE - REMUNERATION COMMITTEE - RISK COMMITTEE - RELATED PARTIES AND CONNECTED PERSONS COMMITTEE

7. REMUNERATION AND SUCCESSION PLANNING Indemnities for Directors in the event of resignation, dismissal or termination of contract following

a public tender offer to purchase (pursuant to Art. 123 - bis , paragraph 1, letter i) of the Consolidated Finance Law)

8. TWO-TIER GOVERNANCE BODIES (until 12th April 2019) 8.1 Introduction and reference to the 2019 Report 8.2 The Supervisory Board

- Composition and working methods - Internal Committees

8.3 The Management Board - Composition and working methods

8.4 The Board of Arbitrators

9. GENERAL MANAGEMENT

10. OPERATIONAL STRUCTURE Structure, governance areas, managerial committees

11. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM 11.1 Executive Director with responsibility for the internal control and risk management system 11.2 Chief of the Internal Audit Function


11.3 Model of Organisation, Management and Control pursuant to Legislative Decree No. 231/2001

11.4 Independent Auditors 11.5 Senior officer responsible for the preparation of corporate accounting documents 11.6 Co-ordination between those involved in the internal control and risk management system

12. TRANSACTIONS WITH RELATED PARTIES, CONNECTED PERSONS AND OTHER SIGNIFICANT

PARTIES WITH A POTENTIAL CONFLICT OF INTEREST - INTERESTS OF BOARD MEMBERS AND MANAGEMENT OF PERSONAL TRANSACTIONS

13. HANDLING OF CORPORATE INFORMATION

14. RELATIONS WITH SHAREHOLDERS

15. SHAREHOLDERS’ MEETINGS (pursuant to Art. 123-bis, paragraph 2, letter c) of the Consolidated Finance Law)

16. ADDITIONAL CORPORATE GOVERNANCE PRACTICES

(pursuant to Art. 123-bis, paragraph 2, letter a) of the Consolidated Finance Law)

17. CHANGES OCCURRING SINCE THE END OF THE YEAR

18. CONSIDERATIONS ON THE LETTER OF 19th December 2019 from the CHAIRMAN OF THE CORPORATE GOVERNANCE COMMITTEE

ATTACHMENT A: Positions held by members of the board of directors of UBI Banca ATTACHMENT B: Main characteristics of the risk management and internal control systems in relation to the financial reporting process pursuant to Art. 123-bis, paragraph 2, letter b) of the Consolidated Finance Law ATTACHMENT C: Table of reconciliation between the information required by supervisory regulations and the contents of the Report on Corporate Covenants and Ownership Structure. SUMMARY TABLES: Table 1 Information on the ownership structure Table 2 Structure of the Board of Directors, the Management Control Committee and other

committees (from 12/04/2019) Table 3 Structure of the Supervisory Board, of the committees and of the Management (until

12/04/2019) Table 4 Composition of governing bodies – diversity indicators

ATTACHMENT Table 1: Check List Table No. 2 “Art. 123-bis - Report on corporate governance and the ownership structure”


GLOSSARY Code/Corporate Governance Code: the Corporate Governance Code for listed companies approved in July 2018 by the Corporate Governance Committee and promoted by Borsa Italiana S.p.A., ABI (the Italian Banking Association), Ania (national insurance association), Assogestioni (national association of asset management companies), Assonime (association of joint stock companies) and Confindustria (Confederation of Italian Industry). Civil Code/C.C.: the Italian Civil Code. Board: the Board of Directors Regulations concerning risk assets and conflicts of interest with connected parties: Bank of Italy Circular No. 263 of 27th December 2006 - 9th amendment of 12th December 2011. Supervisory Regulations: the regulations issued by the Bank of Italy in carrying out its regulatory functions, addressed to banks and banking groups, contained in Circular No. 285 of 17th December 2013. Issuer/Company/Bank/UBI Banca: Unione di Banche Italiane Società per azioni. Financial year: the financial year to which this report relates. Consob Issuers’ Regulations/Issuers’ Regulations: the regulations for issuers issued by the Consob (Commissione Nazionale per le Società e la Borsa - Italian securities market authority) with Resolution No. 11971 of 1999 (as subsequently amended). Consob Markets Regulations: the regulations for markets issued by the Consob (Italian securities market authority) with Resolution No. 20249 of 2017 (as subsequently amended). Consob related-party regulations: the regulations issued by the Consob with Resolution No. 17221 of 12th March 2010 (as subsequently amended) concerning transactions with related parties. Report: Report on corporate governance and the ownership structure pursuant to Art. 123-bis of the Consolidated Finance Law. Report on remuneration policies and wages/Report on Remuneration: the report prepared in accordance with Art. 123-ter of the Consolidated Finance Law and subsequent implementation provisions and also pursuant to Bank of Italy Supervisory Regulations is available in accordance with the law at the registered address of the Bank, on the website of the Issuer (www.ubibanca.it) and on the registered storage facility named “1info” (www.1info.it). Consolidated Finance Law: Legislative Decree No. 58 of 24th February 1998, as subsequently amended. Consolidated Banking Law: Legislative Decree No. 385 of 1st September 1993, as subsequently amended.


INTRODUCTION

This report - which is available on the Bank’s website (www.ubibanca.it, Corporate Governance section) and on the registered storage facility named “1info” (www.1info.it) - has been prepared in accordance with Art. 123-bis of the Consolidated Finance Law and is also intended to fulfil the public disclosure obligations for banks relating to organisational structure and corporate governance pursuant to the supervisory regulations concerning corporate governance (Bank of Italy Circular No. 285 of 17th December 2013 - Title IV, Chapter 1, Section VII) - (Attachment C - Compliance table).

It should be noted that all the information given in this report refers to the Articles of Association in force at the reporting date and that they refer, unless specified otherwise, to 28th February 2020, the date of the approval of this Report by the Board of Directors.

The Report has been audited by Deloitte & Touche for the purpose of the verification and opinion of compliance pursuant to the aforementioned Art.123-bis of the Consolidated Finance Law. The results of the work performed by the independent auditors are given in opinions formulated by them pursuant to Art. 14 of Legislative Decree No. 39/2010, attached to the annual consolidated and separate company financial statements for 2019.

* * *



1) PROFILE OF THE ISSUER Before discussing the content of this Report, we note that on 17th February 2020 Intesa Sanpaolo S.p.A. announced a voluntary public exchange offer for all ordinary shares of Unione di Banche Italiane S.p.A.

* * * The Bank is listed on the Mercato Telematico Azionario (electronic stock exchange) organised and managed by Borsa Italiana S.p.a. The purpose of this report is to provide shareholders and the market with an analysis of the system of corporate governance adopted by the Bank, which is based on the measures and principles contained: in the regulations governing listed issuers set out in the Consolidated Finance Law and in the

related rules to implement them adopted by the Consob (Italian securities market authority); in the banking regulations contained in the Consolidated Banking Law and its implementing

measures; in the Corporate Governance Code. Developments in Governance On 1st April 2007, on the conclusion of operations for the merger of Banca Lombarda e Piemontese S.p.A. into what was then Banche Popolari Unite S.c.p.A. (and the change of name of the latter at the same time to “Unione di Banche Italiane S.c.p.A.”), the Bank adopted a two-tier system of management and control based on (i) a Supervisory Board, responsible for policy-making, strategic supervision and control and (ii) a Management Board, responsible for management. This system of management and supervision was considered the best suited to its nature as a “popular” bank and the overall governance requirements of the UBI Banca Group, in order to enable the Supervisory Board to provide increased protection and representation for registered and unregistered shareholders. Over recent years the Bank has gone through an important phase of major changes in relation to its corporate structure. More specifically, UBI Banca has: - adopted its current legal form as an ordinary joint-stock company following a resolution for its

transformation from a Joint stock co-operative company passed by an Extraordinary Shareholders’ Meeting held on 10th October 2015 in accordance with Law No. 33 of 24th March 2015.

- merged, following a resolution passed by the Shareholders’ Meeting on 14th October 2016, by incorporation of the seven local banks of the UBI Banca Group, (Banca Regionale Europea S.p.A., Banca Popolare Commercio e Industria S.p.A., Banca Carime S.p.A., Banca Popolare di Ancona S.p.A., Banca Popolare di Bergamo S.p.A., Banco di Brescia San Paolo CAB S.p.A. and Banca di Valle Camonica S.p.A.), which was concluded in February 2017, marking the passage from a federal Group model to the “Single Bank” Model;

- expanded the operating perimeter following the acquisition and subsequent merger into itself of Nuova Banca dell’Etruria e del Lazio S.p.A. (which became Banca Tirrenica S.p.A.), Nuova Banca delle Marche S.p.A. (which became Banca Adriatica S.p.A.) and Nuova Cassa di Risparmio di Chieti S.p.A. (which became Banca Teatina S.p.A.), together with their respective subsidiaries, Banca Federico del Vecchio S.p.A. and CARILO-Cassa di Risparmio di Loreto S.p.A., which was concluded in February 2018.


In consideration of the above changes, the Supervisory Board and the Management Board of the Bank, as part of the self-evaluation process they carried out, partly in compliance with the supervisory regulations, noted the advisability of further investigation of the governance of UBI Banca, that would also look into the changeover to a different governance and control system, more specifically the one-tier system. As previously noted in the 2018 Report, the extraordinary Shareholders' Meeting of UBI Banca held on 19th October 2018 resolved, by approving new Articles of Association, to adopt a single-tier governance and control system pursuant to Articles 2409-sexiesdecies et seq. of the Italian Civil Code, with effect from the date of renewal of the governing bodies following the approval of the said Articles of Association. At its meeting on 12th April 2019, the Ordinary Shareholders’ Meeting appointed the members of the Board of Directors and Management Control Committee for the three-year period 2019-2020-2021, thus launching the one-tier model of governance and control.

The one-tier system of governance and control is characterised by the presence of a Board of Directors and of a Management Control Committee, the latter having control functions and formed as an internal committee of the Board of Directors. In general terms, the one-tier model of management and control involves the following: • a clear division of roles and responsibilities between the various collegiate bodies: Board of

Directors and Management Control Committee; • the predominant presence of non-executive and/or independent directors, able to guarantee

proper and balanced discussion within the Board of Directors and adequate checks and balances with regard to the Chief Executive Officer and to management more generally, with adequate monitoring of the decisions taken;

• the attribution of a significant role to the Chair of the Board of Directors, as the linchpin in the system of checks and balances with regard to the executive members, designed to favour (i) concrete and effective discussion within the Board and also (ii) its effective functioning with a profitable contribution made from all directors;

• a key role for the Bank’s control functions, which will be guaranteed direct access to company bodies to report the results of their control activities periodically, or immediately in cases of necessity, without restrictions or intermediaries.

The one-tier system has the following advantages: − centralisation of the roles of strategic supervision and of management within a single body –the

Board of Directors – thereby streamlining and increasing the efficiency of the decision-making process, without prejudice to the ability of the Board of Directors to delegate its powers, in accordance with applicable laws and internal and external regulations, to the Chief Executive Officer—who may, within the scope and in implementation of the strategic guidelines set by the Board, take on the responsibilities of ordinary management – or to committees and/or managers within the scope of a balanced system of delegations;

− enhancement of the efficacy of the Board’s committees in consideration of the fact that they are established within the Board with powers of both management and strategic supervision;


− involvement of the supervisory function in strategic decisions. The composition of the supervisory body – i.e. the Management Control Committee – with members who are also on the Board of Directors, reinforces the actions of the supervisory function by replicating the positive experience accumulated in this regard under the two-tier system of management and control, under which the functions of strategic supervision were centralised within the Supervisory Board.

− optimisation of information flows; − extension of the areas of decision making reserved to the Shareholders’ Meeting, giving it

responsibility for the approval of the financial statements and overall remuneration and incentives policies, as well as the appointment of the full Board of Directors;

− international recognition: the one-tier system is widely used in advanced countries and is therefore not an obstacle to intervention by foreign institutional investors, or to the application of regulations by the supervisory authority.

−

The one-tier model is very widespread and is more easilyrecognisable internationally1The location of the supervisory body within the boardstrengthens the Control Function which takes part instrategic decision-making (as a natural development of thetwo-tier system)

2

Board committees are more effective as they work withdirect knowledge of the management’s operations3Simplification of approval procedures and greatereffectiveness in reporting due to the joint presence ofsupervisory, management and control functions within the BoD4

Enhanced Shareholder Role (Approval of financial reports)5

One-Tier System- strengths

More specifically, the following is underlined with reference to the collegiate bodies of UBI Banca: - taken as a whole, the Board of Directors, composed of 15 members, is the Bank’s management

and strategic supervision body. It is responsible for managing the business with the power to implement any transaction of both ordinary and extraordinary management necessary or in any case useful or appropriate for the best implementation of the corporate purpose.

In addition to matters reserved to it by law, the Articles of Association reserves following powers, amongst others, to the Board of Directors i) to decide the general strategic policies and programmes of the issuer and of the Group, ii) to approve the business and/or financial plans and budgets of the issuer and of the Group drawn up by the Chief Executive Officer to whom the Board of Directors may give prior guidelines and to decide on strategic operations and iii) to approve the proposed individual financial statements and the consolidated financial statements.

The members of the Board of Directors remain in office for three financial years and their term of office expires with the Shareholders' Meeting convened to approve the financial statements relating to their final financial year in office;

- the Management Control Committee, formed as an internal committee of the Board of Directors composed of five members of the Board of Directors itself, carries out the duties assigned by the regulations currently in force to the control function.0020 More specifically, in accordance with the provisions of the Articles of Association, amongst other things, the Management Control Committee: i) shall oversee compliance with the rules of law, regulations and Articles of Association and respect of the principles of proper management; ii) shall exercise the duties assigned by Art. 19 of Legislative Decree No. 39 dated 27th January 2010 to the accounts control and auditing committee; and also iii) shall report promptly to the Supervisory Authority and to Consob in relation to management irregularities and any violation of the


regulations connected to banking activity, in accordance with Art. 52, 1st paragraph of Italian Legislative Decree No. 385 dated 1st September 1993, and Art. 149, paragraphs 3 and 4-ter of Italian Legislative Decree No. 58 dated 24th February 1998.

The following internal committees of the Board of Directors were also formed with the functions and powers provided for by the Articles of Association of UBI Banca, by the applicable regulations in force and the specific internal Regulations:

- Appointments Committee - Remuneration Committee - Risk Committee - Related Parties and Connected Persons Committee.

In addition to the collegiate bodies and the four internal board committees with investigative, consultative and proposal-making functions, the new governance system also involves changing managerial committees from consultative bodies to bodies which also have decision-making functions.

Shareholders’ Meeting

Board Committees

DIRECTORS CHAIRMANAGEMENT CONTROL

COMMITTEE AND ITSCHAIR

The one-tier system of management and control

Risk Related Parties and Connected PersonsAppointments Remuneration

BOARD OF DIRECTORS

Chief Executive Officer

Appoints members of the Board of Directors and elects its Chair

Appoints members of the Management Control Committee and its Chair

Approves the annual separate financial statements

Approves remuneration and incentive policies

tasked with strategic supervision

appoints the Chief Executive Officer and its members

tasked with ongoing management of the Bank

implement strategic policies

carries out control functions and

tasked with all activities assigned to control body by the applicable legislation and regulations

Supports the Board of Directors on deciding the

composition of UBI Banca’s governing bodies

and those of the companies in the UBI

Banca Group

Carries out proposal-making functions for the remuneration of senior

management and advises on remuneration and incentive schemes

Supports the Board of Directors in carrying out its strategic supervision

functions on risk and internal control system

matters

Expresses opinions required by regulations

on related-party transactions in order to

prevent conflicts of interest


Responsibilities are delegated from the highest governance body to the various organisational levels on the basis of the organisation chart in the General Company Regulations, which identifies missions and responsibilities in relation to each aspect of management for every organisational unit. Since UBI Banca is considered a “significant” bank pursuant to Art. 6, paragraph 4 of Regulation (EU) No. 1024/2013 and is also a listed company, it falls within the category of banks of greater size or operational complexity. As a significant supervised entity, UBI Banca is under the direct supervision of the European Central Bank, which has specific tasks relating to the prudential supervision of credit institutions as part of the Single Supervisory Mechanism, including specific checks on the presence of solid principles of corporate governance. The total number of the members of the collegiate bodies (15 members of the Board of Directors of whom 5 are also members of the Management Control Committee) was decided in order to ensure adequate representation of shareholders and stakeholders and it also complies with Supervisory Regulations which state that the total number of members of the Board of Directors should not be greater than 19 for banks of larger dimensions or greater organisational complexity that have adopted a one-tier model of governance. Detailed information about the Board of Directors and the Management Control Committee is given in sections 4 and 5 respectively of this report. UBI Banca is the Parent of the Unione di Banche Italiane Group with a listed Parent, which sets strategic policies and performs functions of co-ordination and control over all the organisational units and companies in the Group. In exercising its management and co-ordination activities, UBI Banca identifies the Group's strategic objectives, draws up a common business approach (mainly through the business plan and the budget) and – without prejudice to the autonomy of each member company in terms of operations and articles of association – it defines the lines of strategic development for each of these, so that on the one hand they all take part in the achievement of the aforementioned objectives and, on the other, they benefit from the overall results of the management and coordination activities, whilst also issuing directives to them needed to implement instructions given by the Supervisory Authority in the interest of the stability of the Group itself. The Parent


also verifies that the strategic lines of development that it formulates and its risk management policies are correctly interpreted and implemented by Group member companies and it supervises the different components of risk that originate in the different business areas in which the Group operates. The chart that follows illustrates the composition of the UBI Group as at 31st December 2019:

UBI><Banca Group of Companies as at 31st December 2019

Pramerica SGR SpA

Pramerica Management Company SA UBI Sistemi e

Servizi Soc.Cons.pA

BPB Immobiliare Srl

IW Bank SpA

UBI Leasing SpA

Prestitalia SpA

100%

100%

100%

100%

100%

91à94% (1)

65%

100%

(1) The Group also holds 6.62% divided as follows: IW Bank (4.31%), Pramerica SGR (1.44%), UBI Factor (0.72%), Bancasurance Popolari (0.07%), Prestitalia (0.07%), UBI Academy (0.01%).

UBI Factor SpA100%

60%UBI Finance

Srl

UBI Finance CB 2

Srl

UBI Academy Scrl

88.00% (2)

(2) The Group also holds the remaining 12.00% divided as follows:: UBISS (3%), IW Bank (3%), Pramerica SGR (1.5%), UBI Factor (1.5%), UBI Leasing (1.5%), Prestialia (1.5%).

UBI><Banca SpA

24-7 Finance Srl

UBI SPV Group 2016 Srl

UBI SPV Lease 2016

Srl

10% 10%

10% 10%

Kedomus Srl 100%

Oro Italia Trading SpA in

liquidation

Mecenate Srl in liquidation

95%

100%

100%

60%

UBI Finance 2 Srl in liquidation

UBI Sicura SpA

BancAssurance Popolari SpA

100%

UBI Trustee SA

Social and environmental responsibility. UBI Banca pursues its business mission while at the same time maintaining that strong sense of social responsibility that is typical of banks which are deeply rooted in their local communities. This philosophy is strengthened by the adoption of specific instruments such as the Charter of Values, Code of Ethics and the Consolidated Non-Financial Statement (Sustainability Report). Since the Annual Report for 2017, the latter is the same document as the Consolidated non-financial statement pursuant to Legislative Decree 254/2016, which is prepared in compliance with the Policy for the preparation and publication of the Consolidated non-financial statement prepared in accordance with Legislative Decree No. 254/2016 and the relative regulations to implement it. The Board of Directors approves the consolidated non-financial statement pursuant to Legislative Decree 254/2016 and submits it to Management Control Committee, which as part of the functions assigned to it by law, oversees compliance with the provisions of the law that regard the preparation of that document.


As a separate document, the consolidated non-financial statement forms an integral part of the consolidated management report. Committees have been created within the Board of Directors which oversee specific issues. These include the Risk Committee, which supports the Board of Directors with corporate social responsibility issues and supervises sustainability matters connected with running a company and with its relations with stakeholders. The environmental and social aspects of operations – and the related risks and opportunities – fall specifically within the responsibilities overseen by the Risk Committee and by the entire Board of Directors as part of the Reputational Risk Policy and reporting to stakeholders (Consolidated Non-financial statement/Sustainability Report). Ethical, social and environmental aspects of operations are co-ordinated by the CSR Manager, who is responsible for the Corporate Social Responsibility Function, formed as part of the Financial Reporting, Accounting Principles and Controls Service. This service is on the staff of the Chief Financial Officer, who reports to the Chief Executive Officer. The opportunity for direct communication between stakeholders and the highest governing body consists of ordinary and extraordinary Shareholders’ Meetings, regulated by the Articles of Association. These may be convened by shareholders themselves in compliance with the provisions of the Articles of Association. Shareholders may also ask for matters to be added to the agendas of Shareholders’ Meetings as well as to submit motions for approval on matters already on the agenda. Consultation with the other stakeholders is delegated to the various corporate units within the areas for which each is responsible. A special process for consultation with stakeholders for the preparation of the materiality matrix representing the strategic priorities of the Group in relation to sustainability is governed as part of the preparation process for the consolidated non-financial statement. The Board of Directors is informed of the results and significant concerns that were found by means of internal reporting processes (including activities relating to the consolidated non-financial statement pursuant to Legislative Decree 254/2016 - Sustainability Report).


2) INFORMATION ON THE OWNERSHIP STRUCTURE (pursuant to Art. 123-bis, paragraph 1 of the Consolidated Finance Law) as at 28th February 2020 a) Structure of the share capital (pursuant to Art. 123 bis, paragraph 1, letter a) of

the Consolidated Finance Law)

On 31st December 2019, and also on the date when this Report was approved, the subscribed and paid-up share capital of the Bank amounted to €2,843,177,160.24, divided into 1,144,285,146 shares with no nominal value, as specified in Summary table No. 1 attached to this Report. The ordinary shares of UBI Banca are admitted for trading on the Mercato Telematico Azionario (electronic stock exchange) managed by Borsa Italiana S.p.A.

* * *

As reported in the UBI Banca interim financial report of 30th September 2019, on the basis of an update of reports received from financial intermediaries, shareholders of UBI Banca numbered approximately 137 thousand when the dividend for 2019 (for the financial year 2018) was paid.

CHANGES IN THE NUMBER OF SHAREHOLDERS

137.000 139.000145.000

150.000 147.000

2019 2018 2017 2016 2015

On the basis of reports received from financial intermediaries when

the dividend for the previous year was paid. Information on current incentive schemes based on financial instruments, relating to the short-term (annual) incentive schemes launched from 2015 to 2019 and the 2017-2019/20 long-term incentive scheme is given in the related documentation, available on the website of the issuer (www.ubibanca.it, Shareholders’ section) and in the Remuneration Report of each year. Sub-section i) below of this section may be consulted in relation to treasury shares. b) Restrictions on transfer of securities (pursuant to Art. 123 bis, paragraph 1, letter

b) of the Consolidated Finance Law) No restrictions on the transfer of shares exist, since the shares are transferable in accordance with the law (article 7 of the Articles of Association). c) Significant investments in the share capital (pursuant to Art. 123 bis, paragraph

1, letter c) of the Consolidated Finance Law)


On the basis of communications made in accordance with Art. 120 of the Consolidated Finance Law the following investors had investments in the share capital greater than 3% on the date of this report: - Fondazione Cassa di Risparmio di Cuneo: 5.910% (declared on 29/6/2017); - Silchester International Investors LLP: 5.123% (declared on 04/11/2015), stake held as part

of its discretionary investment management. - Fondazione Banca del Monte di Lombardia: 4.959% (declared on 7/12/2017) (1). − HSBC Holdings Plc (indirect):4.886% (of which 4.837% relating to HSBC Bank Plc) (reported on

27.5.2019). In that same declaration this company also declared a total indirect position of 4,976%, consisting of the investment already mentioned (4.886%) and an overall long position with settlement in cash (an equity swap) amounting to 0.090% with maturity date on 10th February 2023;

Note: − (1) On the basis of the communication received on 22nd February from the “Shareholders’ pact concerning shares of UBI Banca S.p.A”,

the Fondazione Banca del Monte di Lombardia holds 3.951% of the share capital of UBI Banca. It must in any case be considered that the percentage stakes declared may no longer be those actually held if a change has occurred in the meantime which does not involve disclosure obligations in accordance with the applicable regulations. It should be noted that the list reported above does not include asset management companies and authorised entities holding assets under management amounting to between 3% and 5% of the share capital of UBI Banca, since, pursuant to Art. 119-bis, paragraph 7 of the Consob Issuers' Regulations, they are not subject to the disclosure obligations pursuant to Art. 117 of the aforementioned Regulations. Further information is given in Summary table No. 1 attached to this Report. d) Instruments which grant special rights (pursuant to Art. 123-bis, paragraph 1,

letter d) of the Consolidated Finance Law) No shares exist which confer special controlling rights over UBI Banca. The issuer’s Articles of Association do not include provisions for shares with doubled votes pursuant to Art. 127-quinquies of the Consolidated Finance Law, or for shares with multiple votes. e) Shareholding by employees: exercise of voting rights (pursuant to Art. 123-bis,

paragraph 1, letter e) of the Consolidated Finance Law) No mechanisms exist for the exercise of voting rights which regard employee shareholdings. f) Restrictions on voting rights (pursuant to Art. 123-bis, paragraph 1, letter f) of the

Consolidated Finance Law)

At the date of this report there are no restrictions on voting rights. g) Shareholders' agreements known to UBI Banca in accordance with Art. 122 of the

Consolidated Finance Law (pursuant to Art. 123 bis, paragraph 1, letter g) of the Consolidated Finance Act)

On the basis of the information disclosed pursuant to Art. 122 of the Consolidated Finance Law and the recommendations published on the Consob website (www.consob.it), the agreements

http://www.consob.it/


between shareholders are reported below. We also report that the adherents to the pacts below have declared that they have filed the information communicated to the Bank with the Business Register and notified Consob and the Bank of Italy. For further information on the pacts described below see the Consob website (www.consob.it) and the Shareholders/Shareholders’ agreements section of the website of the issuer (www.ubibanca.it).

* * * On 1st February 2016 UBI Banca received a communication concerning the constitution on 27th January 2016 of a shareholders' Pact for UBI shareholders entitled “Patto dei Mille” together with an extract from this Pact (published in the daily newspaper MF on 2nd February 2016) which has been published on the website of the Bank as required by the regulations. The Bank also received the relative “Essential Information” pursuant to Art. 130 of the Consob Issuers’ Regulations which it published on the corporate website of the Bank, again in accordance with the legislation and regulations in force. The Pact, which relates to UBI Banca shares, governs prior consultation between the holders of the syndicated shares (Art. 122, paragraph 5, letter a of the Consolidated Finance Law), the exercise of voting rights attaching to the syndicated shares (Art. 122, paragraph 1 of the Consolidated Finance Law) and some limits on the circulation of these shares (Art. 122, paragraph 5, letter b of the Consolidated Finance Law). The life of the Pact is until 31st December 2021. The Pact is tacitly renewed on its expiration for a further period of two years, unless the holders of the syndicated shares notify their withdrawal within 30 thirty days of the expiration date. In the event of withdrawal by some of the holders of the syndicated shares, the Pact will be automatically renewed on condition that the syndicated shares represent at least 1% of the share capital of the Bank. Owners of syndicated shares have the right to withdraws from the Pact, with the exception of the provisions of point 4.3 paragraph 2 of the Essential Information. On 18th February 2019 75 shareholders adhered to the pact, who pledged 18,342,999 ordinary UBI Banca shares to it, accounting for 1.603% of the total voting rights representing the share capital of UBI Banca. The Essential Information shows that the total shares bound by the Pact were below the threshold set in Art. 120, paragraph 2 of the Consolidated Finance Law and therefore in accordance with Art. 122, paragraph 5-ter of the Consolidated Finance Law, the disclosure obligations do not apply to the Pact. On 18th February 2016 UBI Banca received a communication concerning the constitution on 17th February 2016 of a shareholders' Pact for UBI shareholders entitled “Sindacato Azionisti UBI Banca Spa” (Syndicate Pact) together with an abstract of the said Syndicate Pact (published in the daily newspaper Il Giornale on 18th February 2016) which is available on the website of the Bank as required by the legislation and regulations. The Bank received the relative “Essential Information” pursuant to Art. 130 of the Consob Issuers’ Regulations which it published on the corporate website of the Bank, again in accordance with the legislation and regulations in force. The Syndicate Pact, which relates to UBI Banca shares, governs the submission of a slate for the appointment of the Board of Directors of UBI Banca and the exercise of the voting rights assigned to the syndicated shares (Art. 122, paragraph 1 of the Consolidated Finance Law) for the appointment of that Board, the exercise of voting rights in extraordinary Shareholders’ Meetings of UBI Banca (Art. 122, paragraph 1 of the Consolidated Finance Law), the obligation of prior consultation between the holders of the syndicated shares (Art. 122, paragraph 5, letter a of the Consolidated Finance Law) and also some limits on the circulation of those shares (Art. 122, paragraph 5, letter b of the Consolidated Finance Law). The Syndicate Pact is tacitly renewed on its expiration for a period of three years, from one three-year period to the next, unless the owners of the syndicated shares exercise their right to withdraw from the Pact by the last day of the third month prior to its expiration. If only some of the owners withdraw, the pact is renewed for the other owners of the syndicated shares, providing shares which represent at least 5% of the share capital of the Bank with voting rights remain bound by the pact.


On the basis of the communication received on 4th February 2019, since there have been no withdrawals, the life of the Syndicate Pact is extended by three years and therefore until 10th February 2022. On 1st January 2020 166 shareholders (grouped into 37 groups) had adhered to the Pact, and a total of 85,871,626 ordinary shares had been brought to the Syndicate, accounting for 7.5% of the total voting rights representing the share capital of UBI Banca. Following a request from a new member to join the Pact and a communication received of the internal reorganisation of one Group, which will be officially ratified in the first General Meeting to be held following 1st January 2020, the number of shares brought to the Pact will change (87,871,626 shares, together with the number of participants (168) and the number of Groups (38). On 24th September 2019 UBI Banca received a communication regarding the signing on 19th September 2019 of a shareholders’ pact concerning shares of UBI Banca S.p.A. that is significant within the meaning of Art. 122 of the Consolidated Finance Law, together with an extract from this agreement (published in the daily newspaper MF - Milano Finanza on 24th September 2019) which is available at www.ubibanca.it as required by the regulations. The Bank received the relative “Essential Information” pursuant to Art. 130 of the Consob Issuers’ Regulations, published on the corporate website of the Bank, again in accordance with the legislation and regulations in force. The Pact took effect on 27th January 2020. The Pact regards: (i) ordinary UBI Banca shares; (ii) any other financial instrument or security which grants the right to vote in an ordinary shareholders’ meeting of the Bank; (iii) any right (whether or not it is embedded in a financial instrument or in a security), which allows the holder of the right to subscribe or purchase ordinary shares of UBI Banca or other financial instruments or securities with the right to vote in an ordinary shareholders’ meeting of the Bank, inclusive (by way of example) of option rights in cases of capital increases, options, warrants and convertible bonds. By signing the Shareholders’ Pact, the parties have shown their intention to establish principles, rules and guidelines to which they intend to abide in order to commence and develop collaboration between significant shareholders of UBI, driven by common approaches towards engagement and stewardship. On 18th February 2020, 20 shareholders were parties to the Shareholders’ Pact, the holders of a total of 202,581,142 ordinary UBI shares, accounting for 17.704% of the share capital of the Bank. The Pact has a duration of three years that runs from 27th January 2020. The Pact shall be terminated if its performance determines an obligation on the part of the Parties to promote a public tender offer to purchase on the securities of the Issuer. Each party has the right to withdraw from the shareholders’ pact if amendments to the Pact itself are resolved by the Shareholders Committee, within 15 days of the said amendment resolutions being passed. That right shall not be granted to any party who is a member of the Shareholders’ Committee who voted in favour of the amendment, directly or via a nominee.

* * * On 20th December 2018 UBI Banca received a communication concerning the formation on 18th December 2018 of an Agreement concerning the consultation and possibly the presentation and vote of a slate for the appointment of the Board of Directors of UBI Banca S.p.A. at the Shareholders’ Meeting convened within 120 days of the end of the financial year 2018, in accordance with Art. 122 of the Consolidated Finance Law. In particular the following parties to the shareholders’ pacts: - UBI Banca Spa Shareholders’ Syndicate - Patto dei Mille and - Fondazione Cassa di Risparmio di Cuneo have formed an agreement for consultation aimed at drawing up and possibly subsequently presenting and voting for a slate for the nomination of the Board of Directors of UBI Banca at a Shareholders’ Meeting of that Bank which has been convened for 12th April 2019 and which, amongst other things, has the nomination of the Board of Directors on its an agenda, as provided for by provisions of the Articles of Association approved by an Extraordinary Shareholders’ Meeting held on 19th October 2018.


The agreement is between an overall group of 264 shareholders representing 246,157,311 shares accounting for 21.518% of the share capital of UBI Banca. Of those parties who adhered to the agreement the following, listed in order of the percentage held, own more than 1% of the share capital of UBI Banca: - Fondazione Cassa di Risparmio di Cuneo, which held 67,601,368 shares of UBI Banca,

representing 5.91% of the share capital; - Fondazione Banca del Monte di Lombardia which held 45,212,227 shares (3.95% of UBI Banca

shares), of which 40,048,558 shares have been pledged to Sindacato Azionisti UBI Banca S.p.A.; - Upifra S.A. which held 11,726,202 shares (1.024% of UBI Banca shares), of which 9,000,000

shares have been pledged to Sindacato Azionisti UBI Banca S.p.A.; The duration of this Agreement was from the date of its signing until the end of the proceedings of the Shareholders’ Meeting of UBI Banca convened to appoint the Board of Directors, that is until 12th April 2019.

* * *

Further information in relation to UBI shareholders' associations of which the Bank has been informed from time-to-time is given below: a letter was received concerning the constitution on 24th January 2011 of an association named

"Tradizione in UBI Banca”, located in Cuneo; UBI Banca received a letter on 21st November 2011 entitled “Communication pursuant to Art.

20, paragraph 2 of the Consolidated Banking Act and to Art. 122 of the Consolidated Finance Law" in relation to the establishment of the association named “FuturoUBI”, located in Milan on 22nd September 2011.

In that letter, the association declared that “while it does not consider the association as qualifying as a shareholders' agreement pursuant to the above legislation, it has nevertheless fulfilled public disclosure obligations by publishing its Articles of Association on the website www.futuroubi.it”.

a letter of 19th June 2012 was received concerning the constitution of an association called “Amici della Banca Regionale Europea e del Gruppo UBI”, located at Cuneo;

a letter was received concerning the constitution on 29th October 2012 of an association called “Insieme per UBI Banca”, located in Milan;

a letter of 27th February 2013 was received concerning the constitution of an association called “Associazione Soci UBI Centro-Sud”, located in Rome;

a letter of 28th February 2013 was received concerning the constitution of an association called “Associazione Soci Lombardi UBI Banca” also known as “ASSOLUBI”, located in Brescia;

notification was received on 15th March 2013 concerning the constitution on 7th October 2011 of the “Associazione Azionisti Banche Popolari 2011”.

On 26th July 2013 an application for admission to registered shareholder status (under the previous co-operative company governance rules) was received from an association called “UBI Banca Popolare!” located in Bergamo and constituted on 8th May 2013. The Bank has also received notifications from the “Associazione Azionisti UBI Banca”, located in Bergamo. The Bank also learned from:

- a press release of the constitution on 10th November 2011 of the “Associazione dei cittadini e dipendenti soci di UBI Banca” located in Brescia;

- from news in the press of the constitution of the “Associazione Prealpina Azionisti di UBI Banca”.

h) Change of control clauses (pursuant to Art. 123-bis, paragraph 1, letter h) of the Consolidated Finance Law) and provisions of the Articles of Association concerning public tender offers to purchase (pursuant to Art. 104, paragraph 1-ter and 104-bis, paragraph 1 of the same law)

The shareholders' agreement currently in force signed on 3rd July 2018 by UBI Banca and the Prudential USA concerning the joint venture, Pramerica SGR S.p.A. (the “SGR”) grants rights to purchase to the parties (call options) if certain predetermined events occur.


More specifically, in the event of a “change of control” of UBI Banca (this being understood as any operation whereby i) an entity directly or indirectly purchases more than 30% of the share capital with voting rights of UBI Banca; ii) UBI Banca merges or performs another extraordinary operation with another legal entity and as a consequence UBI Banca ceases to exist or the legal entity, party to the operation, holds more than 30% of the share capital with voting rights subsequent to the operation; iii) the sale, rent, transfer or other analogous operation by which UBI Banca transfers all or a substantial part of its business to another legal entity), Prudential USA has the right to make a communication to UBI Banca which allows the latter to exercise a call option on the entire investment held by Prudential USA in the SGR. If that option is not exercised, Prudential USA has, as an alternative, the right i) to purchase the entire interest held in the SGR by the UBI Banca Group, or an interest which allows it to hold 65% of the share capital of the SGR; ii) to give a mandate to an investment bank to sell the entire share capital of the SGR to a third party. The Articles of Association of UBI Banca make no provision with regard to Art. 104, paragraph 1-ter of the Consolidated Finance Law for exceptions to the passivity rule pursuant to Art. 104, paragraphs 1 and 1-bis of the same Consolidated Finance Law. It is also noted that the Articles of Association of the Issuer do not allow the application of neutralisation rules considered by Art. 104-bis, paragraphs 2 and 3 of the Consolidated Finance Law. i) Powers to increase the share capital and authorisations to purchase treasury

shares [pursuant to Art. 123 bis, paragraph 1, letter m) of the Consolidated Finance Law]

No authorisations exist as at the date of this report for increases in the share capital or for the issue of convertible debt instruments. UBI Banca holds a total of 9,251,800 treasury shares (being 0.81% of the share capital) of which: (i) 1,807,220 shares purchased on 8th April 2016 following the exercise of the right of withdrawal at the time of the transformation of UBI Banca into a joint stock company; and (ii) the remaining 7,444,580 shares purchased in implementation of the authorisations granted by the Shareholders’ Meeting for the purpose of the incentive schemes for UBI Group employees and/or a productivity bonus (the “Company Bonus”)1. On 6th April 2018 the Shareholders’ Meeting resolved to authorise the Management Board to proceed with one or more transactions, to be carried out within 18 months of the date of the Shareholders’ Meeting authorisation in accordance with the procedures specified in paragraph 1, letter b), of Art. 114-bis of the Issuers Regulations and in compliance with the limits set by law for treasury shares, to purchase own shares at a price that is neither 10%, higher nor 10% lower than the reference price of the UBI Banca share quoted in the market session prior to each individual purchase transaction for: a. maximum value amounting to approximately €6 million to cover the 2018 short-term incentive

scheme for "Identified Staff"; b. a maximum value amounting to approximately €2.5 million as an increase to the maximum

value over the course of the Scheme approved by the Shareholders’ Meeting on 7th April 2017 for the long-term incentive scheme for "Identified Staff".

On 15th February 2019 UBI Banca, in implementation of a shareholder resolution dated 6th April 2018, concluded a programme launched on 19th December 2019 to purchase treasury shares at the service of the short and long-term incentive scheme for "Identified Staff" of the Group. At the date of this report, a total of 3,019,910 ordinary UBI Banca shares have been purchased at the service of the above incentive schemes. For further information about the above programme for the purchase of treasury shares, see the press releases on the Investor Relations/Press Releases section of the Issuer’s website at www.ubibanca.it.

1 Attention is drawn to the acquisition by UBI Banca, in implementation of the authorisations granted by the Shareholders’ Meeting for the purpose of the incentive schemes for UBI Group employees and/or a productivity bonus (the “Company Bonus”), of a total of 8,793,841 UBI Banca shares of which a total of 1,349,261 shares had been granted on the date of publishing this report.



On 12th April 2019 the Shareholders’ Meeting resolved to authorise the Board of Directors to proceed with one or more transactions, to be carried out within 18 months of the date of the Shareholders’ Meeting authorisation in accordance with the procedures specified in paragraph 1, letter b), of Art. 114-bis of the Issuers Regulations and in compliance with the limits set by law for treasury shares, to purchase own shares at a price that is neither 10%, higher nor 10% lower than the official price of the UBI Banca share quoted in the market session prior to each individual purchase transaction for up to a maximum value of approximately €6 million to cover the 2019 short-term incentive scheme for “Identified Staff”. At the date of this report, no purchases have been made at the service of the aforementioned scheme.

l) Management and co-ordination activities (pursuant to Art. 2497 et seq. of the

Italian Civil Code)

The issuer is not subject to management and co-ordination activities within the meaning of article 2497 et seq of the Italian Civil Code.

* * *

As concerns possible further information: information required by Art. 123-bis, paragraph 1, letter i) of the Consolidated Finance Law is

given in the section of this report on the remuneration of board members; information required by Art. 123-bis, paragraph 1, letter l) of the Consolidated Finance Law is

given in the section of this report on the Board of Directors, the Management Control Committee and Shareholders’ Meetings.


3) COMPLIANCE [pursuant to Art. 123 bis, paragraph 2, letter a) of the Consolidated Finance Law]

UBI Banca complies with the Corporate Governance Code (available on the website of the Corporate Governance Committee at http://www.borsaitaliana.it/comitato-corporate-governance/codice/codice.htm, a document the provisions of which have been drawn up with reference to listed companies that have adopted a traditional governance model. Article 10 of the code states that if a one or two tier system of administration and control is adopted "the preceding articles apply only insofar as they are compatible, by adapting the individual provisions to the particular system adopted, in compliance with the objectives of good corporate governance, transparent reporting and the protection of investors and the market pursued by the Corporate Governance Code and in the light of the application criteria set in this article". UBI Banca adapts the principles and criteria of the Code to the one-tier system on the basis of the powers granted to it by the same Code. As a consequence, the articles of the Corporate Governance Code referring to the Board of Directors, the Board of Statutory Auditors, or their members are generally applicable, respectively, to the Board of Directors, the Management Control Committee and their members. The objective of this report is to furnish details of the manner in which the Code itself is applied in the Bank, with an account also given of those principles subject to full compliance and those with which the Bank has decided not to comply (or to comply with only partially) on a “comply or explain” basis. This is partly because the Bank must consider its status as a bank which, as such, demands strict compliance with regulations contained in the Consolidated Banking Law and with sector regulations.

* * * Neither the issuer nor its strategic subsidiaries are subject to foreign laws that influence the corporate governance structure of the issuer. Details of the corporate governance structure are given in the various sections of this report.

* * * An attachment to this report contains two checklists stating: - the principles and criteria of the Code and - the provisions of Art. 123-bis of the Consolidated Finance Act. The list shows whether they have been implemented (with or without adaptations) or not applied, with a reference to the section in which the matter is discussed. The checklist should not, however, be consulted without taking into account the analyses and clarifications within the text of the report, containing details on how the individual rules and regulations are applied.

http://www.borsaitaliana.it/comitato-corporate-governance/codice/codice.htm

http://www.borsaitaliana.it/comitato-corporate-governance/codice/codice.htm


4) BOARD OF DIRECTORS

UBI Banca adopts, in accordance with Art. 2409-sexiesdecies of the Italian Civil Code, the one-tier system of management and control articulated in a Board of Directors made up of 15 members including the Chairman, the Deputy Chairman, the Chief Executive Officer and the five members of the Management Control Committee. The Board of Directors is governed by the provisions of the law and regulations, the Articles of Association and the Regulations concerning its functioning, which also take account of the principles and criteria laid down in the Corporate Governance Code. The Board of Directors is the top body in the one-tier system of governance currently adopted by UBI Banca; it is responsible for the management of the Bank. Within the Board of Directors the usual control functions are reserved to board members who are on the Management Control Committee, which has adopted its own Regulations for its organisation and functioning. The Board of Directors of UBI Banca is characterised by the predominant presence of directors who are non-executive (14 out of 15) and/or independent (10 out of 15): the Articles of Association require at least two thirds of the directors to be in possession of the independence requirements provided for in Art. 21 thereof. The members of the Board of Directors in office are from the only slate presented at the Shareholders’ Meeting (12th April 2019).

4.1 Role of the Board of Directors (pursuant to Art. 123-bis, paragraph 2, letter d) of the Consolidated Finance Law)

The Board of Directors as a whole, is the Company's management and strategic supervision body. It is responsible for managing the business with the power to implement any transaction of both ordinary and extraordinary management necessary or in any case useful or appropriate for the best implementation of the corporate purpose. The Board of Directors shall fulfil exclusively, without the right of delegation, all duties of strategic supervision indicated in the pro tempore laws and regulations in force and amongst other things it shall: a) define and approve the business model, the general planning and strategic guidelines, the

governance and risk management objectives and policies of the Company and the Group, including the risk appetite framework, as well as the general lines of the assessment process of the adequacy of its own funds;

b) resolve on business and/or financial plans and on the budgets of the Company and the Group


prepared by the Chief Executive Officer to whom the Board may give instructions in advance, as well as on strategic operations such as: (i) acquisitions by the Company and the subsidiary companies of controlling investments in

companies as well as operations involving the reduction of the investment held directly or indirectly in subsidiary companies;

(ii) acquisitions or disposals by the Company and the subsidiary companies of businesses, business branches, legal relationships as a block, contributions, spin-offs, investments or divestments that involve commitments whose value, for each transaction, is higher than 5% of the Regulatory Capital useful for determining the consolidated Common Equity Tier 1 or has more than a 50 b.p. incidence on the Common Equity Tier 1 Ratio as recorded by the last report sent to the competent Supervisory Authorities in accordance with existing laws and regulations;

(iii) acquisitions or disposals by the Company and the subsidiary companies of non-controlling investments whose value, for each operation, is higher than 1% of the Regulatory Capital useful for determining the consolidated Common Equity Tier 1, as recorded by the last report sent to the competent Supervisory Authorities in accordance with existing provisions, or having relevance from an institutional or System point of view;

(iv) signing of commercial, collaboration and corporate agreements of strategic significance, taking account of the activities and/or volumes involved and in relation to the planning lines and objectives provided by the approved Business Plan;

c) determine the strategic guidelines and risk management and control policies, continuously verifying their adequacy and implementation by the Chief Executive Officer and by Management;

d) resolve on the compliance risk management policies and on the constitution of the compliance function;

e) approve the accounting and reporting systems; f) approve the system of delegated powers with particular regard to the delegated powers relating

to lending; g) g) define the overall structure of the internal control system and, in that context, approve the

rules concerning the duties and the responsibilities of the control bodies and functions and the relevant procedures of co-ordination, ensuring that any head of the control functions – as defined by the supervisory regulations – (including the Head of Anti-Money Laundering) have direct access to the Company’s bodies, to which they shall periodically (and promptly, in case of necessity) report, without limitations and intermediaries, the results arising from the control activity performed by the Company; assess the level of efficiency and adequacy of the internal control system with particular regard to the control of risks, the functioning of the internal audit and accounts information system; it also shall verify the correct implementation of the strategic and management control activity performed by the Company on the Group companies; appoint and remove, on the proposal of the Risks Committee and having heard from the Management Control Committee, the persons who are responsible of the company control functions as defined by the supervisory regulations, therein including the Head of Anti-Money Laundering;

h) approve and periodically verify the corporate governance, organisational, administrative structure and assess the general performance of the Company and the Group;

i) approve the main internal regulation and that relating to its functioning as well as regulations on information flows necessary in order to ensure the full circulation of information within the Board and the information flows that must be sent to the Company’s bodies and committees also by company structures with particular regard to the internal control system;

j) develop the remuneration and incentive policies to be submitted to the Shareholders’ Meeting and establish the definition of the remuneration and incentive systems of persons for whom supervisory regulations require this task to be performed by the body charged with strategic supervision functions;

k) resolve, on the proposal of the Chairman of the Board, on the guidelines and plans relating to the cultural and charitable initiatives, as well as the image of the Company and the Group verifying that the planned initiatives are consistent with the identified objectives;

l) approve the guidelines and supervise the process of public disclosure and communication of the Company;

m) ensure effective dialogue with the management function and with the heads of the main company functions and verify their decisions and choices over time.


Furthermore, the Board of Directors, without the right of delegation and without prejudice to any duty that may not be delegated pursuant to the pro tempore laws and regulations in force, shall resolve on: a) the granting and removal of powers to the Chief Executive Officer, having heard from the

Appointments Committee; b) conferring, modifying or revoking authorisations and powers and assigning specific functions or

authorisations to one or more board members; c) any possible appointment and removal of the General Manager and other members of the

General Management, the definition of the respective functions and duties, as well as the appointments of the senior hierarchic figures reporting to the Chief Executive Officer and to the Board of Directors of the Company, of the management and control bodies and of the general management of the Group companies;

d) the institution of a Steering Committee, chaired by the Chief Executive Officer and composed of the executives in charge of major company functions; upon the proposal of the Chief Executive Officer, the Board Of Directors determines the composition, duties and powers of the Steering Committee and approves its operating regulations; the Board of Directors determines the manner in which any information on the activity performed must be ensured to the Board of Directors. Members of the Steering Committee may participate in meetings of the Board of Directors without voting rights, as provided for by the internal operating regulations of the Board of Directors according to Art. 24.2, let. i) of the Articles of Association;

e) the possible institution, on proposal of the Chief Executive Officer, of additional Managerial Committees envisaged in the organizational structure and the determination of their composition, duties and related powers; the Board of Directors approves their operating regulations and determines the manner in which any information on the activity performed must be ensured to the Board of Directors;

f) the determination of the criteria for the co-ordination and management of the Group companies, as well as the criteria for executing the instructions imparted by the competent Supervisory Authorities;

g) the appointment and removal of the Manager in charge of preparing the company accounting documents, in accordance with Art. 154-bis of Italian Legislative Decree 24th February 1998, No. 58 and the determination of the respective fee. In addition to the requirements of integrity prescribed by the current regulations in force for persons performing administrative and management functions, the Senior Officer Responsible for preparing financial reporting documents must also possess requirements of professionalism with specific administrative and accounting expertise in the banking, finance, investment or insurance fields. That expertise must be acquired through work experience in a position of adequate responsibility for an appropriate period of time;

h) the preparation of the draft financial statements and the consolidated financial statements; i) the exercise of the delegation for the increase of share capital contributed in accordance with

Art. 2443 of the Italian Civil Code, as well as the issuance of convertible bonds in accordance with Art. 2420-ter of the Italian Civil Code;

j) in accordance with Art. 2365, paragraph 2 of the Italian Civil Code merger or demerger resolutions in the cases provided by Articles 2505 and 2505-bis of the Italian Civil Code, the opening or closure of secondary offices, the reduction of capital following Shareholder withdrawal and the adjustments of the Articles of Association to regulatory provisions;

k) formulation of merger or demerger plans; l) the definition of identification and supervision on the implementation of the criteria for

transactions with related parties and connected persons as well as, in general, in relation to transactions in conflict of interests and the approval of the respective regulation.

The Board of Directors assesses the adequacy of the organisational, administrative and general accounting structure of the Bank provided by the Chief Executive Officer, who reports on a monthly basis to the Board on the accounting results of the Bank, the main subsidiary companies and the Group as a whole. Without prejudice to particular cases of urgency when the Chief Executive Officer report without delay.

* * *


Pursuant to Art. 27 of the Articles of Association, the Chairman and the Deputy Chairman are severally authorised to represent the company in dealings with third parties and in legal proceedings, before any Court of any level or stage, and to act as its sole signatories. Without prejudice to the above, the responsibility for representing the Company legally towards third parties and in court and for using the company signature is held severally by the Chief Executive Officer and General Manager, if appointed, in relation to the matters assigned to them under the Articles of Association and/or delegated by the Board of Directors. The Chairman, Deputy Chairman of the Board, the Chief Executive Officer and the General Manager, if appointed, have, severally, the right to bring judicial actions for all acts regarding company management and administration, to submit appeals before all judicial and jurisdictional Authorities, Administrative and Tax Authorities and Commissions, to issue general and special powers of attorney with election of domicile, also for the appearance as civil party. The Chairman, the Deputy Chairman, the Chief Executive Officer and the General Manager, if appointed, severally and as part of their powers, may appoint special attorneys for certain acts or categories. 4.2 Appointment and replacement (pursuant to Art. 123-bis, paragraph 1, letter l)

of the Consolidated Finance Law) The members of the Board of Directors remain in office for three financial years and their term of office expires with the Shareholders' Meeting convened to resolve upon the financial statements relating to the final financial year of their office; In any case, they remain in office, with full powers, until their renewal and they may, within the limits of laws and regulations in force and the Articles of Association, be re-elected. As concerns the regulations governing gender balance, the relevant regulatory framework has recently been modified by two changes in legislation: a) Conversion Law No. 157/2019, converting Decree Law No. 124/2019 (Art. 58-sexies) changed, in force since 25th December 2019, Art. 147-ter, paragraph 1-ter (and Art. 148) of the Consolidated Finance Law, extending the period of application of the regulations governing gender balance from three to six mandates; b) Budget Law No. 160/2019, in force since 1st January 2020: Art. 1, paragraphs 302-304 confirmed that the gender quota regulations are applicable for six consecutive mandates and established that at least two fifths of the elected board members should be of the less represented gender, replacing the previous quota of one third. The new gender quota of at least two fifths applies from the first renewal of the governing and/or control bodies following the date when the law came into force. It will, however, be necessary to update the Articles of Association in order to implement the new rules, which will apply when the Board of Directors is next renewed. This is expected to take place at the shareholders’ meeting held to approve the financial statements on 31st December 2021. This section therefore describes the appointment mechanism for members of the Board of Directors under the provisions of the current Articles of Association. Members of the Board of Directors are elected by a shareholders' meeting on the basis of lists submitted by shareholders in accordance with the provisions of the law and the Articles of Associations. The slates of candidates must be filed at the registered office within the twenty-fifth day before the Shareholders' Meeting at first or only one call and they must contain the name of at least two and no more than fifteen candidates, of which at least one must be included in the second section. Each slate must be split into two sections of names, both ordered sequentially by number, and they must indicate, separately, in the first section, candidates to the role of Board Directors different from candidates also to the role of member of the Management Control Committee who must be indicated in the second section. The slates may also be submitted using means of distance


communication defined by the Board of Directors according to methods illustrated in the notice to convene, which allow for the submitting entities to be identified. The slates must also be accompanied by information on the identity of the Shareholders submitting them, indicating the number of shares and thus the percentage of share capital held overall by the submitting Shareholders and, within the time limits established by laws and regulations in force, a communication indicating the ownership of that investment, as well as any other information required by the pro tempore regulations in force. In order to prove the ownership of the number of shares required to submit the slates, the respective communication may be produced even after the submission provided that this takes place at least twenty-one days before the date of the Shareholders' Meeting by the methods provided by existing regulations. Together with each slate, comprehensive information must be filed on the personal and professional characteristics of the candidates, including any management or control offices held in other companies, along with: a) a declaration by those candidates certifying their possession of the requirements required by the pro tempore regulations in force and the Articles of Association, along with any useful information for the overall assessment of fitness for the office held, according to the scheme that will be previously published by the Company, taking also in consideration the guidelines of the Supervisors Authorities concerning the suitability of the management body members as well as any Company’s internal regulations regarding the requirements of the Directors; and b) their acceptance of the candidature. Each slate containing at least three candidates must (i) be made up of candidates representing both genders, so that at least a third of the candidates belongs to the less represented gender, (ii) contain a number of candidates in the first section with at least half in possession of the requirements of independence (should the application of such quota not result in a whole number, the resulting number shall be rounded up to the higher unit), while all candidates in the second section must be equipped with the independence requirements indicated in these Articles of Association and the pro tempore regulations in force. The second section must also contain at least two candidates equipped with the requirements indicated in Art. 20.8 of the Articles of Association. If, at the deadline indicated in paragraph 4 of this sub-section, only one slate has been filed, or a slate has been filed having candidates only in the first section or only in the second section, or, in any case, in the circumstances provided by the regulations in force, the Company promptly communicates this by way of a notice sent to at least two press agencies; in that case, slates may be submitted up to the third day after the above-mentioned deadline and the thresholds provided by the next paragraph are reduced to half. In order to appoint the members of the Board one or more Shareholders who represent at least 1% of the share capital, or the different percentage established by the pro tempore regulations in force, may submit a slate of candidates. Each Shareholder and the Shareholders who are parties to a shareholders’ agreement involving the Company’s shares may not submit more than one slate, even through third person or trust companies: in the event of a breach, his/her signature is not calculated for any slate. Each candidate may be entered in just one slate under penalty of ineligibility. Slates submitted that do not comply with the above procedures are considered not to have been submitted. Each Shareholder may vote on only one slate. Pursuant to Art. 22.12 of the Articles of Association, the Board is elected as follows: a) if multiple slates are submitted, the first three that have obtained the highest number of votes

expressed by the Shareholders and that are not connected in accordance with the applicable regulations are taken into consideration;

b) b.1) if the slate that obtained the second highest number of votes has obtained less than 15% of


the votes expressed in the Shareholders' Meeting, 10 candidates are taken from the first section and 4 candidates are taken from the first section and the second section of the slate that obtained the majority of votes. One candidate is taken from the second section of the slate that obtained the second highest number of votes. In such case, no candidate is taken by the slate that obtained the third highest number of votes expressed in the Shareholders’ Meeting, regardless of the number of votes that has obtained;

b.2) if the slate that obtained the second highest number of votes has obtained a percentage of votes expressed in the Shareholders' Meeting of at least 15% and less than 30%, 9 candidates are taken from the first section and 4 candidates from the second section of the slate that obtained the majority of votes, while 1 candidate is taken from the first section and 1 candidate from the second section of the slate that obtained the second highest number of votes. In the event that the slate that obtained the third highest number of votes expressed in the Shareholders’ Meeting has obtained more than 15% of the votes expressed in the Shareholders’ Meeting, 9 candidates are taken from the first section and 3 candidates from the second section of the slate that obtained the majority of votes; 2 candidates are taken from the second section of the slate that has obtained the second highest number of votes expressed in the Shareholders’ Meeting, while the remaining candidate is taken from the first section of the slate that obtained the third highest number of votes expressed in the Shareholders’ Meeting;

b.3) if the slate that obtained the second highest number of votes has obtained at least 30% of the votes expressed in the Shareholders' Meeting, 9 members will be taken from the first section and 3 from the second section of the slate that has obtained the majority of the votes, while 1 candidate will be taken from the first section and 2 candidates from the second section of the slate that obtained the second highest number of votes. In such case, no candidate will be taken by the slate that obtained the third highest number of votes expressed in the Shareholders’ Meeting, regardless of the number of votes that has obtained.

If the slate that obtained the highest number of votes does not have a number of candidates in the first and/or the second section sufficient to constitute the number of directors to be elected, the remaining directors will be taken from the slate that obtained the second highest number of votes and that obtained at least 20% of the votes expressed in the Shareholders' Meeting; if no further candidates remain from the aforementioned slate, the Shareholders' Meeting resolves by relative majority again in respect of the requirements required for the appointment. If, following the identification of the candidates to be taken from the most voted slates according to the procedures set forth above (in Art. 22.12 of the Articles of Association), based upon the sequential order in which the same candidates were indicated in the respective slate, the gender proportions ratified by Art. 22.5(i) of the Articles of Association, or the further proportion required by Art. 20.10 of the Articles of Association, or the provisions of Art. 20.8 of the Articles of Association are not respected, the additional names taken from the aforementioned slates whose appointment would involve the violation of the aforementioned regulation shall not be considered to have been elected. In this case, the persons indicated in the same slate in the number that allows for respect of the composition requirements of the Board of Directors provided by applicable laws and regulations in force and by the Articles of Association shall be appointed as Directors, again proceeding according to the sequential order by which the same candidates are indicated in the respective section of the relevant slate. In particular, in this circumstance, the candidates to be appointed belonging to the gender that is less represented on the basis of the results of the vote or which allow compliance with the additional proportion specified in Art. 20.10 of the Articles of Association shall be taken from each list in proportion to the total number of candidates elected on each list according to the results of the voting. In that case, if the minority slates have not respected the gender proportions established by Art. 22.5(i), of the Articles of Association, the candidates to be appointed in order to re-establish the correct gender proportion will be taken solely from the slate that obtained the most votes, or from the slate from which the majority of Directors is taken pursuant to articles 22.12 and 22.13 of the Articles of Association. If only one slate is validly submitted and this has obtained the majority required for the ordinary Shareholders' Meeting, all 15 Board Directors shall be taken from that slate, including the 5 members of the Management Control Committee.


For the appointment of those Directors who, for any reason, have not been able to be elected by means of the procedures indicated in the above paragraphs or if no slate is submitted, the Shareholders' Meeting resolves by relative majority, again in respect of the requirements necessary for the appointment; if the votes are equal, the eldest candidate is appointed. If two or more slates obtain an equal number of votes, those slates must be voted on again until they no longer receive an equal number of votes. The roles of Chairman and Deputy Chairman of the Board are held, respectively, by the candidate indicated in first and second place of the first section of the slate that obtained the majority of votes, or of the slate from which, in accordance with Articles 22.12 and 22.13 of the Articles of association, the majority of directors was taken or of the only slate submitted or by the members appointed as such by the Shareholders' Meeting, if no slate has been submitted. The role of Chairman of the Management Control Committee is held by the candidate indicated at the first place in the second section of the slate that obtained the second highest number of votes except where the majority of Board Directors have been taken from that slate in application of Art. 22.13 of the Articles of Association; in the latter case, the role of Chairman of the Management Control Committee is held by the candidate indicated at the first place in the second section of the slate from which the highest number of members of the Board of Directors has not been taken and which is the slate that has obtained the majority of votes expressed in the Shareholders’ Meeting. Failing that, the role of Chairman of the Management Control Committee is held by the candidate indicated in first place in the second section of the only slate submitted or by the member appointed as such by the Shareholders' Meeting, if no slate has been submitted. Cessation of office, replacement and removal Without prejudice to the contents of the paragraphs below, if, during the financial year, one or more Directors not forming part of the Management Control Committee cease(s) their office, the first candidate not elected in the section of the slate to which the ceased Director belonged, and who guarantees respect of the composition requirements of the Board provided by existing regulations and by the Articles of Association, takes over; failing that, the appointment occurs by way of co-option in accordance with Art. 2386 of the Italian Civil Code, in respect of the majorities provided by Art. 25.6(ii) of the Articles of Association. If the Chairman and/or Deputy Chairman of the Board and/or the Chief Executive Officer ceases their office, the relevant appointment shall be made for co-optation pursuant to art. 2386 of the Italian Civil Code in compliance with the majorities provided by for Art. 25.6(ii) of the Articles of Association, not operating in that case the replacement mechanism referred to above. In such case, as an exception to Art. 11.2 of the Articles of Association, the Board of Directors shall appoint the Chairman and/or the Deputy Chairman of the Board until the first available Shareholders’ Meeting. If it is necessary to replace a Director member of the Management Control Committee, the first candidate not elected in the respective section of the slate from which the replaced member was taken takes over; if this is not possible, also in relation to the need to respect the composition and gender balance requirements, the Shareholders' Meeting proceeds by relative majority in respect of the principle of the necessary representation of minorities. If the Chairman of the Board ceases office, the Chairmanship is taken on by the second member elected in the second section of the slate from which the outgoing Chairman had been taken. Should this not be possible, the Shareholders’ Meeting shall make the replacement in compliance with the principle of the necessary representation of minorities; The replacement candidates, identified in accordance with the provisions of this article, must confirm that they accept their appointment and also make declarations that no cause for ineligibility and incompatibility exists and that they possess the requirements prescribed by law and by these Articles of Association for the office. The member of the Board asked to replace the outgoing member remains in office until the original expiry date of the replaced Director, unless the application of art. 2386, paragraph 1, of the Italian


Civil Code. If, for any reason, the majority of members originally appointed comes to be missing, the entire Board of Directors is understood to be terminated commencing from the date of assumption of the office by the newly-appointed members. The Shareholders' Meeting is convened without delay in order to appoint the new Board. The members of the Board of Directors, therein including the members of the Management Control Committee, may be removed by the Shareholders' Meeting at any time, subject to the right of the removed Director to compensation for damages if the removal occurs without just cause. The proposal concerning the removal of one or more members of the Management Control Committee must also adequately illustrate its reasons. That proposal, if submitted by the Board of Directors, must be adopted with the favourable vote of the absolute majority of members in office and the advance favourable opinion expressed unanimously by the Nomination Committee; if the proposal is submitted by the Management Control Committee, it must be adopted unanimously among the members of that Committee, except the vote of the member subject to the removal proposal. The removal of the members of the Management Control Committee must be properly reasoned. The removal of a member of the Management Control Committee also implies the removal as member of the Board of Directors. For further information about the succession plan adopted by the Issuer see section 7 of this report.

4.3 Composition of the Board of Directors (pursuant to Art. 123-bis, paragraph 2, letters d) and d-bis) of the Consolidated Finance Law)

In accordance with the Articles of Association, the Board of Directors is made up of 15 members including the Chairman, the Deputy Chairman, the Chief Executive Officer and the five members of the Management Control Committee. The Shareholders’ Meeting held on 12th April 2019 was called upon, in compliance with the provisions of the Articles of Association, to appoint the members of the Board of Directors and Management Control Committee for 2019-2020-2021, as well as the Chairman, Deputy Chairman of the Board and Chairman of the Management Control Committee. On the expiry of the time limit for the presentation of slates (18th March 2019), a single slate of 15 candidates had been presented (on 16th March 2019): Fondazione Cassa di Risparmio di Cuneo Fondazione Banca del Monte di Lombardia Mar.Bea S.r.l. and Matteo Zanetti which together hold 118,153,595 shares (10.33% of the UBI Banca share capital), in implementation of the agreement entered into on 18th December 2018 between Sindacato Azionisti UBI Banca S.p.A., Patto dei Mille and Fondazione Cassa di Risparmio di Cuneo. The Bank therefore extended the time limits for filing slates, as required by the Articles of Association, by issuing a press release for that purpose. Shareholders who, by themselves or together with other shareholders, represent at least 0.5% of the share capital of the Bank were thus able to submit slates for the appointment of the Board of Directors and the Management Control Committee until the time limit of 21st March 2019. No other slate had been presented on the expiry of the above final time limit. The Shareholders’ Meeting of UBI Banca held on 12th April 2019 therefore, in compliance with the provisions of the Articles of Association, appointed the Board of Directors, consisting of 15 members in accordance with the Articles of Association, of whom five are also members of the


Management Control Committee. In view of the above, all 15 members of the Board of Directors, including the 5 members of the Management Control Committee, were taken from the only slate presented. The following were also elected: as Chairwoman of the Board of Directors, dott.ssa Letizia Maria Brichetto Arnaboldi; (ii) as Deputy Chairman of the Board of Directors, dott. Roberto Nicastro; (iii), as Chairman of the Management Control Committee, dott. Alessandro Masetti Zannini. The slate presented was voted for by 98.91% of the share capital represented in the Shareholders' Meeting. By Executive Order of the Director of its Corporate Governance Division No. 13 of 24th January 2019, Consob set the minimum equity investment required to submit a slate of candidates for the election of the governance and control bodies of UBI Banca at 1% of share capital. The same percentage of the share capital was set by executive order No. 28 dated 30th January 2020 of the Manager of the Corporate Governance Division. The Board of Directors of UBI Banca is characterised by the predominant presence of directors who are non-executive (14 out of 15) and/or independent (10 out of 15); at least two thirds of the directors must be in possession of the independence requirements provided for in Art. 21 of the Articles of Association. Overall, this approach is intended to guarantee proper and balanced discussion within the Board of Directors and appropriate checks and balances with regard to the Chief Executive Officer and the management of the Bank. In accordance with the Articles of Association, a quota of at least one third of all the members is reserved for the less represented gender (the Board currently consists of six women out of 15 members, with a 40% quota for the less represented gender). As already reported, on 1st January 2020 the provisions of the 2020 Budget Law came into effect, modifying articles 147-ter, paragraph 1-ter and 148, paragraph 1-bis of the Consolidated Finance Law, introduced by Law No. 120 of 12th July 2011 (the “Golfo-Mosca Law”) on parity between genders in the governing bodies of listed companies. The 2020 Budget Law established, among other things, the reservation of a different quota of “at least two fifths” for the less represented gender and confirmed (Conversion Law No. 157/2019, converting Decree Law No. 124/2019) that this quota is to be applied for “six consecutive mandates”. In accordance with the 2020 Budget law the gender quota of “at least two fifths” applies “from the first renewal of the governing and control bodies of companies listed on regulated markets following the entry into force of this law”, which took place on 1st January 2020. The Articles of Association also require at least two board members to be registered on the Register of Statutory Auditors and have exercised statutory accounts auditing activity for no less than three years. Three members of the current Board of Directors have the aforementioned characteristics. On 16th April 2019 the Board of Directors approved the formation of the following internal committees, with the functions and powers provided for by the Articles of Association of UBI Banca and by the applicable regulations in force:

- Appointments Committee - Remuneration Committee - Risk Committee - Related Parties and Connected Persons Committee

At the same meeting, on the basis of a proposal from the Appointments Committee, the Board of Directors, appointed Victor Massiah as Chief Executive Officer and granted him the necessary and appropriate powers for the management of the Company, also in accordance with the provisions of the Articles of Association. Dott. Victor Massiah is the Chief Executive Officer, with prime responsibility for the management of the bank and is the board member with responsibility for the internal control and risk management system. In view of the above, the Board of Directors (in office at the time of publication of this report) thus consists of 15 members elected by a slate voting procedure, by the Ordinary Shareholders' Meeting of 12th April 2019:


The curricula vitae of the members of the Board of Directors are available in the Corporate Governance section of the website of UBI Banca.

Full information on the personal and professional characteristics of each board member can be found in the documentation published in the Shareholders section of www.ubibanca.it at the time of their appointment, attached to the list presented by the shareholders. Attachment A) lists the offices held (as applicable) by all members of the Board of Directors in companies listed on regulated markets, including foreign regulated markets, and in finance, banking, insurance or large companies. In accordance with the Articles of Association, a quota of at least one third of all the members is reserved for the less represented gender (the Board currently consists of six women out of 15 members, with a 40% quota for the less represented gender). In this regard, we note that on 1st January 2020 the provisions of the 2020 Budget Law came into effect, modifying articles 147-ter, paragraph 1-ter and 148, paragraph 1-bis of the Consolidated Finance Law, introduced by Law No. 120 of 12th July 2011 (the “Golfo-Mosca Law”) on parity between genders in the governing bodies of listed companies. The 2020 Budget Law established, among other things, the reservation of a different quota of “at least two fifths” for the less represented gender and established that this quota is to be applied for “six consecutive mandates”. In accordance with the 2020 Budget law the gender quota of “at least two fifths” applies “from the first renewal of the governing and control bodies of companies listed on regulated markets following the entry into force of this law”, which took place on 1st January 2020. The Articles of Association also require at least two board members to be registered on the Register of Statutory Auditors and have exercised statutory accounts auditing activity for no less than three years. Three members of the current Board of Directors have the aforementioned characteristics. More detailed information on the composition of the Board of Directors is given in Summary table No. 2 attached to this Report.


The Shareholders’ Meeting has not authorised exceptions to the prohibition on competition pursuant to Art. 2390 of the Civil Code; the Board of Directors carries out assessments to ensure that its members are not involved in any situations pursuant to Art. 36 of Law No. 214/2011, the conversion with amendments of Decree Law 201 of 6th December 2011. Chairwoman of the Board of Directors The Shareholders’ Meeting of 12th April appointed Dott.ssa Letizia Maria Brichetto Arnaboldi as Chairwoman of the Board of Directors. The Chairwoman of the Board of Directors performs a crucial function to ensure the proper functioning of the Board, promote dialogue within it and ensure that there is a balance of powers, consistent with the duties relating the organisation of the work of the Board of Directors and the circulation of information that are assigned to it by the Civil Code. The Chairwoman promotes the effective functioning of the corporate governance system, ensuring the balance of powers with regard to the Chief Executive Officer and other executive directors. The Chairman liaises with the Control Function and the internal committees. The Chairwoman of the Board: a) is authorised to represent the company and sign on its behalf; b) without prejudice to Art. 11.4 of the Articles of Association, sees to the calling of the

Shareholders’ Meeting; c) chairs the Shareholders’ Meeting and supervises its conduct and proceedings; d) calls and chairs meetings of the Board of Directors , establishes the agenda, also considering

the proposals made by the Deputy Chairman and the Chief Executive Officer and coordinates its works, ensuring that adequate information on the items on the agenda is provided to all members and ensuring that the works of the Board are performed with adequate dialogue between all members, with particular regard to the dialogue between the Chief Executive Officer and the other Directors in a such manner to ensure the Board to take decision arising from the mediated and active contribution from all Directors;

e) supervises the correct and effective functioning of the corporate governance and activates the informative instruments required to monitor the correctness and adequacy of the Company's administrative, accounting and organisational system, maintains relationships with the Supervisory Authorities, in the context of the activity of the Board;

f) manages relations with the Chief Executive Officer and ensures the balance to the powers with particular regard to the delegated powers relating to ordinary management; liaises with the Management Control Committee and its Chairman, and with the Committees indicated in Art. 31; it also manages, in agreement with the Chief Executive Officer, with the external communication of information concerning the Company and oversees, again in agreement with the Chief Executive Officer, the fairness of the relationships with Shareholders;

g) makes proposals, subject to consultation with the Deputy Chairman, on guidelines and plans relating to cultural and charitable initiatives of the Company and the Group, to be submitted to the Board of Directors;

h) requests and receives information, including information concerning specific aspects of the Company’s and the Group’s management and current and future trend of operations, with access to all company functions for this purpose;

i) shall exercise all other powers, provided by these Articles of Association, functional to the exercise of his office.

In the case of absolute justified urgency, if it is impossible to promptly convene the Board, the Chairman of the Board or, in his absence or impediment, the Deputy Chairman, or, in the absence or impediment of the foregoing, the Chief Executive Officer, may pass resolutions on any transaction under the remit of the Board, and in particular on the provision of credit, with the exception of matters under the exclusive remit of the Board. The decisions thus assumed must be brought to the attention of the Board at its next meeting. Chief Executive Officer The Board of Directors, in respect of the provisions of law and the Articles of Association, and in


particular the provisions of Art. 24 of the Articles of Association, can delegate its powers that are not reserved by law or by the Articles of Association to its exclusive remit to: one of its members, who assumes the title of Chief Executive Officer, subject to the provisions for the case of urgency indicated by Art. 26.2.of the Articles of Association, or to specific committees, made up of Directors and/or managers and also, within predefined limits on amount, to the General Manager, if appointed, to managers, middle managers, as well as to the branch managers. For the completion of individual deeds and contracts, the Board may also delegate its powers to its individual members. At its meeting on 16th April 2019, the Board of Directors appointed Dott. Victor Massiah as Chief Executive Officer. The Chief Executive Officer is responsible, within the limits of his/her powers, in the context of the general, planning and strategic guidelines resolved by the Board, for: a) supervising the management of the Company and the Group and dealing with implementing

the resolutions of the Board of Directors; b) taking care of the execution of the strategy of the Company and the Group; c) implementing the organisational, administrative and accounting structure determined by the

Board; d) implementing the resolutions and the guidelines (including the strategic guidelines) of the

Board of Directors; e) to determine the operational directives for General Management; f) making, within the limits of his/her competences, proposals to the Board in relation to the

definition of the general planning and strategic guidelines of the Company and the Group as well as preparing the business and/or financial plans and the budgets of the Company and the Group;

g) proposing guidelines in relation to optimising the use and development of resources and submitting to the Board the draft financial statements and the interim situations;

h) suggesting to the Board the appointments of (i) senior figures reporting hierarchically to the Chief Executive Officer, (ii) management and control bodies and general management of the Group companies, in agreement with the Chairman and Deputy Chairman of the Board;

In performing his/her functions, the Chief Executive Officer relies on the Steering Committee and the Managerial Committees provided for in Art. 24.3, let. d) and e) of the Articles of Association. The Chief Executive Officer reports usually on a monthly basis, and in any case quarterly, on the management performance, on its outlook and on the most significant operations performed by the Company and by its subsidiaries. The Chief Executive Officer also shall report on a monthly basis to the Board on the accounting results of the Company, the main subsidiary companies and the Group as a whole. Without prejudice to particular cases of urgency when the Chief Executive Officer report without delay.

* * * No board members other than the Chief Executive Officer are considered as executives pursuant to the Corporate Governance Code. Requirements of independence: Independent Directors In accordance with Art. 20.10 of the Articles of Association, at least two thirds of the members of the Board must satisfy the requirements of independence provided for in Art. 21 of the Articles of Association and in any case in the pro tempore laws and regulations in force. In accordance with Art. 21 of the Articles of Association, directors are considered to be independent if they are in possession of the independence requirements provided for by Art. 148 of the Consolidated Finance Law and by the regulations to implement Art. 26 of the Consolidated Banking Law. Notwithstanding the above, the independent members of the Board of Directors shall satisfy the requirements set forth in the Corporate Governance Code of Italian listed companies issued by Borsa Italiana S.p.A., from time to time applicable. The existence of the independence requirement is verified by the Board of Directors, in accordance with the application criteria set by the above-mentioned Corporate Governance Code and incorporated in the relevant internal


regulation approved by the Board itself. The Articles of Association choose to specify a large number of independent directors, making it possible to ensure that the composition of the Board of Directors is compliant with the Corporate Governance Code and in line with international best practices. More specifically, the Management Control Committee, Risk Committee and the Related Parties and Connected Persons Committee are entirely composed of independent directors. The committees are also chaired by independent directors. On acceptance of their candidature, ten directors declared that they were in possession of the requirements of independence specified in the Articles of Association. On 8th May 2019, on conclusion of their appointment, the Board of Directors ascertained the independence of the 15 directors concerned. It issued a press release giving the outcome of the assessment on the same day. In this regard it should be noted that the following 10 directors were in possession of the requirements of independence specified in the Articles of Association: Dott.ssa Letizia Bellini Cavalletti, Prof. Paolo Boccardelli, Dott. Paolo Bordogna, Dott. Alberto Carrara, Prof. Francesca Culasso, Dott. Ferruccio Dardanello, Dott. Alessandro Masetti Zannini, Dott. Roberto Nicastro, Dott.ssa Simona Pezzolo De Rossi and Dott.ssa Monica Regazzi. The members of the Management Control Committee, also acting as members of the Board of Directors, have verified that the inspection criteria and procedures adopted by the Board of Directors to assess the independence of the ten Directors above were appropriate. All Senior Officers (inclusive of those who in accordance with the Articles of Association are not considered independent) shall act with full independence of mind and knowledge of the duties and rights attaching to their position, in the interest of the sound and prudent management of the Bank and in compliance with the law and all other applicable regulations. More specifically, independence of mind refers to determined characteristics which a Senior Officer must possess (e.g. attentive participation in meetings of the body to which they belong and the frequency of their intervention by means of questions, the capacity to assess and if it is the case oppose decisions proposed by other directors, courage, conviction of their own positions) and it assumes that certain possibilities of conflicts of interest, defined as particularly important by virtue of the orientations of the supervisory authorities, shall not occur. When conflict of interest situations occur, on own account or that of third parties, a Senior Officer must promptly notify the Board of Directors or, according to their responsibilities, the Management Control Committee, consistent with the provisions of Art. 2391 of the Italian Civil Code and Art. 53, paragraph 4 of the Consolidated Banking Law. Specific regulations have also been put in place in the presence of transactions with certain significant parties within the UBI Group, with the definition of quantitative limits (and in certain cases bans) on determined transactions. Reference is made in this respect to the Single Policy and the Single Regulation on conflicts of interest, available in the Corporate Governance – Corporate Documents section of www.ubibanca.it. The independence of directors is assessed by the Board of Directors when they are appointed and then annually. The Board of Directors certifies that members of the Related and Connected Parties Committee are in possession of the requirements of independence when they are appointed; this is then verified periodically every six months. The annual self-assessment process has not, as yet, shown any need for the independent directors to hold special meetings, because most of the directors on the Board are independent and because the large number of meetings held by the Board of Directors has given ample opportunities to debate significant issues at the Board meetings themselves.


The appointment of a Lead Independent Director is not envisaged because the conditions set out in the Corporate Governance Code do not exist. Suitability requirements for the position Subject to any further requirement prescribed for the Directors making up the Management Control Committee, the members of the Board of Directors must be fit to perform the duties of their office, in accordance with the provisions of existing laws and regulations and the Articles of Association; they must, in particular, satisfy the requirements of personal integrity and professionalism and respect criteria of competence, fairness and sufficient time commitment provided by the pro tempore laws and regulations in force and the specific limits on number of directorships prescribed by applicable laws and regulations to perform the role of director of a bank issuing shares listed on regulated markets. In any event, any member of the Board of Directors must satisfy the requirements set forth in Directive 2013/36/EU of 26th June 2013 (“CR IV”), to carry out the duties of director of a bank issuing shares listed on regulated markets. Members of the Board of Directors cannot be over 75 years of age upon their appointment. Those who have covered the respective specific office continuously for three previous mandates may not be appointed to the role of Chairman or Deputy Chairman. In addition to the requirements established by existing regulations, all members of the Board must have: accrued overall experience - through the exercise, in Italy and abroad - of at least three years as chairman or at least five years in the field of: administration and/or strategic supervision, management or control in: (i) banks, finance companies, asset management companies or insurance companies; (ii) independent public authorities; (iii) enterprises aimed at the production and/or exchange of goods or services that have exceeded,

for the periods of permanence in office provided for in this paragraph, two of the following limits: (a) €20 million of balance sheet assets; (b) €40 million of revenues from sales and services; (c) 250 employees employed on average during the financial year calculated on the figures of the latest approved financial statements or, if prepared, consolidated financial statements;

(iv) companies with shares traded on an Italian or foreign regulated market. Candidates who have not acquired that professional experience may also be elected provided that: - they have been tenured university professors for at least five years in legal or economic or

mathematical or statistics or management engineering subjects; - they are or have been members of the professional associations of accountants, notaries or

lawyers for at least ten years. At least two-thirds of the members of the Board must satisfy the requirements of independence provided for in Art. 21 of the Articles of Association and in any case in the pro tempore laws and regulations in force. At least two of the members of the Board must be chosen from persons registered on the Register of Statutory Auditors who have exercised statutory accounts auditing activity for no less than three years. Furthermore, in accordance with Art. 20.9 of the Articles of Association, the composition of the Board must ensure the balance between the genders provided for in Art. 22.5(i) thereof (less represented gender: at least 1/3). As already reported, the provisions of the Articles of Association relating to gender balance will require updating to take account of the related changes to legislation (cf. sections 4.2 and 4.3 above). The members of the Board of Directors must promptly communicate the loss of the requirements required for the role held by them or the occurrence of a cause of incompatibility. To this purpose, without prejudice to the provisions of Art. 22, the members of the Board of Directors are required to update, giving prompt notice to the Chairman of the Board of Directors, the certifications of


satisfaction of the requirements and any information useful to an overall assessment of fitness for the office held, according to the scheme envisaged in Art. 22.4.

Without prejudice to the paragraph below: - the loss of the requirements provided for by applicable laws and regulations or by the Articles of

Association determines the disqualification from the office of director; - the occurrence, even after appointment, of a cause of incompatibility, therein including the

exceeding of the limits on the number of directorships, if not removed within 30 days from its occurrence as notified by the interested party or from the longer term provided for by the pro tempore applicable laws and regulations, determines the disqualification from the office of director;

- the loss of one of the requirements laid down in the Articles of Association for the Directors who are members of the Management Control Committee determines in any case their disqualification from the Board of Directors.

If the existence of particular requirements, conditions, personal capacities for only a minimum number of Directors is required, the loss of those requirements, conditions, capacities by one Director, does not determine his/her disqualification from the office if the minimum number of Directors meeting such requirements is still satisfied. Without prejudice to the provisions of the Articles of Association, for the governance of (i) defining the suitability requirements for Directors and (ii) the criteria for assessing the possession of those suitability requirements, the Policy on suitability requirements and criteria for carrying out the duties of the senior officers adopted by UBI Banca applies. The report on the qualitative and quantitative composition of the new Board of Directors issued by the outgoing Supervisory Board in February 2019 and available in the shareholders section of www.ubibanca.it, takes account of the provisions contained in that policy. The legislation governing the verification of the requirements for senior officers of the Bank (Art. 26 of the Consolidated Banking Law) was amended with Legislative Decree No. 72/2015, which introduced suitability requirements for senior officers, in addition to being in possession of requirements of professionalism, integrity and independence, must “satisfy fit and proper criteria and dedicate the time required to perform the duties of the position, so as to guarantee the sound and prudent management of the Bank”. The regulations implementing these provisions in relation to the satisfaction of suitability requirements are to be contained in a special decree to be issued by the Ministry of the Economy and Finance, which as of today has not yet been issued. In this regard it should be noted that a draft Ministerial Decree establishing the regulation on suitability requirements and criteria for carrying out duties which implements the new Art. 26 of the Consolidated Banking Law, consultation of which came to an end on 22nd September 2017 (the Draft MD) is currently available. More specifically, UBI Banca intends, with this Policy, to ensure that the members of its administration, management and supervisory bodies constantly satisfy the suitability requirements for these positions set by the legislation and regulations currently in force, by the relative articles of association and by corporate governance best practices followed in the banking sector. For the purposes of preparing the Suitability Policy, UBI Banca has also taken account of the principles included in the Draft MD.

Proper conduct requirements The members of the Board of Directors, including the members of the Management Control Committee and the General Manager (the “Senior Officers”) must ensure that they satisfy proper conduct requirements in accordance with the applicable legislation and regulations. More specifically, in order to verify satisfaction of the proper conduct requirement, the Board of Directors is required to consider determined circumstances regulated by the legislation and regulations applicable to banks (M.D. No. 161/1998). In addition to the above, because UBI Banca is a listed company, the proper conduct requirements set by M.D. 162/2000 also apply. It is underlined that the principle of proportionality does not apply when assessing the proper conduct requirement.


Integrity criteria In addition to the proper conduct requirement, the Bank is required to assess whether specific criteria of integrity have been met by each Senior Officer with regard to their personal and professional conduct, in compliance with the provisions of the EBA/ESMA Guidelines and the ECB Guide. In accordance with the aforementioned regulations, members will be deemed to meet the requirements of integrity in the absence of objective, proven evidence to the contrary. Professional requirements Senior Officers must be in possession of the professional requirements laid down for each of them by the applicable regulations and legislation in force and by the Articles of Association with account taken in particular of the nature of the position and of the positions of chairman of the board of directors, chief executive officer and general manager for which the applicable regulations and legislation may require the possession of further professional requirements. Knowledge and skills criteria In addition to the professional requirements, Senior Officers are required to satisfy competency criteria designed to demonstrate their suitability for holding the position, with account taken of the duties inherent in the role occupied and the size and operating characteristics of the Bank. Senior Officers must possess up-to-date knowledge of the business in which the bank operates and of the related risks to a level commensurate with his/her responsibilities. This includes a sufficient understanding of the areas for which an individual member is not directly responsible but is responsible jointly with the other members of the Board of Directors. For the purposes of assessing whether the competency criteria are satisfied, consideration is given to both (i) technical knowledge acquired through study and education and also (ii) practical experience and ability to innovate, acquired from previous or ongoing working activities, particularly in a business setting, while taking account of the results achieved. The Board of Directors shall take account of any international experience the Senior Officer concerned may have. On conclusion of the appointment and at the time of annual assessments, the Board of Directors – with support from the Appointments Committee – and the Management Control Committee shall assess the theoretical knowledge and practical experience of each Senior Officer: (i) both in relation to more than one of the following significant areas:

a) financial markets; b) legislation and regulation in the banking and financial sector and relating to listed

companies; c) policies and strategic programming; d) organisational structure and corporate governance; e) risk management (identification, measurement, monitoring, control and mitigation of the

main types of risks for a bank, inclusive of the responsibilities of the Senior Officer in those processes);

f) internal control systems and other operating mechanisms; g) banking and financial assets and products; h) accounting and financial reporting; i) digital and information technology; j) sustainability;

(ii) and also whether they are suitable with respect to: a) the duties inherent in the role of the Senior Officer and any specific authorisations or

powers they may have, inclusive of participation in internal Board committees; b) the characteristics of the Bank and Banking Group to which they belong with account

taken of the size, complexity, type of activities carried out and the connected risks, the relative markets and the countries in which the Company operates.

Limits on the number of positions Senior Officers are required to comply with the legislative, regulatory and articles of association provisions on accepting positions in different companies (Art. 91 of Directive CRD IV and Art. 20, paragraph 7 of the Articles of Association). These provisions of legislation and the Articles of Association are also related to compliance with the time availability requirement.


For the purposes of calculating the limit on the number of positions, Positions are defined as follows, however they may be named: i) on the Board of Directors, the Supervisory Board, the Management Board; ii) on the Board of Statutory Auditors; iii) the General Manager; for foreign countries, positions equivalent to those in items i), ii) and iii) are considered on the basis of the law applicable to the company; the title alternate member does not constitute a position until the time at which the person is appointed carries out the functions of a full member. More specifically, the limits on the number of positions for Senior Officer of the Bank consist of the following combinations: (i) 1 executive Position and 2 non-executive Positions, inclusive of the Position in the Bank; (ii) 4 non-executive Positions, inclusive of the Position in the bank. The following multiple positions are nevertheless calculated as one single Position: (i) positions held within the same Group; (ii) positions held in entities belonging to the same “Institutional Protection Scheme”; (iii) Positions held in undertakings in which the Bank holds a qualifying holding as defined by

Regulation (EU) No. 575/2013, Art. 4(1), point 362. In line with regulations and European guidelines, positions held in organisations which do not pursue predominately commercial objectives shall not count for the purposes of the number of positions. In accordance with Art. 91, paragraph 5 of the CRD IV, organisations which do not pursue predominantly commercial objectives are considered, amongst others, to include: (i) nonprofit sports or cultural associations, (ii) charitable organisations, (iii) churches, (iv) chambers of commerce, trade unions, trade associations, (v) organisations established solely for the purpose of managing the personal financial interests of Senior Officers, and which do not require daily management activities, (vi) “società semplici” (type of ordinary partnership). It is underlined that, while they do not count for the purposes of the number of positions, positions held in organisations that do not pursue predominantly commercial objectives must be assessed in relation to the time availability requirement. This is without prejudice to the possibility, in accordance with Art. 91, paragraph 6, of CRD IV, to request that the competent authorities authorise holding an additional non-executive directorship position3. Notwithstanding the above, which refers to all members of the Board of Directors, the Articles of Association set further limits on the number of positions for Directors who are also members of the Management Control Committee, which if exceeded shall result in their disqualification if they have been appointed. More specifically, in accordance with Art. 20.11 of the Articles of Association, members of the Management Control Committee may not hold positions as executive or non-executive directors in other companies which exceed the size requirements specified in the aforementioned article of the Articles of Association. More specifically they may not (i) in any case hold the role of executive director in other companies having total revenues exceeding €50 million or (ii) hold non-executive positions in the management bodies of other enterprises aimed at the production and/or trading of goods or services having revenues exceeding €500 million, of banking or financial enterprises having total assets at least equal to €5 billion, of insurance companies with a gross value of annual premiums collected at least equal to €1 billion, in a number higher than two. The size data under letters (a) and (b) above are calculated on the data of the last approved financial statements or, if prepared, consolidated financial statements. The members of the Management Control Committee must also comply with the limits on the number of positions set for members of the supervisory bodies of listed companies by Art. 148-bis of the Consolidated Finance Law and the relative regulations to implement it. Other incompatibility possibilities Furthermore: (i) all Senior Officers are required to comply with the provisions of Art. 36 of Decree Law No.

201/2011, converted into Law No. 214/2011 (the “Save Italy Decree”) on interlocking directorships, according to which holders of positions in management, supervision and control bodies and senior officials of companies or groups of companies operating in credit, insurance

2 In accordance with regulation (EU) No. 575/2013, Art. 4(1), point 36, a “qualified holding” is defined as a direct or indirect holding in a company that represents at least 10% of the share capital or the voting rights which allows the exercise of significant influence over the management of the undertaking. 3 That right, exercised by two senior officers during the current mandate of the board, relates at present to a single member of the Board of Directors in relation to a non-executive position.


and financial markets are banned from acquiring or occupying similar positions in competing companies or groups of companies;

(ii) in accordance with Art. 2390 of the Italian Civil Code, members of the management body may not become partners or shareholders with unlimited liability in competing companies, nor may they carry on a competing business on their own account or on the account of third parties, nor may they be directors or general managers in competing companies unless authorised by a shareholders’ meeting;

(iii) all Senior Officers are required to comply with legislation and regulations on incompatibility for public employees and for holders of public positions pursuant to Legislative Decree No. 165/2001, as subsequently amended and added to.

Availability of time Each Senior Officer is required to commit adequate time to performing the functions of their position and for that purpose the Bank informs Senior Officers of the time that it estimates is necessary for effectively performing the functions of their position at UBI Banca, with account taken of the specific position occupied by the Senior Officer and any participation on Committees there may be. The criteria that the Bank uses in order to estimate the time necessary are as follows: - the number and duration of meetings in previous years; - the number of meetings scheduled for the current year; - the need for possible extraordinary meetings; - the nature, importance and characteristics of activities scheduled by the Bank in the

expected period in which Senior Officers will perform their functions, also in consideration of the contents of the business plan and strategic plans approved by the Company;

- the time necessary for induction and training; - the estimated time needed to prepare for each meeting; - the estimated travelling time needed to reach the location of meetings; - the nature of the position and the responsibilities of the Senior Officer (e.g. duties assigned to

Chairman of the Board of Directors and of the Management Control Committee). The indication of the time estimated is reassessed annually by the Board of Directors, with support from the Appointments Committee and the Management Control Committee when the self-assessment meeting is held. At the time of appointment, and promptly when recent events have occurred, a Senior Officer shall inform the competent body of (i) positions occupied in companies, firms or entities and the time employed, (ii) working activities carried out and the time employed and also (iii) other situations or information relating to the work or personal sphere which might impact significantly on the availability of the Senior Officers time, who confirms in writing that he/she is able to commit at least the time estimated by the Bank for the position occupied. In evaluating the time available to senior officers, the Bank evaluates the information set out in paragraph 43 of the EBA/ESMA Guidelines. On the basis of the above information provided by a Senior Officer, the competent body assesses whether the time that the Senior Officer is able to commit to their position at UBI Banca is sufficient (“sufficient time commitment”) to effectively perform the functions of the relative position, also in view of the principles specified in Title III, paragraph 4 of the EBA/ESMA Guidelines. The time availability of each Senior Officer is assessed continuously, for that which concerns them, by the Board of Directors and the Management Control Committee, which must take account of the information provided by each Senior Officer and of the actual participation of the person concerned in meetings of the body of which they are a member. Should a Senior Officer fail to attend at least 80% of the respective meetings of the relative body, he or she must provide adequate reasons in order for satisfaction of the requirement in question to be assessed. Where the availability of time provided by a Senior Officer is judged insufficient, the Board of Directors or the Management Control Committee, for that which concerns them, may ask the Senior Officer to make specific appropriate commitments to increase their time availability and may also take specific measures including revoking authorisations or specific duties or exclusion of the Senior Officer from committees of which they are a member. This is nevertheless without prejudice to the limits on the number of positions and provisions on the incompatibility of positions.


Verification of suitability ( inclusive of collective) requirements by members of the governing bodies On conclusion of the verifications and assessments conducted on 8th May 2019 by the Board of Directors of UBI Banca S.p.A., subject to prior investigation by the Appointments Committee, having noted the declarations of the persons concerned and with account taken of the information available to it, it was found that each member of the Board of Directors appointed by the Ordinary Shareholders’ Meeting held on 12th April 2019 was in possession of the suitability requirements set by the legislation and regulations in force, by the Articles of Association and by internal regulations as well as by corporate governance best practices followed by the banking sector4. The following requirements were examined for each director: − proper conduct; − integrity; − professionalism; − expertise; − independence as defined in the applicable provisions of laws, regulations and Articles of Association; − independence of mind; − availability of time; − limit on the number of positions held. More specifically, it has been verified that in accordance with articles 20.10 and 20.11 of the Articles of Association, two thirds of the members of the Board and in any event all members of the Management Control Committee are in possession of the requirements of independence set by Art. 21 of the Articles of Association (independent directors are considered to be directors who are in possession of the independence requirements laid down by Art. 148 of Legislative Decree No. 58 dated 24th February 1998 and the implementing regulation of Art. 26 of the Legislative Decree No. 385 dated 1st September 1993. Notwithstanding the above, the independent members of the Board of Directors shall satisfy the requirements set forth in the Corporate Governance Code of Italian listed companies issued by Borsa Italiana S.p.A., from time to time applicable). On conclusion of the verifications conducted on 8/5/2019 by the Board of Directors and by the Management Control Committee on 7/5/2019, subject to prior investigation by the Appointments Committee, those directors who are members of the Management Control Committee were also found to be in possession of the additional requirements set by the legislation and regulations and by the Articles Association for the composition of the supervisory body. The verifications were conducted on the basis of qualitative and/or quantitative criteria set by internal regulations of the Bank, as described in greater detail in the “Report on the qualitative and quantitative composition of the Board of Directors” approved by the competent governing bodies in February 2019. Finally, the Board of Directors ascertained the adequate collective composition of the Board of Directors in light of the requirements set by the applicable legislation and regulations in force and also in light of the “Report on the qualitative and quantitative composition of the Board of Directors” approved in February 2019.

Diversity in the composition of the Board of Directors In February 2019 the Supervisory Board, as it was coming near to the end of its mandate with the planned changeover to the one-tier system of governance and control, prepared a report on the qualitative and quantitative composition considered optimal for the new Board of Directors, published on the Bank’s website on 1st March 2019 together with the documentation relating to the matters on the agenda of the Shareholders’ Meeting held on 12th April 2019; the results of this analysis were published and distributed to the shareholders. The document takes into account the outcomes of the end of term of office board evaluation. In particular, the outgoing Supervisory Board expressed the hope that candidate selection would take account of the adequacy of the composition of the Board of Directors and of the Management Control Committee as a whole in order to foster discussion and dialogue within each corporate body, to encourage the generation of different approaches and perspectives in the analysis of issues and in decision making, and to provide effective support for the company processes of formulating 4 Following the meeting of the Board of Directors on 8th May 2019, the Bank announced the outcome of the assessment carried out in relation to the Directors appointed by the Shareholders’ Meeting of 12th April 2019 in a press release to the market pursuant to Art. 144-novies, paragraph 1-bis of the Consob Issuers’ Regulations.


strategies, management and risk activities, and control over the work of senior management, taking into account the multiple interests that contribute to the sound and prudent management of the Bank. For the purposes of assessing the criteria of adequate collective composition of the corporate bodies, attention is drawn to the principles and criteria described under sections 67 to 72 of the EBA/ESMA Guidelines. The report also highlighted the need to consider the presence within the Board of Directors, and therefore also within the Management Control Committee, of Senior Officers: (i) who are diversified in terms of age, gender and length of service in the position; and (ii) whose expertise, considered collectively, is appropriate for achieving the objectives described above. With reference to criteria of individual competency , the Supervisory Board also expressed the hope that said criteria would be met in a balanced combination within the Board of Directors in order to enable said body as a whole, in consideration of the complexity of the Group’s size and specific context, to express a diversified but complementary set of skills, together with a balances combination of profiles and experience, while also meeting diversity requirements and assessing, in such context, the value of gender and other forms of diversity (within the limits of the Articles of Association). More specifically, the Supervisory Board recommended that the Board should include members who have acquired important and consolidated experience, with specific professionalism and high standing, in carrying out the activities of management, administration and supervision of institutions in the banking and financial sector. Having taken into consideration the existence of a detailed document on its qualitative and quantitative composition that also includes diversity guidelines, the Supervisory Board did consider drawing up and adopting a specific diversity policy in relation to the composition of the governing bodies, in the belief that the aforementioned document comprehensively met the necessary requirements. The Board of Directors has not returned to the matter yet, also on the basis of the following. With reference to gender, and without prejudice to what is stated in paragraphs 4.2 and 4.3 above, it will be recalled that the Articles of Association currently in force require each slate to be made up of candidates representing both genders, so that at least a third of the candidates belongs to the less represented gender. The Bank has made a strong commitment to gender equality for many years on a continuous basis and on par with the attention paid by its stakeholders to gender diversity, an increasingly important issue, encouraged by the whole financial community. In January 2020 UBI Banca was amongst the 325 companies included by Bloomberg in its 2020 Gender-Equality Index (GEI). The index in question measures the gender equality achieved across five dimensions: female leadership and the talent pipeline, gender pay parity, inclusive culture, clear and strict sexual harassment policies, and a pro-women brand. The attention paid by the Bank to gender policies has also been recognised at international level when it was awarded the “1st European Grand Prix de la Mixité - FTSE MIB Category”. UBI was the first listed Italian company to receive this prize organised by the Institut du Capitalisme Responsable and Ethics & Boards, which was awarded on a European scale for the first time in 2018 to reward best governance practices for gender diversity. A substantial percentage of UBI Banca top management in particular is composed today of women working at the highest levels. Senior executives include the Chief Financial Officer, Chief General Counsel, Chief Wealth and Welfare Officer, and Deputy General Manager, in addition to the Heads of Communication and Investor Relations, as well as five other Women in positions that report directly to the General Manager.

It should moreover be noted that UBI Banca has adopted Gender Diversity & Inclusion Policy and Regulations for Group employees, designed to implement policies and actions to promote the diversity pipeline as a guiding principle of the UBI Group. This value is mainly guaranteed through the responsible management of gender diversity, with a commitment to monitor all the other types of diversity and inclusion over time. Following its appointment on 12th April 2019 by the Shareholders’ Meeting, the new Board of Directors proceeded - in the context of the aforementioned process to verify the suitability requirements required by the legislation in force - to verify that the actual composition resulting from the appointment process complies with the quantitative and qualitative composition identified


in the above report. In this regard the Board of Directors, following a detailed analysis of the professional skills of its various members, evaluated and verified that the composition of the Board of Directors complies with the qualitative and quantitative composition deemed to be best for the achievement of the objective of performing the functions assigned to it in a correct manner. In terms of age, having noted that the Articles of Association set the age limit for members of the Board of Directors at 75 years old, we report that: 26.7% of board members are under 50, 40% of them are between 50 and 60, 20% between 60 and 70 and 13.3% are over 70 years old. The members of the Board of Directors have a varied background including considerable professional, financial, legal, managerial and entrepreneurial experience. Self-assessment Self-assessment process of the Governing Bodies

The self-assessment process is set out in the “UBI Banca Group Governing Body Self-Assessment Process” internal regulation, drawn up in order to implement the Supervisory Regulations concerning corporate governance (Bank of Italy Circular No. 285 of 17th December 2013 – Part One – Title IV – Chapter 1) and the Corporate Governance Code, which formalises the annual process, based on the Board of Director’s three year term of office. Self-assessment relates to the adequacy of the composition and functioning of the Board of Directors, the internal board committees and the Management Control Committee. The analysis for the financial year was performed with the support of the consulting firm Spencer Stuart and related to the size, composition and functioning of the governing bodies. Spencer Stuart meets the requirements of neutrality, objectivity, competency and independence established in the above regulations and, in terms of independence, has not been involved in recent financial relationships with the Bank and/or Group member companies. Board of Directors In accordance with the provisions of the Board of Directors Regulation, Spencer Stuart assisted the Board of Directors with the following stages of the self-assessment process:

- Fact-finding: this was performed, depending on the areas of investigation involved, by collecting information and data that were already available to the Bank and through the use questionnaires and individual interviews.

- Data analysis: the information gathered at the fact-finding stage was analysed and consolidated, with care taken to ensure that the anonymity of Board Members is respected.

- Preparation of the outcomes of the process: examination of the findings from the data processing by the Appointments Committee, followed by the formalisation of the results of the process in a report entitled “Board of Directors 2019 Self-assessment: Analysis of the Results, Proposed Actions and Comments from Board Members”. This report provides a summary of the methods used and results obtained and identifies the strengths and areas for improvement found. The report was approved by the Board of Directors.

Self-assessment was performed on the basis of questionnaires and individual interviews with directors, which took place between December 2019 and January 2020. The documents used to support the interviews were structured in order to gather quantitative data, organised in a questionnaire, and qualitative data, formed of a thematic outline, partly repeating the themes in the questionnaire and partly intended to guide the interview. The questionnaires and interviews were focused on different areas relating to the composition and functioning of the Board and its internal committees. More specifically, the areas of investigation assessed were: - verification of the actions proposed at the end of the previous board evaluation (2018), in

relation to a different model corporate governance; - functioning of the management body as a whole; - role and responsibilities of the Chairwoman, the Chief Executive Officer and the Directors; - specific subject areas (strategic guidelines, performance of the bank, risk management and the

internal control system, organisational structure and delegated powers, succession plan); - ways of working, cohesion and interaction; - sustainability issues;


- the size and composition of the Board and its Committees; - analysis of the work of the internal board committees (Risk Committee, Appointments

Committee, Remuneration Committee, Related Parties and Connected Persons Committee). On the basis of the results presented to the Board of Directors on 28th February 2020, it was found that the Board operates appropriately and consistently with its mandate. More specifically, the main aspects highlighted by the outcomes of the self-assessment process of the Board and its internal committees were as follows: - directors showed a high level of knowledge of the Bank and the Group, as well as

understanding of the business, partly thanks to the programme of training and refresher courses. directors feel involved in the process for defining guidelines and consider that the key points relating to the business are gone into in sufficient detail;

- directors expressed their appreciation of the procedures and timing with which strategic issues are addressed, considered that there is a good risk culture and that the specific technical skills of some directors help with risk awareness and management.

- The Board operates in a concrete, positive manner, thanks in particular to its capacity for constructive dialogue and readiness to listen. Board members actively participate in discussions and feel free to express their point of view, including constructively challenging top management;

- sustainability, security and environmental issues are discussed and looked into appropriately and there is a clear awareness of activities relating to the materiality matrix;

- the agenda for board meetings is set in a way that prioritises the discussion of strategic issues and the effectiveness of the documentation provided to the directors is assessed very positively, partly thanks to the use of clear and exhaustive executive summaries;

- the structure of the Board seems well balanced and the skills mix is considered to be good. The personal characteristics of the directors are considered adequate and complementary.

- Overall, the interaction between the Board and its committees seems positive; - the directors stated that the succession planning process for the CEO had been completed and

the same process is being prepared for top managers. The outcome of the self-assessment also identified areas for improvement associated with the recent adoption of the one-tier system of governance with effect from the appointment of the Board of Directors on 12th April 2019. These aspects are associated with operating processes and the development of further skills, through the continuation of the induction programme described below. Induction Programme The Board of Directors ensures the implementation of induction programmes for directors, encouraging them to take part in initiatives for the purpose of providing an increasing level of knowledge of the activity sector of the Bank and the Group, business dynamics and trends, principles of correct risk management and the relevant regulatory and self-regulatory framework, as well as meetings, some of them informal, for the further investigation of strategic issues (ongoing induction). The induction programmes are prepared periodically on conclusion of (i) the first assessment carried out after appointment and (ii) the self-assessment carried out annually by the Board of Directors. Directors may in any case make specific requests, individually, for training in determined areas, whenever they consider this necessary. During the year an induction plan was formulated with a view to consolidating Directors’ knowledge of the regulatory and self-regulatory framework and the situation and dynamics of the Group, all based on systematic study of the banking business, the financial system, control systems, methods for managing and monitoring risk and the responsibilities their office entails. During the year and until this Report receives approval, 13 specific induction sessions have been held, covering issues including: • Company law; • IT strategy; • MiFID II, IDD and MAR; • further study of RAF, ICAAP and Risk governance;


• Monitoring and the Recovery and Resolution Directive; • Cybersecurity; • Financial statements: IFRS9, IFRS15 and IFRS16. 4.4 Functioning of the Board of Directors (pursuant to Art. 123-bis, paragraph 2, letter d) of the Consolidated Finance Law) The Board must meet at least on a monthly basis; the meetings are usually held, with criteria of trend alternation, in the city of Bergamo, in the city of Brescia, and in the city of Milan, or, if particular circumstances so require, in other locations, even outside the European Union. The Board is convened by recorded delivery letter, telegram, fax, email or another means that documents receipt of the notice at the initiative of the Chairman or when a written request is made by the Chief Executive Officer or by at least four of its members as well as in the cases provided by Art. 33.2 and/or by any other pro tempore laws and regulation in force. Notices to convene meetings contain a list of the items on the agenda and this is sent at least four days before the date set for the meeting, except in urgent circumstances, when the time-limit may be reduced to one day. The majority of the Directors in office must be present in order for the meetings to be valid. The Board shall resolve with the favourable vote of the absolute majority of the Directors present at the vote. The Board shall resolve with the favourable vote of the absolute majority of the Directors in office for resolutions concerning: (i) the appointment or removal of the Chief Executive Officer, the attribution, modification,

revocation of his powers and the determination of his remuneration; (ii) the replacement of the terminated Directors by way of co-option under the remit of the Board. The members of the Board report on any interest that, on their own behalf or on behalf of third parties, they may have in a certain transaction of the Company or the Group, specifying its nature, terms, origin and scope. The respective Board resolution must adequately motivate the reasons and convenience for the Company of the transaction, subject to any other provision of law or regulation applicable in that regard. Notwithstanding the above, the members of the Board shall comply with the Company conflict of interest regulations as well as with the Company’s internal regulations regarding the requirements of the Directors. Attendees may attend at Board meetings remotely, using suitable audio/video conferencing and/or teleconferencing systems, provided that all those entitled can participate in the meeting and be identified and they are able to follow the meeting and to intervene in real time in the discussion, as well as to receive, send or view documents, with simultaneous examination and decision-making. In that case, the Board is deemed to be held in the location in which the chairman of the meeting and the secretary are found. The Chief Financial Officer and the Chief Risk Officer are usually invited to the meetings of the Board of Directors, with consultative functions; the managers of the Bank and those of the Group companies may also be invited to the aforementioned meetings, to provide appropriate information on the items on the agenda. At the invitation of the Chairman of the Board of Directors, subject to the agreement of the Chief Executive Officer, the senior managers responsible for the corporate functions attend board meetings to provide information on matters on the agenda that are within their remit. The following have attended meetings during the year, depending on the items to be discussed: the Chief Operating Officer, Chief Commercial Officer, Chief Wealth & Welfare Officer, Chief General Counsel, Chief Information Officer, Chief Lending Officer, Chief Compliance Officer, Chief Audit Executive, the Anti-Financial Crime Officer and the Officer with Responsibility for Suspicious Transactions, as


well as other senior managers whose attendance was considered advisable by the Chairman in order to assist with studying the matters discussed during Board meetings in greater depth. The Board may appoint, even permanently, a secretary chosen even from outside its members. The Secretary is responsible for drafting the minutes of the meetings and resolutions of the Board of Directors, in concert with the person chairing each session, unless the minutes are drafted by a notary. Such minutes must be transcribed in the relevant mandatory books of the Company and then duly signed by the president of the meeting of the Board and the Secretary. In this regard it should be noted that on 12th April 2019 the Board of Directors appointed Dott. Elvio Sonnino, (Senior Deputy General Manager) as Secretary to the Board and that he remained in this role until the meeting of 10th September 2019. From that date on, Avv. Paola Maria Di Leonardo (Chief General Counsel) became the Secretary to the Board. The Board of Directors met 22 times from 12th April to 31st December 2019. The average length of each meeting was approximately six and a half hours and the average percentage of attendance was approximately 99%. All the meetings were properly minuted. In compliance with Borsa Italiana regulations and in order to plan its activities adequately, UBI Banca sets the calendar for its meetings on an annual basis. Last January UBI Banca announced its calendar of corporate events for 2020 to the market (and published it on its website), with the dates of board meetings for the approval of operating and financial results. We also report that the Board of Directors has planned its meetings for 2020, with 22 meetings planned, of which 7 have already been held at the date of this report. Special regulations, in compliance with the provisions of the Articles of Association, govern the functioning of the Board of Directors, with specific reference to matters regarding the drawing up of the agenda, the content, formats and timing of documentation sent to directors, the proceedings of board meetings, procedures for managing and formalising the minuting of the meeting and, if required by the regulations and the transmission of board resolutions to the Supervisory Authorities. They also govern the general tasks and powers assigned to the Chairman of the Board of Directors in relation to the above matters, in addition to the duty to determine the minimum content of information flows and the identification of the individuals required to send information flows to the governing bodies on a regular basis. The Chairman of the Board of Directors is responsible for co-ordinating the work of the Board, establishing procedures and timings for discussions and, as necessary, making additions to the matters on the agenda. The Chairman has the right, if Board meetings last a long time, to suspend meetings and arrange for the adjourned meeting to be held on a later date, or postpone items on the agenda until a subsequent meeting. The Chairman of the Board of Directors ensures that documentation relating to the matters on the agenda are brought to the knowledge of the directors in good time before the date of the board meeting. In the Corporate Governance Report the Board of Directors provides information on the promptness and completeness with which information is provided before board meetings, including information on the notice generally considered appropriate for the information to be sent and stating whether this time limit is normally complied with. The documentation and information are made available using a secure IT platform set up for this purpose that can only be accessed using specific individual authentication mechanisms. The Chairman of the Board of Directors ensures that adequate information is provided to directs in relation to the matters to be discussed, including any they may have requested, in order for the directors to be able to act in an “informed manner” and be able to ask the Chairman or Chief Executive Officer for specific information relating to the management of the Bank and the Group to be provided to the Board. When proposing a resolution, organisational units of the Parent and its subsidiaries (the latter through the co-ordination units of the Parent) must support the notification by presenting a duly completed Reporting Form to the secretariat, before the fifth working day before the date of the


meeting of the Board of Directors, together with an adequate and exhaustive Executive Summary, stating all the information and evaluations necessary and complete with the terms of the resolution to be submitted to the Board of Directors, complete with any supporting documents and attachments. This documentation must have been duly signed in original copy by the first level manager of the organisational unit submitting the proposal and sent by email to the email address set up for this purpose. Once the material has been defined on the basis of the indications of the Chief Executive Officer and the Senior Deputy General Manager and, in concert with the Chief Executive Officer and Senior Deputy General Manager, sent by the secretariat to the members of the Board of Directors, the Chief Risk Officer and the Chief Financial Officer, in good time before the date of the board meeting and in any event at least four days before it. This is, however, without prejudice to documents relating to matters that, for specific reasons, are presented to the Board of Directors directly by the Chairman. The secretariat makes the information and documentation available through a digital environment accessible by directors using special customised identification software, in compliance with the Bank’s regulations for proper management of confidential information; directors are sent specific information showing them how to access and use it. As part of its mission, the secretariat is responsible for managing support activities connected with preparations for meetings of the Board of Directors and its internal committees, with specific reference to matters regarding convening meetings, the management, gathering and assessment of information and decision-making material to be examined by the Board of Directors and its internal committees and also the regulation, as process manager, of the entire process in accordance with the procedures and time limits set out this these Regulations and the related provisions for their implementation. Before meetings each director has the right to acquire all additional information or comments on the matters on the agenda by making a request to the Chairman or Chief Executive Officer, who in their turn will also make them available to the other directors, the Chief Risk Officer and the Chief Financial Officer. A special section of those regulations deals with reporting systems. Information flows must normally be made available to the Board of Directors by the Chief Executive Officer, General Management, Managers with responsibility for the control functions, Chairmen of Group member Boards and companies, in accordance with the level of detail, time limits and procedures stated in the Regulations.


5 MANAGEMENT CONTROL COMMITTEE 5.1 Role of the Management Control Committee (pursuant to Art. 123-bis,

paragraph 2, letter d) of the Consolidated Finance Law)

The Management Control Committee, appointed by the Shareholders’ Meeting in the sphere of the Management Board, in accordance with the Articles of Association, performs the tasks assigned to it by the legislation and regulations in force for the control body of the parent bank of a financial Group issuing listed shares, in accordance with legal and regulatory provisions, as well as the Articles of Association and its own Regulations, adopted on 16th April 2019, subject to the prior opinion in favour of the Board of Directors and last updated with effect from 31st December 2019. In the above Regulations the Committee governs its functioning and organisation, in compliance with the requirements of the law, regulations and Articles of Association as well as, insofar as they are compatible, the provisions of the Corporate Governance Code. More specifically, the Committee: a) shall oversee compliance with the rules of law, regulations and Articles of Association and respect of the principles of proper management; b) shall oversee the adequacy, efficiency, functionality of the organisational structure of the

Company and the internal control system, as well as the administration and accounting system and its suitability to represent the management facts correctly, also in relation to the Group headed by the Company;

c) shall verify the effectiveness of all units and functions involved in the control system and the adequate co-ordination of the same, promoting corrective actions for deficiencies and irregularities identified;

d) is specifically consulted, as well as in relation to decisions concerning the appointment and revocation of the Manager in charge of preparing the accounting documents and the appointment and revocation, at the proposal of the Risks Committee, of the managers of the company control bodies as defined by the supervisory regulation (therein including the Anti-Money Laundering Manager), also on the definition of the essential elements of the overall architecture of the controls system (powers, responsibilities, resources, information flows, management of conflicts of interest);

e) shall oversee the methods of concrete implementation of the corporate governance rules provided by the codes of conduct drafted by management companies of regulated markets or by trade associations to which the Company, by way of information to the public, declares to belong;

f) shall propose to the Shareholders' Meeting the auditing company to which to attribute the statutory accounts audit and the fee for the respective services, oversees its actions and exchanges with it the data and information for the conduct of the respective duties;

g) shall exercise the duties assigned by Art. 19 of Italian Legislative Decree No. 39 of 27th January 2010 to the committee for the control and auditing of the accounts;

h) shall report promptly to the Supervisory Authority and to Consob in relation to management irregularities and any violation of the regulations connected to banking activity, in accordance with Art. 52, 1st paragraph of Italian Legislative Decree No. 385 dated 1st September 1993, and Art. 149, paragraphs 3 and 4-ter of Italian Legislative Decree no. 58 dated 24th February 1998;

i) shall present the report to the Bank of Italy in accordance with Art. 70, seventh paragraph of Legislative Decree No. 385 dated 1st September 1993;

j) shall report on the supervisory activity performed, on the omissions and censurable actions identified, to the Shareholders' Meeting convened to approve the financial statements;

k) may, subject to communication to the Chairman of the Board of Directors, convene the Shareholders' Meeting if, during the conduct of its assignment, it identifies censurable actions of significant severity and there is an urgent need to proceed;

l) shall give opinions in cases where existing regulations on the control body so require; m) shall perform, in coherence with its control function, the further duties entrusted to it by the

Board of Directors; n) shall work in connection with the control bodies of other Group companies, exchanging any

useful information; o) can rely on the internal control functions and structures in order to perform and direct its

verifications and necessary assessments. To this purpose, the internal control functions and structures also report to the Committee on their significant relationships, data and information,


at its own initiative or at the request of even just one of its members, through adequate periodic flow of information or related to specific company circumstances or performances.

p) shall liaise with the Manager in charge of preparing the accounting documents and with the Risks Committee for the duties and information of joint interest;

q) shall report promptly to the Board of Directors the shortcomings and irregularities identified and shall request the adoption of suitable corrective measures and verify their effectiveness over time;

r) can request and receive information also in relation to specific aspects concerning the Company and the Group from the Committee referred to in Art. 24.3, let. d) of these Articles of Association or from any individual member of such Committee;

s) shall verify causes and remedial actions related to management irregularities, performance anomalies, shortcomings of organisation and accounting. Special attention shall apply in order to grant the respect of conflict of interest internal regulation.

The Board or its individual members, within the limits of the methods permitted by Art. 151-ter of the Consolidated Finance Law, have: (i) the powers to request news and information from the other Directors or from the management and control bodies of the subsidiary companies, subject to that information being provided to all members of the Committee itself; (ii) the power to request from the Chairman of the Committee the convocation of the Committee itself, indicating the matters to be discussed; (iii) the power, subject to communication to the Chairman of the Board of Directors, to convene the Board of Directors and the Shareholders’ Meeting and to use employees of the Company for the performance of its functions. The Committee also has the power to proceed at any time, even through a specifically delegated member, with acts of inspection and control, as well as to exchange information with the corresponding control bodies of subsidiary companies on the management and control systems and the general performance of the company activity. The Committee may, subject to communication to the Chairman of the Board of Directors, make requests for Bank employees to work with it to carry out its functions. These requests may be made individually by each board member, subject to prior communication to the Chairman of the Board of Directors and the Chairman of the Committee. For the purpose of obtaining all the information that is useful or necessary for the performance of its duties, the Committee has free access to the corporate functions of the Bank without the need to request the prior consent of the manager in charge of the said functions. The Committee, directly or through the corporate functions charged with this, has access to all the activities carried out and the related documentation. In order to carry out its activities, the Committee may make use of outside consultants, at the expense of the Bank, that it selects and shall assess in advance whether such consultants might place themselves in a situation that compromises the independence of their judgement. The Committee has sufficient financial resources available to it to achieve this. The one-tier model of governance and control adopted by the Bank has constituted an element of discontinuity in the governance of the Bank during the year while at the same time making it possible to align the corporate governance of the Bank with European and other internationally recognised best practices. In this context, in order to support the newly formed Management Control Committee, a leading consulting firm has provided continuing support in relation to the following areas: • critical analysis of the documentation governing the activities of the Committee (i.e. Regulations

and Information Flows) and verification of their consistency with the overall governance of the Bank (e.g. Risk Committee, Board of Directors and other board/managerial committees) with particular reference to: (i) procedures for co-ordination between the Management Control Committee and the Risk Committee; (ii) information flows received by the Committee from the corporate functions; (iii) information flows between the Committee and the other Board Committees; (iv) procedures and time limits for the Committee’s process for interaction with and reporting to the Body with the Strategic Supervision and Management Function; (v) process and mechanisms for the Committee’s interaction and co-ordination with the corporate control functions;

• support in the interpretation, fine-tuning and implementation of the mechanisms for the functioning of the Committee as needed to implement and put into operation the provisions contained in the Regulations of the Management Control Committee;


• support the Committee in making preparations for meetings and carrying out the verifications or ascertainments required for the performance of its activities;

• induction sessions on specific matters relating to corporate governance. The secretariat of the Management Control Committee keeps a Corporate Data Access Register tracking all accesses made by the individual members of the Committee. Pursuant to Art. 153 of the Consolidated Finance Act, the Committee reports to the Shareholders' Meeting convened to approve the financial statements on the supervisory activity performed and on any omissions and censurable actions identified. The Chief Audit Executive reports functionally to the Committee. 5.2 Appointment and replacement (pursuant to Art. 123-bis, paragraph 1, letter l) of

the Consolidated Finance Law) As discussed in Chapter 4 of this Report, the members of the Board of Directors and Management Control Committee are elected by a Shareholders’ Meeting on the basis of slates submitted by shareholders in accordance with the provisions of the law and the Articles of Associations. The slates of candidates must be filed at the registered office within the twenty-fifth day before the Shareholders' Meeting at first or only one call and they must contain the name of at least two and no more than fifteen candidates, of which at least one must be included in the second section. Each slate must be split into two sections of names, both ordered sequentially by number, and they must indicate, separately, in the first section, candidates to the role of Board Directors different from candidates also to the role of member of the Management Control Committee who must be indicated in the second section. The members of the Management Control Committee remain in office for the duration of the mandate of the Board of Directors in which they have been elected; the current mandate of the Board is for 2019/2021, ending on the date of the Shareholders’ Meeting convened to approve the financial statements for their last year in office. They may be re-elected. Further information on the replacement and removal of members of the Committee is given in the section on the replacement and removal of Directors. 5.3 Composition (pursuant to Art. 123-bis, paragraph 2, letters d) and d-bis of the

Consolidated Finance Law) The Management Control Committee is composed of five members of the Board of Directors appointed and removed by the Shareholders’ Meeting, including the Chairman, in accordance with the provisions of Art. 22.19 of the Articles of Association. At the date of this report, the Management Control Committee, appointed by the Shareholders’ Meeting on 12th April 2019 is composed as follows:


If the position of a member of the Committee becomes vacant for any reason, the provisions of Art. 22.22 of the Articles of Association shall apply. Suitability requirements for the position The members of the Management Control Committee must satisfied all the requirements for members of the Board of Directors (see the section on the Board). Also, in accordance with Art. 20 of the Articles of Association, he members of the Management Control Committee: - must satisfy the personal integrity and professionalism requirements and ensure the respect of

the limits to the number of directorships provided by existing laws and regulations for the conduct of the role of member of the control body of a bank issuing listed securities on a regulated market and of the limits on number of directorships provided for by existing Italian and/or European applicable laws and regulations;

- subject to the foregoing, in relation to the limits on number of directorships, may not (a) hold the role of executive director in other companies having total revenues exceeding €50 million or (b) assume non-executive roles in the management bodies of other enterprises aimed at the production and/or trading of goods or services having revenues exceeding €500 million, of banking or financial enterprises having total assets at least equal to €5 billion, of insurance companies with a gross value of annual premiums collected at least equal to €1 billion, in a number higher than two. The size data under letters (a) and (b) above are calculated on the data of the last approved financial statements or, if prepared, consolidated financial statements. In any case, the pro tempore applicable regulations on interlocking restriction shall be applied.

- must all satisfy the independence requirements provided for in Art. 21 of the Articles of Association;

- at least two members must be enrolled with the Register of Statutory Auditors and must have exercised statutory auditing activity for at least three years.

The loss of one of the requirements laid down in the Articles of Association for the Directors who are members of the Management Control Committee determines in any case their disqualification from the Board of Directors.


Without prejudice to the provisions of the Articles of Association, for the governance of (i) defining the suitability requirements for members of the Committee and (ii) the criteria for assessing the possession of those suitability requirements, the Policy on suitability requirements and criteria for carrying out the duties of the senior officers adopted by UBI Banca applies (see paragraph 4.3). On conclusion of the verifications conducted on 8th May 2019 by the Board of Directors and by the Management Control Committee on 7th May 2019, subject to prior investigation by the Appointments Committee, those directors who are members of the Management Control Committee were also found to be in possession of the additional requirements set by the legislation and regulations and by the Articles Association for the composition of the supervisory body. The verifications were conducted on the basis of qualitative and/or quantitative criteria set by internal regulations of the Bank, as described in greater detail in the “Report on the qualitative and quantitative composition of the Board of Directors” approved by the competent governing bodies in February 2019. Diversity in the composition of the Management Control Committee In accordance with Art. 22.5 of the Articles of association, each slate containing at least three candidates must (i) be made up of candidates representing both genders, so that at least a third of the candidates belongs to the less represented gender, (ii) contain a number of candidates in the first section with at least half in possession of the requirements of independence (should the application of such quota not result in a whole number, the resulting number shall be rounded up to the higher unit), while all candidates in the second section must be equipped with the independence requirements indicated in the Articles of Association and in the pro tempore regulations in force. Self-assessment The Management Control Committee carries out its own specific self-assessment (distinct from that of the Board of Directors, in accordance with the Committee’s right to autonomy and independence) on its composition and functioning, with a view to the proper and effective performance of the specific functions of corporate governance assigned to it as a supervisory body of the Bank within the one-tier system. The self-assessment relates to the Committee as a whole and to the contribution made by each of its members to its work. The self-assessment process carried out by the Management Control Committee is intended to verify the adequacy of the body in terms of its powers, functioning and composition, partly in order to promote debate within the Committee, identify any areas for improvement and define the associated initiatives to be adopted. The self-assessment of the Committee for 2019 was carried out with the support of the consulting firm Spencer Stuart which, as described above, also assisted the Board of Directors with its self-assessment process. Consistent with the provisions of the Regulations of the Management Control Committee and as for the Board of Directors, Spencer Stuart assisted the Board of Directors with the following stages of the self-assessment process: - Investigation: this was performed, depending on the areas of investigation involved, by

collecting information and data that were already available to the Bank and through the use questionnaires and individual interviews.

- Data analysis: the information gathered at the investigation stage was analysed and consolidated, with care taken to ensure that the anonymity of Committee Members is respected.

- Preparation of the outcomes of the process: examination of the findings from the data processing by the Appointments Committee, followed by the formalisation of the results of the process in a report entitled “Management Control Committee 2019 Self-assessment: Analysis of the Results, Proposed Actions and Comments from Committee Members”. This report provides a


summary of the methods used and results obtained and identifies the strengths and areas for improvement found. The report was approved by the Management Control Committee.

The self-assessment was performed on the basis of questionnaires and individual interviews with members of the Committee, which took place between December 2019 and January 2020. The documents used to support the interviews were structured in order to gather quantitative data, organised in a questionnaire, and qualitative data, formed of a thematic outline, partly repeating the themes in the questionnaire and partly intended to guide the interview. The questionnaire and interviews were focused on different areas relating to the composition and functioning of the Management Control Committee. More specifically, the areas of investigation assessed were: - the efficiency of the Committee in relation to the key themes discussed, with particular reference

to its knowledge of the methods for identifying, measuring, assessing and monitoring risk and its capacity for assessing the overall internal control system;

- functioning of the control body as whole; - the role and responsibilities of members of the Committee; - the size and composition of the Committee; As concerns the assessment of the functioning and efficient performance of the tasks of the Committee, which relate to carrying out control functions, specific assessment areas relate to the adequate management of relations with the external auditing company, the Supervisory Body pursuant to Legislative Decree No. 231/2001, the Senior officer responsible and the control functions. The independence of the members of the Committee, which constitutes a specific requirement for the purposes of their suitability of the members and would lead to their disqualification if it were compromised, has been subject to constant assessment in order to ascertain the suitability requirements of the Directors. On the basis of the results submitted to the Management Control Committee on 27th February 2020, it was found that the Committee operates appropriately and consistently with its mandate. More specifically, the main aspects highlighted by the outcomes of the self-assessment process of the Management Control Committee were as follows: - The members of the Committee consider that the body provides effective oversight of compliance

with the rules of law, regulations and Articles of Association and respect of the principles of proper management and that it is able to promptly report any failings or irregularities it may detect to the Board of Directors.

- The Committee makes us of internal control functions and units to perform and direct its checks and assessments and provides effective oversight of the adequacy, efficiency and functionality of the system of internal controls.

- The Committee has free access to all the corporate functions, which provide it with adequate support.

- The members of the Committee directors expressed their appreciation of the refresher courses and induction provided by the Bank, considering the training and continuous updating on the activities of the Group to be useful and well organised.

- The Committee operates in a concrete, positive manner. Its members are fully aware of the powers and obligations inherent to the functions that each of them is called upon to perform, ensuring continuity and presence at Committee meetings. They participate actively in discussions and feel free to express their point of view.

- During the year joint meetings with other internal Board Committees were held in order to examine issues of common interest.

- The size and structure of the Committee seems balanced and of a good standard, perhaps with some potential additions.

The outcome of the self-assessment also identified areas for improvement in relation to the functioning of the control body of UBI Banca, with particular reference to organisational issues.


5.4 Functioning of the Management Control Committee (pursuant to Art. 123-bis, paragraph 2, letter d) of the Consolidated Finance Law)

The Committee is duly constituted with the presence of the majority of its members; it is convened and functions according to the regulation adopted by the Committee itself. Meetings of the Committee may be held even using means of distance communication in accordance with the provisions of Art. 25.8 of the Articles of Association in relation to the board meetings. For the purpose of ensuring that its activities are organised efficiently, the Committee sets the calendar for its meetings on an annual basis in accordance with the following principles: (i) the meetings must be planned so as to guarantee strict compliance with the time limits required by the legislation and regulations in force at the time; (ii) the Committee’s activities must be efficiently planned over the year, seeking to avoid concentrating on too many issues in individual meetings and combining related issues as a single item on the agenda, without prejudice with the principle mentioned in the previous point; (iii) it must be consistent with the calendar for the meetings of the Board of Directors. Once the calendar of meetings has been approved by the Committee, it is sent to the Chairman of the Board of Directors, Chief Executive Officer, Chairmen of the Board Committees, managers of the company control functions and the Senior Officer Responsible, in order to allow the preparation of information flows, as set out in these Regulations. The Committee must meet on at least a monthly basis, to carry out the functions attributed to it by the Articles of Association and its own Regulations. In any event, the Committee meets before meetings of the Board of Director which have the examination of reports and activity plans from corporate control functions regarding their respective responsibilities on the agenda and also, in its capacity as the Committee for internal control and auditing of the accounts in accordance with article 19 of Legislative Decree No. 39 of 27th January 2010, the approval of the proposed separate and consolidated financial reports and the consolidated non-financial statement and the examination of the half-year financial report and the quarterly financial reports, when prepared. Meetings are also called whenever circumstances which require prompt investigation or examination occur. The Chairman of the Committee convenes the Committee and chairs its meetings. Meetings are convened by a notice containing the agenda and this is sent at least three days prior to the date set for the meeting, except in urgent circumstances, when the time-limit may be reduced to one day. The Committee is convened by registered letter, telegram, fax, email or other means which leaves a record of the receipt of the notification. The Committee may meet at any location in the territory of Italy, or, if particular circumstances so require, in other locations, even outside the European Union. In accordance with the Articles of Association, as already indicated, attendees may attend at Board meetings remotely, using suitable audio/video conferencing and/or teleconferencing systems, provided that all those entitled can participate in the meeting and be identified and they are able to follow the meeting and to intervene in real time in the discussion, as well as to receive, send or view documents, with simultaneous examination and decision-making. In that case, the Committee is deemed to be held in the location in which the chairman of the meeting and the secretary are found. The Chairman of the Committee conducts proceedings in meetings encouraging discussion and dialogue within the Committee. To achieve this, the Chairman ensures that the committee members are provided with documentation to support its activities, or at least an preliminary information on the matters on the agenda, in good time before the date of the Committee meeting and in any event at least three days before it. The documentation is normally made available by the secretariat, using a digital environment accessible by committee members using special customised identification software, in compliance with the Bank’s regulations for proper management of


confidential information; committee members are sent specific information showing them how to access and use it. In the absence of the Chairman, meetings are called and chaired by the committee member at the first place in the second section of the slate from which the Chairman was elected. In the event of his absence, his duties are performed by the most senior by time of service on the Committee or in cases of equal time of service, the most senior by age. The Chief Audit Executive, the Chief Risk Officer, the Chief Compliance Officer, the Anti-Money Laundering Manager and the Senior Officer Responsible for accounting documents normally take part in meetings on invitation of the Chairman. Furthermore, depending on the items to be discussed, the following persons whose presence is considered useful by the Committee may also be invited to take part: the General Manager (if appointed), the Chiefs of other Corporate Control Functions, other staff from internal units and functions of the Bank and the senior officers of the management and supervisory bodies of subsidiaries. More specifically, the Committee shall meet with the Chief Risk Officer and the Chief Compliance Officer individually on a periodic basis at least quarterly and may also do so jointly with the Risk Committee. It can rely on the internal control functions and units in order to perform and direct its verifications and necessary assessments. In order to better carry out its duties, the Management Control Committee, through its Chairman, exchanges information of mutual interest and co-ordinates and co-ordinates, as advisable, with the Chairmen of other board committees. In this context, the Chairman of the Committee may call joint meetings with the board committees, liaising with their respective chairmen, to examine matters of common interest, it remaining the case that each committee works independently on the assessments and minutes within its remit. Representatives of the Independent Auditors engaged to carry out the statutory audit of the accounts may be invited to meetings of the Committee in relation to matters within their remit. In 2019 the Management Control Committee held ongoing meetings with the independent auditors, Deloitte & Touche S.p.A. and reported on these to the Board of Directors. Details of further engagements of Deloitte & Touche and other companies in its network are given in a special report attached to the consolidated and separate annual reports. The Committee makes use of information from and the outcomes of the activities performed by the Supervisory Body pursuant to Legislative Decree No. 231/2001. The Chairman of the Supervisory Body reports on the implementation of the 231 Model, any critical areas that may emerge and the need to make adjustments, (i) periodically, by means of an annual report summarising the activities carried out during the year to be presented to the Committee; (ii) continuously, if exceptional circumstances occur, by notifying the Chairman of the Committee; (iii) continuously, in the event that the Supervisory Body receives reports of an urgent nature, by notifying the Committee. The Board may appoint, even permanently, a secretary chosen even from outside its members. The Secretary is responsible for drafting the minutes of the meetings and resolutions of the Committee, in concert with the person chairing each session. At each meeting of the Board of Directors, the Chairman of the Committee reports on any comments or observations formulated on the basis of the outcomes of the activity it has carried out since the last meeting, with the exception of any information that is confidential on a temporary basis, such as for example information from specific inspections in progress. In any event, the Committee, through its Chairman, reports to the Board on the results of the supervisory and inspection activities it has carried out, on at least a quarterly basis. The Chairman of the Committee signs the opinions requested from the supervisory body, in accordance with the provisions of current legislation and regulations and the Articles of Association and sends them to the Chairman of the Board of Directors in good time for the Board to approve any resolutions.


2.7 Should the items on the agenda require it, the Chairman of the Board of Directors and the Chief Executive Officer may take part in the proceedings of the Committee on invitation from the Chairman of the Committee. In order to better carry out its duties, the Committee, through its Chairman, exchanges information of mutual interest and co-ordinates and co-ordinates, as advisable, with the Chairmen of other board committees. In this context, the Chairman of the Committee may call joint meetings with other board committees, liaising with their respective chairmen, to examine matters of common interest, it remaining the case that each committee works independently on the assessments and minutes within its remit. Information flows sent to the Committee and also to the Risk Committee, such as for example flows from the corporate control functions, the Senior Officer Responsible, the external auditors and the Director with responsibility for the internal control and risk management system may be examined, if considered advisable, at joint meetings of the two committees, without prejudice to the above. In carrying out its tasks, the Committee makes use of information flows from the governing bodies and corporate functions, particularly the bodies, functions and units with responsibility for internal control. The managers with responsibility for the internal audit, compliance and risk control functions must send reports on these functions directly to the Committee. The managers with responsibility for the corporate control functions report directly to the Committee. The Committee, in line with the provisions of its Regulations, oversaw compliance with laws, regulations and the Articles of Association, the proper performance of management activities and the adequacy of the Bank’s organisational structure and its accounting systems; Amongst the various matters discussed, the Committee examined: - proposals for the amendments to the relevant internal regulations, new products, transparency,

inducements, the physical security of the Group, relations with the supervisory authority, conflicts of interest, data governance and outsourcing;

- the outcomes of the inspections carried out by the ECB and the Bank of Italy for areas within its remit, with the related plans for remediation and recommendations made by the authorities;

- updates concerning the new definition of default; - information concerning the ECB Supervisory Plan for the Group; - the organisational structure and control system of the main areas of Governance and Divisions. As part of activities to check the risk management process, the Committee monitored the completeness, adequacy, functionality and reliability of the Risk Appetite Framework and internal risk measurement systems for calculating capital requirements and their compliance with rules relating to ICAAP and ILAAP. The Committee also monitored the adequacy, reliability and security of the ICT system and Business Continuity Plan. The appointment of Deloitte & Touche S.p.A. to audit the accounts will end in 2020. The Management Control Committee, as the body responsible for the selection procedure for the selection of a firm of independent auditors, has considered it appropriate to start the selection procedure and submit a reasoned proposal for the appointment of independent auditors for 2021-2029 to the Shareholders’ Meeting called to approve the financial statements for 2019. Finally, on 14 occasions the Committee examined matters of common interest jointly with the Risk Committee, both in meetings with the Senior Officer Responsible and the independent auditors, in relation to the preparation of financial statements and periodic financial reports, and at other times for the discussion of specific issues. Following of each meeting of the Committee, the Chairman consistently reported its outcomes and the decisions taken in relation to the items on the agenda discussed in the Committee. The Management Control Committee met 26 times from 12th April to 31st December 2019. The average length of each meeting was just over four hours and the average percentage of attendance was approximately 98.5%. All the meetings were properly minuted. Further information on the attendance of each member at the meetings of the Committee during the year is given in Summary table No. 2 attached to this report.


We also report that the Management Control Committee has planned 25 meetings for 2020, of which nine have already been held at the date of this report. A further nine meetings are planned to address themes of particular significance with a focus on matters relating to compliance with laws, regulations and the Articles of Association, the proper performance of management activities and the adequacy of the Bank’s organisational structure and its accounting systems.


6 INTERNAL COMMITTEES OF THE BOARD OF DIRECTORS

(pursuant to Art. 123 bis, paragraph 2, letter d) of the Consolidated Finance Law)

While it acknowledges the principle of collegial responsibility in performance of its duties, the Board of Directors - in relation to its responsibilities, its composition and the characteristics of its members - in accordance with Art. 31 of the Articles of Association, decided to establish specific committees with proposal making, consultative and investigative functions, in compliance with the requirements of the Supervisory Regulations and in accordance with the recommendations contained in the corporate governance code. These board committees were established to allow the Board of Directors to work more efficiently and effectively, and they are composed - as recommended by the Corporate Governance Code - of not less than three members as follows:

- Appointments Committee 5 members - Remuneration Committee 3 members - Risk Committee 3 members - Related Parties and Connected Persons Committee 3 members5.

Letizia Bellini Cavalletti

(Chairwoman)

Roberto Nicastro

Ferruccio Dardanello

Pietro Gussalli Beretta

Osvaldo Ranica

Appointments Committee

Paolo Boccardelli (Chairman)

Letizia Bellini Cavalletti

Osvaldo Ranica

Remuneration Committee

Roberto Nicastro (Chairman)

Simona Pezzolo De Rossi (*)

Paolo Bordogna

Risk Committee

Monica Regazzi (Chairwoman)

Simona Pezzolo De Rossi (*)

Francesca Culasso

Related Parties and Connected PersonsCommittee

Directors in possession of the independence requirements pursuant to Art. 21 of the Articles of Association Non-independent Directors

(*) Director enrolled in the Register of Accounting Auditors who has practised as a statutory accounting auditor for a period of not less than three years.

The board committees are made up of 3 to 5 members each, all non-executive and the majority of whom have the independence requirements indicated in Art. 21 of the Articles of Association; the Chairman of each board committee is appointed by the Board of Directors. The Chairman of one of the board committees may not assume the chairmanship of another Committee. The Chairman of the Board may not be part of any of the board committees.

5 in compliance with the provisions of: (i) "Regulations for UBI Banca related-party transactions" adopted in implementation of Art. 2391-bis of the Civil Code and Consob Related Parties Regulation; (ii) “Regulations to govern transactions with persons connected to the UBI Banca Group”, adopted in implementation of Title V, Chapter 5 of Bank of Italy Circular No. 263 of 27th December 2006 - 9th amendment of 12th December 2011, “New regulations for the prudential supervision of banks”, containing measures concerning “risk assets and conflicts of interest with connected persons” and, from 2nd November 2018, the new Single Regulation (as defined below).


The members of the Management Control Committee may not be members of committees other than the Risks Committee and the Related Parties and Connected Persons Committee. The Risk Committee shall perform functions of support to the Board on matters of risks and internal controls system. That Committee shall exchange information with the Management Control Committee. The members of the Risk Committee may participate, limited to the profiles within their remit, at meetings of the Management Control Committee, even if they do not form part of it. At least one member of the Management Control Committee shall participate at meetings of the Risk Committee. The replacement of the members of the Risk Committee must be duly reasoned. The Remuneration Committee and the Appointments Committee shall perform the duties assigned to them by these Articles of Association, by the Board and by the pro tempore laws and regulations in force. The Related Parties and Connected Persons Committee shall perform the duties assigned to it by the Board, the regulations provided for in Art. 24.3, letter l) of the Articles of Association and the pro tempore laws and regulations in force. The meetings of these committees are co-ordinated by their Chairmen and properly minuted In the performance of their functions the committees may have access to the information and corporate functions necessary for the performance of their duties and make use of external consultants under the terms and conditions set by the Board of Directors. Each board committee reports to the Board of Directors on the activities performed at the first subsequent meeting. Each Board Committee is governed by special regulations which determine its responsibilities and functioning. The regulations governing the committees are published in the Corporate Governance/Board of Directors and Management Control Committee section of the Bank’s website. The said regulations, adopted in April 2019 with the changeover to the new one-tier model of governance, were updated in December 2019. Appointments Committee The Committee is composed of five members, selected from among the members of the Board of Directors with the exclusion of the Chairwoman of the Board of Directors, all of whom are non-executive directors and with the majority in possession of the independence requirements in accordance with Art. 21 of the Articles of Association. Members of the Management Control Committee may not be members of the Committee. The Chairman of the Committee is appointed by the Board of Directors from among the independent members and must not be the Chairman of another committee mentioned in Art. 31 of the Articles of Association (Board Committees).


The Appointments Committee, in carrying out its advisory, fact-finding or proposal-making functions, as applicable: • supports the Board of Directors in drawing up the Fit & Proper Policy consistent with the

recommendations issued from time-to-time by the supervisory authorities and also in making enquiries into the suitability of senior officers set by that same Policy, inclusive therein also of compliance with the regulations pursuant to Art. 36 of Decree Law No. 201/2011 Converted into Law No. 214/2011 (the “Interlocking Directorships Law”) by the persons identified in that legislation;

• carries out fact-finding functions to establish qualitative and quantitative career profiles for appointments to the Board of Directors, with account taken of the provisions of the policy mentioned in the previous point;

• carries out fact-finding functions in cases of co-option to replace board members who have vacated their position pursuant to Art. 22 of the Articles of Association;

• formulates an opinion, for that which concerns them, on any proposals made to remove one or more of the members of the Management Control Committee in accordance with Art. 22.26 of the Articles of Association;

• it assesses (also during the functioning of the bodies), the adequacy of succession plans at senior management and senior officer level as well as career profiles and requirements for senior managers in office and potential succession candidates, providing support to the Chairwoman and to Board for the formulation of updates to those plans;

• it provides support to the Chairwoman and the Board of Directors for the purposes of the self-assessment of the Board of Directors and also for setting the criteria for carrying out self-assessments by the governing bodies of Group banks;

• at the time of first assessment following appointment and, subsequently, at the time of annual self-assessments, it supports the Chairwoman and the Board of Directors in drawing up training and induction plans;

• without prejudice to the provisions of the first item in this list supports the Board of Directors in verifying the conditions as provided for by Art. 26 of the Consolidated Banking Law;

• it performs fact-finding activity on candidates to be proposed to the Board of Directors for the positions of director and statutory auditor of subsidiaries;

• it carries out fact-finding activities on proposals to be submitted to the Board of Directors relating to the staff pursuant to Art. 24.3 letter c) of the Articles of Association (members of General Management, first hierarchical reports to the Chief Executive Officer and to the Board of Directors, the general managements of Group companies);

• it carries out fact-finding activities on proposals to be submitted to the Board of Directors relating to the formation and composition of managerial committees pursuant to Art. 24.3 letter d) and e) of the Articles of Association;

• it formulates opinions and proposals on the corporate governance and regulatory policies of the Parent Bank and the Group which fall within the exclusive scope of the remit of the Board of Directors;

• it oversees the update of corporate governance rules and principles of conduct which may be adopted by the Parent Bank and its subsidiaries, even with regard to developments on the matter at national and transnational level;


• it supports the Chairwoman of the Board of Directors in providing recommendations for charitable donations drawn from the “Charity” Fund.

The Committee also (i) puts forward a name to be submitted to the Board of Directors for the appointment of the Chief Executive Officer and for conferring or revoking the relative powers and (ii) supports the Risk Committee in the formulation of proposals to the Board of Directors to appoint and remove the heads of the internal control functions, in compliance also with the responsibilities of the Management Control Committee. During the year the Committee, amongst other things, has assisted the Board of Directors with: • performing assessments of the suitability of Senior Officers set by the Fit & Proper Policy

consistent with the recommendations issued from time-to-time by the supervisory authorities; • periodically verifying that there are no grounds for incompatibility pursuant to Art. 36 of Law

No. 214/2011 (the ban on interlocking directorships); • investigative activity on candidates to be proposed to the Board of Directors for appointments to

senior positions in the subsidiaries; • investigative activity for updating succession plans, with the support of an external consultant,

also in support of the Board of Directors; • the self-assessment process of the governing bodies of the UBI Banca Group. More specifically, during the year the Appointments Committee supported the Board of Directors with: (i) the process for assessing the suitability requirements of Senior Officers required by legislation and regulations, following their appointment by the Shareholders’ Meeting on 12th April 2019 and (ii) the six-monthly check that the members of the Related and Connected Parties Committee continue to meet the independence requirement. In carrying out its functions, the Committee has the right to access the company information and functions needed to perform its duties and has sufficient funds to ensure its independence. Pursuant to the Regulations of the Appointments Committee and when the items on the agenda showed that it was appropriate, the Chairwoman of the Board of Directors, the Chairman of the Management Control Committee and the Chief Executive Office attended meetings of the Committee, at the invitation of the Chairman of the Appointments Committee. Senior managers of internal units and functions of the Bank whose presence was considered useful by the committee - in particular the Chief General Counsel and the Chief of the Corporate e Regulatory Affairs Area - as well as the chairs of other internal board committees and the senior officers of the management and supervisory bodies of subsidiaries also took part in meetings on invitation and according to the procedures set by the Chairman. The Chair of the Committee reports on specific questions submitted from time-to-time to the Board of Directors for decision-making and that is on questions which the Committee has been asked to investigate by the Board of Directors and it also submits the relative supporting documentation for the work to the Board of Directors itself. The Appointments Committee met 16 times between 16th April 2019 and 31st December 2019. The average length of the meetings was approximately one hour and they were all properly minuted. Further information on the attendance of each member at the meetings of the Committee during the year is given in Summary table No. 2 attached to this report. The Appointments Committee has met twice so far in 2020.


Remuneration Committee The Committee is composed of three members, selected from among the members of the Board of Directors with the exclusion of the Chairwoman of the Board of Directors, all of whom are non-executive directors and with the majority in possession of the independence requirements in accordance with Art. 21 of the Articles of Association. Members of the Management Control Committee may not be members of the Committee. The Chairman of the Committee is appointed by the Board of Directors from among the independent members and must not be the Chairman of another committee mentioned in Art. 31 of the Articles of Association (Board Committees).

The composition of the Remuneration Committee reflects an adequate level of experience and expertise in relation to bank governance, finance and remuneration policies. The Remuneration Committee has investigative, proposal making and consultative functions to support the Board of Directors in relation to remuneration and incentives. When the Board formulates proposals to be submitted for the approval of a shareholders’ meeting, the Committee supports it in drawing up remuneration and incentives policies for directors, employees and associate workers not linked to the Group by regular employee contracts, drawing up plans based on financial instruments and criteria for determining remuneration to be agreed in cases of the early termination of an employment contract or early retirement from corporate office. It also supports the Board in formulating any proposals in relation to decisions about the setting of a higher ratio than that of 1:1 between the individual variable and the fixed remuneration of personnel. The Committee submits proposals: (i) for the allocation by the Board of Directors, amongst its members, of the total amount established by a Shareholders’ Meeting; (ii) for the determination by the Board of Directors of possible additional remuneration for directors invested with particular roles as provided for by the Articles of Association and therefore for the Chief Executive Officer and the Directors who may be members of committees pursuant to Art. 32 of the Articles of Association. The Committee in any event is tasked with making proposals for the remuneration of staff for which the remuneration and incentive schemes are decided by the Board of Directors and it is also tasked with furnishing advice on determining remuneration criteria for all “Identified Staff”. It informs the Board of Directors appropriately in its verifications, on at least an annual basis, concerning the proper implementation of remuneration and incentive policies. The Committee also:

- assesses the procedures and systems adopted to ensure that the remuneration system takes proper account of all types of risk and levels of liquidity and capital and that the general remuneration policy reflects and promotes sound and effective risk management and that this is


in line with corporate strategies, objectives, values and corporate culture as well as the long-term interests of the institution. In carrying out that activity the Committee shall take account of the specifics of individual companies belonging to the Group, in compliance with the applicable legislation and regulations;

- it verifies that the remuneration system takes sustainability matters into consideration; - formally reviews a series of hypotheses to check how the remuneration system will react to

future external and internal events and to subject it also to retrospective tests. In carrying out that activity the Committee shall take account of the specifics of individual companies belonging to the Group, in compliance with the applicable legislation and regulations;

- collaborates with other internal committees of the Board of Directors, co-ordinating in particular with the Risk Committee, which is responsible for ensuring that the mechanisms underlying remuneration and incentive schemes are consistent with the RAF and that they also help ensure that the remuneration policy reflects and promotes sound and effective risk management;

- ensures, in accordance with regulations in force, that the competent corporate functions are involved in the process of drawing up and monitoring remuneration and incentive policies and practices;

- gives an opinion, assisted by information received from the competent corporate functions, on the achievement of the performance objectives to which incentive schemes are linked and on the satisfaction of other conditions set for the payout of remuneration;

- periodically assesses the appropriateness, overall consistency and concrete implementation of the general policy pursued for the remuneration of senior managers and the “Identified Staff” of the UBI Banca Group;

- directly oversees the proper application of rules relating to the remuneration of the managers of corporate control functions in close co-operation with the Management Control Committee;

- sees to the preparation of the documentation to be submitted to the Board of Directors for taking the relative decisions;

- makes adequate reports on its activities to corporate bodies, including Shareholders’ General Meetings;

In carrying out its functions, the Committee has the right to access the company information and functions needed to perform its duties. The Chair of the Committee, or other member of the Committee delegated by the Committee itself for specific matters, may have access to company functions for fact-finding activities needed for Committee meetings. The Committee also has the right to make use of outside consultants selected by it having assessed in advance whether such consultants might place themselves in a situation that compromises the independence of their judgement. To achieve this, the Committee shall verify that the consultants are in possession of the requirements of independence before an engagement is first made and subsequently on at least an annual basis. It shall consider in particular that the consultants themselves must not simultaneously provide services of such a nature as to concretely compromise their own independent judgement to the Human Resources Area, to Board Members and to Key Management Personnel and to the respective organisational units to which they belong. The Committee assesses the appointment of external consultants on remuneration matters that the Board of Directors may decide to engage for advice or assistance, used for operational aspects of organisational units in the Group. The Committee did not make use of consultants during the year. In order to be able to carry out its duties, the Committee shall have access to sufficient resources both financial and human to ensure its independence. Prior determination by the Committee for opinions, advice and proposals to be submitted to the Board of Directors is a necessary precondition for resolutions concerning remuneration. In accordance with its own regulations, on invitation of the Chairman, the chiefs of the human resources, risk management and internal audit functions, as well as other senior managers of internal units and functions of the Bank whose presence is considered useful by the Committee itself participated in meetings of the Committee for specific items on the agenda involving their respective areas of responsibility. Furthermore, the Compliance Function normally attends all the meetings of the Committee. During the year and with specific reference to the 2020 remuneration policies, attention is drawn to the activity carried out by the Committee to also assess the introduction of sustainability


indicators, including diversity, for which a specific policy has been made available, with the objective of defining a remuneration system that also takes these issues into account. The Remuneration Committee has also: - assisted the Board of Directors for remuneration awards to directors; - formulated an opinion to the Board of Directors for the purpose of approving the Group

Incentive scheme for 2019; - formulated an opinion to the Board of Directors for the purpose of an update of the scope of

application of “key personnel” for 2019; - formulated an opinion to the Board of Directors for the purpose of an update of the Guidelines

for the remuneration and incentives schemes of the Group; - carried out activities for the Board of Directors for the approval of the 2019 Remuneration

policies and the long-term incentive schemes; - carried out the activities on behalf of the Board of Directors for the approval of the

Remuneration Report submitted to a Shareholders’ General Meeting for approval; - formulated an opinion to the Board of Directors for the purpose of approving the Gender

Diversity & Inclusion Policy; - supported the Board of Directors with the examination of the Report on the verifications

conducted by the Internal Audit Function on the remuneration and incentive practices for 2019;

Members of the Committee abstain from participating at meetings of the same Committee which formulate proposals for the Board that relate to their own remuneration. During the year the Committee did not formulate proposals for the Board that related to its own remuneration. The Committee has a duty to report to the Board of Directors on its activities, normally by means of appropriate reports to be submitted to the next subsequent meeting. The Chair of the Committee reports on specific questions submitted from time-to-time to the Board of Directors for decision-making and that is on questions which the Committee has been asked to investigate by the Board of Directors and it also submits the relative supporting documentation for the work to the Board of Directors itself. Further information on Remuneration and incentive policies is given in Section I of the Report on remuneration policies and wages published pursuant to Art. 123-ter of the Consolidated Finance Law. The Appointments Committee met 10 times between 16th April 2019 and 31st December 2019. The average length of the meetings was approximately one hour and they were all properly minuted. Further information on the attendance of each member at the meetings of the Committee during the year is given in Summary table No. 2 attached to this report. The Appointments Committee has met four times so far in 2020. Risk Committee The Committee is composed of three members, selected from among the members of the Board of Directors, all of whom are non-executive and independent in accordance with Art. 21 of the Articles of Association, and collectively they are in possession of sufficient knowledge, expertise and experience to be able to fully understand and monitor risks, strategies and approaches to the various risk profiles of the Bank and the Group and they are in possession of adequate experience of accounting and finance, to be evaluated by the Board at the time of appointment. The Chairwoman of the Board of Directors may not be a member of the Committee. The Chairman of the Committee is appointed by the Board of Directors and, in accordance with Art. 31 of the Articles of Association, may not be the Chair of another committee. The Chairman must be in possession of the requirements of independence pursuant to Art. 21 of the Articles of Association.


The Committee has the duty to support the Board of Directors by performing fact-finding and advisory functions and by submitting proposals in those areas overseen by the Board of Directors in its capacity as the strategic supervisory body, in accordance with the supervisory regulations in force from time-to-time (Circular No. 285 issued by the Bank of Italy, in particular), on the following matters: the risk and the internal control system inclusive of determination of the “Risk appetite framework” (RAF) and risk management policies, the approval of the proposed separate and consolidated financial reports together with the consolidated non-financial statement and the examination of the half-year financial report and the quarterly financial reports, when prepared. Without prejudice to the responsibilities of the Remuneration Committee, the Committee helps to ensure that remuneration policy reflects and promotes sound and effective risk management. The Committee: _ having first consulted with the Management Control Committee and received advice from the

Appointments Committee, makes proposals for the appointment and removal of the managers of the corporate control functions as defined by the supervisory regulations inclusive of the Head of Anti-money Laundering; having first consulted with the Management Control Committee it formulates an advisory opinion for the Board of Directors concerning the appointment and removal of the Senior Officer responsible for preparing the company accounting documents pursuant to article 154-bis of Consolidated Finance Law;

_ carries out a prior examination of programmes and activities (including an audit plan) and annual reports prepared by corporate control functions for submission to the Board of Directors;

_ examines proposals relating to strategic, business and financial plans, budgets, organisational structure and development strategies for the IT system and the business continuity system, with a focus on the overall impact on the risks resulting from the specific initiative;

_ submits assessments and opinions to the Board of Directors on compliance with the standardised principles of the internal control system and corporate organisation and with the requirements that must be observed by corporate control functions, bringing any weaknesses there may be to the attention of the Board of Directors together with the consequent corrective action to be taken. For this purpose it assesses proposals made by the Chief Executive Officer;

_ assists, by means of assessments and opinions, with Group policy-setting for the outsourcing of corporate control functions;

_ verifies that corporate control functions comply properly with the Board of Directors’ recommendations and guidelines and it assists the latter in the preparation of the co-ordination document required by Circular No. 285, Title IV, Chapter 3;

_ assesses the proper use of accounting policies for the preparation of separate and consolidated financial reports and to this end it co-ordinates with the Senior Officer responsible for the preparation of company accounting documents and with the Management Control Committee having first consulted, where appropriate, the firm engaged to carry out the external statutory audit of the accounts.

With particular reference to duties concerning risk management and control, the Committee performs functions to support the Board of Directors: - in the setting and approval of strategic guidelines and risk management policies.


In the context of the RAF, the Committee carries out valuations and makes proposals for the aspects for which it is responsible, in order for:

- the body with the strategic supervision function to be able to define and approve risk appetite, risk tolerance and the other targets included in the various documents constituting the RAF;

- in monitoring the proper implementation of strategies, risk government policies and the RAF; - in the assessment of periodic reports (including those relating to internal models for the

supervisory authorities), inclusive of the results of the process for the self-assessment of internal Group adequacy in terms of the principles of the Supervisory Review and Evaluation Process (SREP) of the competent supervisory authorities;

- in the assessment of Internal Capital Adequacy Assessment Processes (ICAAP) and Internal Liquidity Assessment Processes (ILAAP) and the relative results, ensuring consistency with the RAF and prompt adjustments to comply with significant changes in strategic guidelines, or organisational structure and the operating context;

- in the assessment of documents that the Group prepares and submits to the competent authorities relating to changes to validated internal systems for the purposes of calculating the capital requirement or in any event communications on these matters to the same authorities that require the approval of the Board of Directors; in the assessment of the process for the development and validation of internal systems used to measure risks not used for regulatory purposes;

- in the assessment of the results of activities for monitoring Non Performing Loans (NPL), carried out in accordance with the relevant guidelines issued by the competent authorities;

- in the assessment of the second level credit risk management process; - in the assessment of non-viability risk in the context of the “Recovery plan”, falling under the

umbrella of the Risk Appetite Framework; - in setting policies and defining assessment processes for corporate activities, including

verification that prices and terms and conditions and risks associated with products, financial services and generally with business with customers are consistent with the business model and with strategies concerning risk.

In this context, the Committee supports the Board of Directors in the assessment of risks connected with the business model and in understanding the procedures by which risks are detected and measured; in ensuring that the strategic plan, the RAF, ICAAP, ILAAP, the budget and the internal control system them are all compatible with each other. The Committee shall also assess reputational risk matters (Policy, Reputational Risk Reporting, etc.) before the analysis made by the Board of Directors in accordance with the provisions governing reporting. The Committee shall also involve other committees where the results of the analyses carried out may be useful to them for the purposes of making the assessments for which they are responsible. With regard to the approval of accounting policies and the approval of proposed separate and consolidated financial reports and the examination of the half-yearly and quarterly financial reports, if prepared, the Committee supports the Board of Directors with fact-finding, advisory and proposal-making functions in assessing the proper use of accounting policies by conducting detailed examinations with the Senior Officer responsible for preparing the company accounting documents and where appropriate by consulting with the firm engaged for the external statutory audit of the accounts, which may include joint meetings with the Management Control Committee. The Board of Directors may also ask the Committee to study specific issues within the scope of its responsibilities. Without prejudice to the responsibilities of the Remuneration Committee, the Committee checks that the mechanisms underlying incentive schemes that are part of the Bank and the Group’s remuneration and incentive system are consistent with the risk profiles identified in the RAF and with the Bank’s levels and strategies regarding capital and liquidity requirements and profit targets including those regarding timing. The Committee also supports the Board of Directors, coordinating with the Remuneration Committee, in defining the process for the identification of "Identified Staff" (“material risk takers”), and takes part in the identification and exclusion process for the definition of the relative perimeter.


The Committee supports the Board of Directors in the assessment of strategies and implementation plans for the management of non-performing loans, ensuring that they are consistent with the RAF and the strategic plan. The Committee supports the Board of Directors with corporate social responsibility issues and supervises sustainability matters connected with running a company and with its relations with stakeholders. In this respect it assesses policies and processes for the preparation and publication of the consolidated non-financial statement, the risk map, the materiality matrix and the proposal regarding guidelines and strategic macro-objectives relating to sustainability, verifying that these are consistent with the Group’s strategic policies. It periodically examines updates on the progress of sustainability actions undertaken and the consequent impacts on the consolidated non-financial statement. The Committee supports the Board of Directors in it duties regarding compliance risk, by assessing the policies processes and methods for compliance risk management and examining the report on the outcomes. In carrying out its functions, the Committee has the right to access the company information and functions needed to perform its duties. The Chair of the Committee, or other member of the Committee delegated by the Committee itself for specific matters, may have access to company functions for fact-finding activities needed for Committee meetings. The Committee also has the right to make use of outside consultants selected by it having assessed in advance whether such consultants might place themselves in a situation that compromises the independence of their judgement. To achieve this the Committee shall have sufficient resources available to it both in terms of finance and human resources to ensure its independence. Senior managers of internal units and functions of the Bank whose presence was considered useful by the committee took part in meetings at the invitation of and according to the procedures set by the Chairman. On 14 occasions the Risk Committee examined matters of common interest jointly with the Management Control Committee, both in meetings with the Senior Officer Responsible and the independent auditors, in relation to the preparation of financial statements and periodic financial reports, and at other times for the discussion of specific issues. The members of the Committee are in possession of sufficient knowledge, expertise and experience to be able to fully understand and monitor the Bank’s risk strategies and orientations. At least one member of the Management Control Committee, designated by it on a rotating basis, attends meetings of the Risk Committee without voting rights, in order to ensure co-ordination in carrying out their respective duties and functions. The Committee has reported to each meeting of the Board of Directors, giving a precise account of the activities carried out and main findings discovered by means of specific reports and summaries. With particular reference to the activities carried out during the year, the Risk Committee has, amongst various issues, supported the Board of Directors in the following areas: • Reporting of the corporate control functions, Reporting in relation to SREP, RAF, ICAAP and

specific risk-related topics; • Outcomes of inspections carried out by the Supervisory Authority; • Accounting reports, interim financial report, quarterly consolidated financial report and

financial statements; It also supported the Board of Directors in addressing strategic, commercial, managerial, legal and organisations matters. During the year the Committee had access to the information and Company functions that were necessary for the performance of its duties. The Risk Committee performs its functions and activities using means and resources made available by the Company at the request of the same Committee.


The Risk Committee met 21 times between 16th April 2019 and 31st December 2019. The average length of each meeting was approximately four hours. Further information on the attendance of each member at the meetings of the Committee during the year is given in Summary table No. 2 attached to this report. The Risk Committee has met eight times so far in 2020. Thirty two meetings have been scheduled for the current year. Related Parties and Connected Persons Committee

The Related Parties e Connected Persons Committee is composed of three members, including the chairman, appointed by the Board of Directors from amongst its members in possession of the requirements of independence pursuant to Art. 21 of the Articles of Association.

All the members of the Committee are in possession of expertise and professionalism in relation to the activities performed by the Bank and of the independence of judgement appropriate to their positions. All members of the Committee must be independent directors. Possession of the requirements of independence by the members of the Committee is certified by the Board of Directors when they are appointed and it is verified periodically every six months. The Committee is responsible for carrying out the functions and duties set out in the “Single Policy on transactions with Related Parties in accordance with Consob Regulation No. 17221/2010, Connected Parties in accordance with Bank of Italy Supervisory Regulations Circular No. 263, Identified Staff of the UBI Group, Significant Parties in accordance with Art. 136 of the Consolidated Banking Law and Other Significant Parties” and the regulations for its implementation (hereinafter also the “Single Policy” and “Single Regulation”), which represent the document drawn up by UBI Banca, as Parent of the UBI Group, which contains the principles and guidelines to be adopted by the UBI Group for all situations of actual or potential conflict of interest subject to the procedural and decision-making rules in accordance with the Single Regulation. All UBI Group companies (including the non-banking members), in Italy or abroad, are required to implement both the Single Policy and their own Single Regulation. In terms of their procedural and decision making aspects, the Single Policy and Single Regulation serve to implement the principles and controls required by the provisions relating to the regulation of transactions with related parties, connected persons, "Identified Staff" and significant parties pursuant to Art. 136 of the Consolidated Banking Law, as well as any other person defined as significant by the Bank on a self-regulatory basis, and also in consideration of the provisions of


articles 2391 and 2391-bis of the Civil Code. The provisions of the aforementioned regulations form an integral part of the Single Policy and Single Regulation. The Single Policy and the relative amendments are published on the website of UBI Banca (www.ubibanca.it), along with the Single Regulation. For further information on the Single Policy and Single Regulation, see paragraph 12 of this report.

Senior officers of the Bank and all other persons whose presence is deemed useful by the Committee in formulating its opinion or when the subjects under discussion on the agenda render it advisable may be called upon to participate in meetings of the Committee on invitation of the Chairwoman, in relation to the subject dealt with. With particular reference to transactions with parties related to UBI Banca, as defined in accordance with the “Single Policy on transactions with Related Parties in accordance with Consob Regulation No. 17221/2010, Connected Parties in accordance with Bank of Italy Supervisory Regulations Circular No. 263, Identified Staff of the UBI Group, Identified Parties in accordance with Art. 136 of the Consolidated Banking Law and Other Identified Parties” (the “Single Policy”) and the Single Regulation, the following persons may be called upon to participate in meetings of the Committee: the Chairman of the Board of Directors, the Chairman of the Management Control Committee and the Chief Executive Officer on invitation of the Chairwoman of the Committee, and also the managers of the corporate functions of the Bank and its subsidiaries in relation to the details of the transaction, the managers of the Internal Audit Function and external advisors appointed to assist the Bank or one of its subsidiaries in the negotiations concerning the transaction performed with Related Parties of UBI Banca.

The Committee, amongst other things: - is called upon to provide a reasoned non-binding opinion on the interests of the Bank in the performance of a transaction and also on the advantages and fairness in substance of the relative conditions, for the purposes of making a decision on the transaction; In this respect, it is underlined that the Committee is called upon to express an opinion, amongst other things, on the resolutions that regard remuneration, unless these are cases of exemption in accordance with the Global Regulation; - in cases of “Transactions of Greater Significance” is involved starting at the negotiation and fact-

finding stage by means of the receipt of full and prompt information and with the right to request information and to make observations to the delegated bodies and the parties charged with conducting the negotiations or the fact-finding investigation.

In the context of the aforementioned activities, the Committee examined seventeen transactions in 2019, giving a favourable, reasoned and non-binding opinion in relation to each of them.

The Committee met twelve times between 16th April 2019 and 31st December 2019 (the average length of each meeting was approximately one hour), performing the duties and functions assigned to it by the Single Regulation, in compliance with the provisions of the Consob related party regulations, Bank of Italy regulations and Art. 136 of the Consolidated Banking Law.

Further information on the attendance of each member at the meetings of the Committee during the year is given in Summary table No. 2 attached to this report. The Related Parties and Connected Persons Committee has met twice so far in 2020.



7 REMUNERATION AND SUCCESSION PLANNING Information concerning remuneration policies is given in Section I of the Remuneration Report prepared in accordance with Art. 123 ter of the Consolidated Finance Law, which may be consulted.

The remuneration of the Governing Bodies is defined in compliance with the current regulatory framework and in accordance with the Articles of Association, based on best practice, national guidelines and in future European guidelines.

It is designed to attract the best skill sets and is based on principles of both fair remuneration for similar roles and differentiation between roles on the basis of the levels of responsibility and risk involved. It also takes account of the professional skills required, the time and commitment employed, and market competitiveness.

In detail, the fee structure involves a cap set by the fee paid to the Chairwoman of the Board of Directors, which in compliance with supervisory regulations on remuneration is nevertheless lower than the fixed remuneration of the Chief Executive Officer.

No “attendance token” payments exist for meetings of the Governing Bodies.

Members of the Governing Bodies classified as senior management may receive forms of remuneration linked to results, while all the other members of the Governing Bodies of the Group receive no variable remuneration. There are no guaranteed bonuses (without prejudice to exceptions allowed by legislation and regulations, limited to the first year of employment, for board members classified as senior management) or leaving bonuses. Remuneration of members of the Board of Directors The Bank’s Articles of Association provide for a Shareholders' Meeting to establish, when appointing the Board of Directors, in compliance with existing regulations, an overall remuneration for the members of the Board, therein including the Chairman, the Deputy Chairman, the members of internal board committees provided for by Art. 31 of the Articles of Association, excluding the members of the Management Control Committee. On the basis of a proposal from the Remuneration Committee, the Board of Directors allocates this total remuneration internally. This allocation takes account of the time commitment and the skill sets required for carrying out individual duties, thereby paying adequate compensation for the duties and responsibilities assigned. The Board of Directors, on the basis of a proposal from the Remuneration Committee, may establish an additional remuneration for Directors invested with particular roles provided by the Articles of Association as well as for the Chief Executive Officer and the Directors who are members of the committees provided for in Art. 32 of the Articles of Association, but not for the Chairman, the Deputy Chairman and the members of the committees provided for by Art. 31 of the Articles of Association. This additional remuneration also takes account of the time commitment and the skill sets required for carrying out the duties. Remuneration, including the overall remuneration provided for by the first paragraph of this sub-section, is determined in a fixed amount, with the exception of what is due to the Chief Executive Officer. Again in accordance with the Articles of Association, the Directors are entitled to the reimbursement of the expenses incurred by reason of their office. The fees that members of the Parent’s Board of Directors may receive for participation in the Governing Bodies of Group companies may not exceed, overall, a cap of two thirds of the amount due for holding the office of Member of the Board of Directors of UBI Banca. Any exemptions for exceptional reasons are in any event subject to the prior approval of the Board of Directors, following consultation with the Remuneration Committee. Remuneration for the position of member of the Management Control Committee The Shareholders' Meeting establishes at the time of appointment as a fixed and per capita quota – but with an increase for the Chairman – for the entire duration of the office, the remuneration for the members of the Management Control Committee.


The members of the Management Control Committee who may be called upon to be members of the Risk Committee or the Related Parties and Connected Persons Committee nevertheless have the right to receive the remuneration paid to members of those committees.

* * *

Further information on the remuneration and incentive policies in place in the UBI Banca Group is given in Section I of the Report on Remuneration published pursuant to Art. 123-ter of the Consolidated Finance Law.

The Shareholders’ Meeting on 12th April 2019 passed the following resolutions in relation to the remuneration of the governing bodies: - €2,450,000 as the overall annual remuneration for members of the Board of Directors, inclusive

therein of the Chairwoman, Deputy Chairman and members of the committees formed pursuant to Art. 31 of the Articles of Association, but not members of the Management Control Committee;

- €180,000 as the specific annual remuneration for each of the members of the Board of Directors who are also members of the Management Control Committee and €60,000 as the additional annual remuneration for the Chairman of the Management Control Committee, in addition to the reimbursement of out-of-pocket expenses.

The following table shows the remuneration paid to the governing bodies for 2019-2020-2021, as approved by the Shareholders’ Meeting on 12th April 2019 and by the Board of Directors on 16th April 2019:

ROLE ANNUAL

REMUNERATION (IN EURO)

Member of the Board of Directors who is not also a member of the Management Control Committee 120,000

In addition to the above remuneration for the position of Director:

Chairwoman of the Board of Directors 480,000

Deputy Chairman of the Board of Directors 230,000

Chairman of the Risk Committee 70,000

Members of the Risk Committee 40,000

Chairmen of other board committees 50,000


Members of other board committees 30,000

Chief Executive Officer 500,000

Member of the Board of Directors who is also a member of the Management Control Committee €180,000.00

In addition to the above remuneration for the position of Director who is a member of the Management Control Committee as above:

Chairman of the Management Control Committee 60.000

The remuneration paid during the year to members of the governing and strategic supervision bodies for any reason and in any form is given in Section II of the Report on remuneration policies and wages published pursuant to Art. 123-ter of the Consolidated Finance Law. Indemnities for Directors in the event of resignation, dismissal or termination of contract following a public tender offer to purchase (pursuant to Art. 123 - bis , paragraph 1, letter i) of the Consolidated Finance Law) The criteria for determining extraordinary remuneration, in addition to what is required by law or under the national trade union agreement, in the event of the early termination of the employment relationship or of the position held, including the limits set in terms of years of fixed remuneration and the maximum amount resulting from their application, are set by the Shareholders’ Meeting. Any individual agreements will be managed within the context of the criteria set by the Shareholders’ Meeting, up to a maximum of 24 months of fixed individual remuneration (in addition to the first 12 months of a non-competition agreement, if this has been signed) and paid in accordance with the provisions of the Supervisory regulations for banks on remuneration and incentives.

Those payments and disbursals are included in the calculation of the limit on the ratio of variable to fixed remuneration relating to the last year of an employment relationship or occupation of a corporate office, with exception made for amounts agreed and paid:

. on the basis of a non-competition agreement, in the amount that for each year of the duration of the agreement does not exceed the last year’s payment of fixed remuneration;

a. as part of an agreement between the Bank and staff, however that may be reached, to settle a current or potential dispute (a “settlement agreement”), if it satisfies the formula described in Section I of the Report on Remuneration.

If any payments are graduated this will be determined in relation to the specific circumstances, taking account of the underlying reasons for the termination of the employment relationship, the position held, the long-term performance in terms of the creation of value for shareholders and the appropriateness of the person’s conduct. There will, however, be no possibility of any automatic adjustment or minimum payment obligation, without prejudice to the constraints required by law and the national trade union agreement.

A structured approval process is followed for decisions regarding “Identified Staff”. More specifically, the Board of Directors bases its assessments on a proposal formulated, in agreement with the Chief Operating Officer, by the competent internal units, subject to prior verification of its consistency with remuneration policies by the Remuneration Committee. In those cases where compliance with the above provisions may not allow a company to achieve important objectives in the interests of the Group and where it may therefore be necessary to exceed the limits and/or follow other criteria for the calculation of payments and the procedures for making them, a proposal shall be submitted, together with the reasons and/or advantages for the company for following different rules, to the Board of Directors for approval, after receiving an opinion from the Remuneration Committee with adequate information given as part of the annual remuneration report in cases of “Identified staff”.

The remuneration package for the Chief Executive Officer of UBI Banca was updated at the time of the renewal of terms of office at the 2019 Shareholders’ Meeting, more specifically he signed a non-


competition agreement to protect the human and economic capital of the Bank in order to avoid the risk of market competition. The non-competition agreement provides for the payment, at the time of the termination of employment, of one year of fixed remuneration as an employee of the Company in a managerial position, a ban on taking up a position similar to that occupied in the Group in other Italian banks and on operating either directly or indirectly in the banking sector in the same geographical area for a period of twelve months subsequent to leaving. It also requires the Chief Executive Officer to pay a penalty amounting to twice the amount paid if he breaches that non-competition obligation.

Further information is given in Section I of the Remuneration Report. Succession Planning During the year, the new Board of Directors appointed in April, with the active support of the Appointments Committee, appointed a leading independent specialised firm to define a succession plan for the Chief Executive Officer and the key management positions in the Group, partly in view of the change of governance, and carry out a substantial review of the previous succession plan last approved by the Supervisory Board in early 2019. The objectives of the new Succession Plan are to: (i) respond to requests from the Bank’s stakeholders for a thorough and clearly presented succession plan that also meets the requirements of the Supervisory Authority, (ii) identify possible credible and reliable successors for key management positions and (iii) develop a robust training and development programme for candidates. The project is structured in several stages, applying methods based on international best practices, by defining the expected profile for the various managerial positions, evaluating of managers within the Group, drafting individual reports with a comparative analysis of the candidates, benchmarking of the quality of each candidate against the external market and, if no obvious candidates are identified for succession to the various management positions, mapping the market. The purpose of all this is to define specific actions to accelerate management development through targeted coaching and training initiatives. The part of the project relating to the Chief Executive Officer has been concluded, while the part for key management positions is still ongoing and expected to end during 2020.


8 TWO-TIER GOVERNANCE BODIES (until 12th April 2019)

8.1 Introduction and reference to the 2019 Report As previously noted, the Extraordinary General Meeting of 19th October 2018 adopted the one-tier model of governance and control with effect from the appointment of the members of the new Governing Bodies by the Ordinary Shareholders’ Meeting held on 12th April 2019. Until that date, UBI Banca had a two-tier model of governance and control, characterised by the presence of a Supervisory Board, to which members were appointed by the Shareholders’ Meeting, and a Management Board, to which members were appointed by the Supervisory Board, pursuant to articles 2409-octies et seq. of the Civil Code and Art. 147-ter et seq. of the Consolidated Finance Law. The main distinguishing features of the two tier system adopted by UBI Banca lay in the distinction between: • policy, strategic supervision and control functions assigned to the Supervisory Board, which

combined some of the powers assigned by traditional systems to Shareholders' General Meetings (approval of financial statements, appointment of the members of the management body and determination of the relative fees) and to Boards of Statutory Auditors and assumed some "senior management" responsibilities, insofar as it is called upon to take decisions on proposals submitted to it by the Management Board, to which it can submit prior guidelines, on the business and/or financial plans and budgets of the Bank and the Group and also on strategic operations indicated in the Articles of Association;

• the corporate management functions, assigned to the Management Board, which had exclusive authority to perform all ordinary and extraordinary operations necessary to the pursuit of the company objects, in compliance with the general guidelines and strategic policies approved by the Supervisory Board.

The following section gives detailed information on the composition and procedures of the governing bodies in the previous two-tier model. For further information on this, see the Report prepared in 2019, which is available in the Corporate Governance – Corporate Documents section of www.ubibanca.it. 8.2 The Supervisory Board Composition and working methods The Supervisory Board was the governing body within the previous two-tier system of corporate governance adopted by UBI Banca and performed policy, strategic supervision and control functions, governed by the provisions of the law and regulations, the Articles of Association and its own Regulations. The Supervisory Board had approved its own Regulations and those of each of the internal committees formed within it for its support, while also taking account of the principles and criteria laid down in the Corporate Governance Code. The Supervisory Board was composed of 15 members, including a Chairman, a Senior Deputy Chairman and two Deputy Chairmen, appointed by a Shareholders’ Meeting. The Supervisory Board in office until 12th April 2019 was composed of 15 members, elected by the UBI Banca Shareholders’ Meeting held on 2nd April 2016 on the basis of slates. Following two resignations during the mandate, two members of the Supervisory Board were appointed by the Shareholders’ Meeting on 7th April 2017 and 14th December 2018, as previously reported in the report for last year. At the date of the expiry of its mandate (i.e. on 12th April 2019) the members of the Supervisory Board were thus as follows: 1 Andrea Moltrasio Chairman


2 Mario Cera Senior Deputy Chairman 3 Pietro Gussalli Beretta Deputy Chairman 4 Armando Santus Deputy Chairman 5 Francesca Bazoli Board Member 6 Letizia Bellini Cavalletti Board Member 7 Pierpaolo Camadini Board Member 8 Alberto Carrara Board Member 9 Ferruccio Dardanello Board Member 10 Alessandra Del Boca Board Member 11 Giovanni Fiori Board Member 12 Patrizia Michela Giangualano Board Member 13 Paola Giannotti Board Member 14 Giuseppe Lucchini Board Member 15 Sergio Pivato Board Member More detailed information on the composition of the Supervisory Board is given in Summary table No. 3 attached to this Report. The Supervisory Board (which amongst other things exercised powers to perform tasks that in the traditional system are carried out by the Shareholders’ Meeting such as the approval of the separate and consolidated financial statements, the appointment and dismissal of and determination of remuneration for members of the Management Board) was also responsible for the control function of the Bank and thus performed duties pursuant to Art. 149, paragraph 1 of the Consolidated Finance Law. These duties included overseeing compliance with laws, regulations and the Articles of Association, the proper performance of management activities and the adequacy of the organisational structure and accounting systems; It was also responsible for control functions pursuant to the supervisory regulations, including the assessment of the efficiency and adequacy of the internal control system, with particular regard to risk management, the functioning of the internal audit and the accounting reporting system. Internal committees While it acknowledged the principle of collegiate responsibility in the performance of its duties, the Supervisory Board - in relation to its responsibilities, its composition and the characteristics of its members – had decided to establish internal committees as follows: - Appointments Committee 5 members - Remuneration Committee 3 members - Internal Control Committee 5 members - Risk Committee 5 members - Related Parties and Connected Persons Committee 3 members. The meetings of these committees were properly minuted. In the performance of their functions the committees had the possibility to access the information and corporate functions necessary for the performance of their duties and make use of external consultants under the terms and conditions set by the Supervisory Board. Each committee was governed by special regulations which determined its responsibilities and functioning. Appointments Committee On 12th April 2019 the Appointments Committee was composed of the following members of the Supervisory Board: - Andrea Moltrasio - Chairman of the Supervisory Board - Mario Cera - Senior Deputy Chairman of the Supervisory Board - Letizia Bellini Cavalletti - Pietro Gussalli Beretta - Giovanni Fiori. The Appointments Committee, in carrying out its proposal-making functions, carried out investigative functions to establish qualitative and quantitative career profiles for appointments to


the Management and Supervisory Boards; evaluated the adequacy of succession plans at the level of the senior positions on the Management Board and Senior Management; defined processes to assess the work of the Management and Supervisory Boards; carried out support functions for the purposes of the self-assessment of the Management and Supervisory Boards and supported the Management and Supervisory Boards in verification of the conditions provided for in Art. 26 of the Consolidated Banking Law; supported the Risk Committee in the formulation of proposals to Supervisory Board to appoint and remove the heads of the Internal Control Committee, in compliance also with the responsibilities of the Internal Control Committee; performed assessment activity for the issue of a non-binding opinion which the Supervisory Board may express in accordance with Art. 38, paragraph one, letter n) of the Articles of Association on the candidates proposed by the Management Board to the position of board member and statutory auditor of the subsidiaries listed in Art. 27, paragraph two, letter b) of the Articles of Association; formulated opinions and proposals concerning the corporate governance and regulatory policy of the Parent Bank and the Group that fall within the sole remit of the Supervisory Board; followed the updating of the corporate governance rules and the principles of conduct that may be adopted by the Parent Bank and its subsidiaries, while also taking developments in this field at the national and transnational levels into account; evaluated whether there was an adequate level of engagement with corporate social responsibility; supervised matters of sustainability associated with business activities and with the development of interactions with stakeholders; The Appointments Committee met three times between 1st January 2019 and 12th April 2019 to assist the Supervisory Board with reference, amongst other things, to the following issues: Report on qualitative and quantitative composition for the purposes of the election of the new Board of Directors by the Shareholders’ Meeting; Self-assessment process of the Supervisory Board for 2018; Succession Planning; Management of the Group’s charitable donations. Remuneration Committee On 12th April 2019 the Remuneration Committee was composed of the following members of the Supervisory Board: - Alessandra Del Boca, as the Chairwoman - Ferruccio Dardanello - Patrizia Michela Giangualano. On the basis of its Regulations, the Remuneration Committee formulated proposals and opinions for the decisions the Supervisory Board submitted to the Shareholders’ Meeting for approval concerning: setting the remuneration for members of the Supervisory Board, remuneration and incentives policies for the Management and Supervisory Boards, remuneration and/or incentives policies based on financial instruments for members of the Management Board, the preparation of the Remuneration Report, setting the remuneration for members of the Management Board and setting remuneration policies for the governing bodies of subsidiaries and/or for employees and associate workers of UBI Banca and the Group not bound to companies by employee contracts; it formulated opinions for the purpose of verifying compliance with the remuneration and incentive policies approved by the Supervisory Board; it had, in any event, the duty to make proposals for the remuneration of the General Manager and the Senior Deputy General Manager and for the remuneration of additional personnel for whom the methods of remuneration and incentivisation are decided by the Supervisory Board; it collaborated with other internal committees of the Supervisory Board, co-ordinating in particular with the Risk Committee, ensuring, in accordance with regulations in force, that the competent corporate functions were involved in the process of drawing up and monitoring remuneration and incentive policies and practices; it gave an opinion, assisted by information received from the competent corporate functions, on the achievement of the performance objectives to which incentive schemes are linked and on the satisfaction of other conditions set for the payout of remuneration; it periodically assessed the appropriateness, overall consistency and concrete implementation of the general policy pursued for the remuneration of senior managers and Key Personnel of the UBI Banca Group; it had direct oversight of the remuneration of the managers of corporate supervisory functions in close co-operation with the Supervisory Board. The Committee met four times up to 12th April 2019 with reference, amongst other things, to the following issues: Group remuneration policies; Identification of the “Identified staff” perimeter for


2019; Update to the Policy for Remuneration Processes; Remuneration Report for Group member companies; the Use of Financial Instruments for the Group Incentive Scheme; benchmark evaluations for the remuneration of members of governing bodies; Report on the checks carried out by the Internal Audit Function on remuneration and incentive practices; Top Management remuneration positions; 2019 incentive schemes. Internal Control Committee On 12th April 2019 all the members of the Internal Control Committee were members of the Supervisory Board who were independent pursuant to Art. 148 of the Consolidated Finance Law and a majority of them, including the Chairman, were independent pursuant to the Corporate Governance Code. In detail: - Giovanni Fiori, as the Chairman (*) - Pierpaolo Camadini - Patrizia Giangualano - Alberto Carrara (*) - Sergio Pivato (*)

(*) Enrolled in the Register of Statutory Accounting Auditors The activities of the Committee were governed by special regulations published in the Corporate Governance/Supervisory Board section of the Bank’s website, which determine its responsibilities and functioning. According to the contents of those, the purpose of the Committee was to support the Supervisory Board with fact-finding, advisory and proposal-making functions in those areas overseen by the Board in its capacity as the Supervisory Body in accordance with regulatory requirements as may be in force from time to time, in order to increase its effectiveness. The Internal Control Committee met seven times from 1st January to 12th April 2019. The average length of each meeting was a little over two hours (134 minutes). All the meetings were properly minuted. Further information on the attendance of each member at the meetings of the Committee during the year is given in Summary table No. 3 attached to this report. The Chief Audit Executive and the Chief of the Compliance Function attended the meetings of the committee. The regulations of the Committee provide that “if it is apparent from the matters on the agenda for discussion that this is advisable, the Chairman of the Supervisory Board may participate in the work of the Committee at his request or by invitation of the Chairman”. This provision was not applied during the period concerned. In relation to the matters discussed under specific items on the agenda, and at the request of the Chairman of the committee, representatives of UBI Banca and other Group companies, as well as outside professionals attending as consultants and representatives of the independent auditors have attended meetings as needed. The Committee reported on its activities at each meeting of the Supervisory Board. In this context, the Chairman of the committee also notified the Supervisory Board (normally as part of the examination of the quarterly reports made by the corporate control functions and also from time to time in relation to investigations made in relation to specific matters) of areas that have been observed requiring improvement or attention, requesting the adoption of appropriate measures to strengthen internal controls and assessing their effectiveness over time, by providing relevant information to support the work of the Supervisory Board. During the period concerned the Internal Control Committee mainly focused on: • the most important issues concerning the internal control system of the Bank, for the

purpose of evaluating the adequacy of the same, as follows: - the main legislative and regulatory changes in areas of importance to the general

architecture of the Group’s system of internal controls, including the Corporate Governance Plan for the adoption of the one-tier model of governance, with a particular focus on the updating of the Internal Control System Policy. In this context, specific attention has been paid to the system of powers, the definition and attribution of responsibilities, the management of resources (with particular reference to remuneration and incentive schemes);


- the management of conflicts of interest, partly through reports from the Compliance function on transactions with Significant Persons where there is a potential conflict of interest;

- the organisation and structure of the Bank, with a particular focus on the changes to the units of the corporate control functions. In this context, the implementation of the project for the development and reinforcement of the operational model for managing money-laundering risks was subject to examination and constant monitoring.

- verifications relating to the presentation of the slates of candidates for the renewal of the governing bodies, examined in preparation for the approval of the Supervisory Board;

- reporting lines, with particular regard to the reports made by the organisational units responsible for controls. In this context, there was a particular focus on aspects of co-ordination of the corporate control functions, partly through the use of an integrated reporting tool showing the most significant findings of the functions (Top Issues Report and Flash Report);

- issues relating to the ICT system, with specific reference to the strategic plan for IT in compliance with the regulations for the prudential supervision of banks, as well as the checks carried out by the Chief Information Officer on the adequacy of the Business Continuity Plan of the Group;

- assessment of the adequacy of the organisational structure and accounting systems of the Bank, taking into account information provided by the independent auditors and reports made by the Chief Financial Officer;

- issues relating to anti-money laundering, transparency, usury, compound interest and privacy, with a particular focus on specific projects being developed by the Bank to implement new legislation and regulations and the constant enhancement and improvement of controls. In this context, the Committee examined the annual report issued by the Data Protection Officer;

- product governance, by means of regular updates on the activity of the Products Committee;

- the performance of activities connected with the management of reports made by staff using the procedure provided for this and the examination of the periodic report made by the Chief Audit Executive, as the whistleblowers’ champion;

• the supervision of the adequacy of the system for managing and monitoring risk and of the compliance of the ICAAP process with the regulatory requirements, with reference to both the requirements for the Group to submit periodic reports to the Bank of Italy and the ICAAP and ILAAP processes;

• the evaluation of the activities plan of the corporate control functions and of their periodic reports on the activities carried out (Internal Audit, Compliance, Corporate Anti-Money Laundering Officer and Risk Management), also with reference to those that concern the assessment of the internal control and risk management system. In this context both the reporting framework and projects concerning the evolution of organisational models, tools, methods and processes involving the Compliance function have been examined and investigated, including the proposal for appointing a consulting firm to carry out an assessment of the Compliance function;

• changes to the Internal Audit, in terms of the organisational structure of the Unit, the number and quality of the staff engaged in the Function, changes in method and new operational tools adopted, also in order to monitor its independence, adequacy, efficiency and effectiveness. More specifically, the committee monitored the state of progress of the actions defined following the External Quality Assurance Review performed in 2018 and the process of strengthening the Internal Audit Unit, from an organisational viewpoint and in terms of human resources;

• the provision of investment services, with reference also made to the examination of the Annual Report in accordance with the joint Consob and Bank of Italy Regulations;

• aspects affected by legislation concerning external statutory audits of annual separate and consolidated financial statements, including specific meetings with the “Senior Officer Responsible for the preparation of corporate accounting documents” and with members of independent auditors, whose independence has been subject to constant and attentive monitoring by the Committee, including by means of stringent instructions and guidelines concerning the engagement of the Group’s independent auditors to provide advisory services;

• the consolidated non-financial statement pursuant to Legislative Decree No. 254/2016;


• on periodic and specific reporting on the results of analyses performed by the internal audit function;

• relations with the Supervisory Authority, with specific regard to inspections carried out by them and requests for self-analysis concerning specific transactions;

• an examination of the underlying causes of the main damaging events in the Group. Risk Committee On 12th April 2019 the Risk Committee was composed of the following members of the Supervisory Board: - Paola Giannotti, as the Chairwoman; - Francesca Bazoli - Patrizia Michela Giangualano - Sergio Pivato - Alberto Carrara. On the basis of its Regulations, the purpose of the Committee was to support the Supervisory Board by performing assessments, furnishing advice and submitting proposals in those areas overseen by the Board in its capacity as the strategic supervisory body on the following matters: risk and the internal control system inclusive of determination of the “Risk appetite framework” (RAF) and risk management policies, the approval of the proposed separate and consolidated financial reports and the examination of the half-year financial report and the quarterly financial reports, when prepared. Without prejudice to the responsibilities of the Remuneration Committee, the Risk Committee helped to ensure that remuneration policy reflected and promoted sound and effective risk management. The Risk Committee met seven times from 1st January to 12th April 2019, with reference, amongst other things, to accounting and tax issues (including procedures for testing goodwill for impairment), budget and sustainability issues, inspections by the supervisory authorities, matters pertaining to risk management (including: RAF, Basel 2 Project, new definition of default project, SREP Dashboard, Reputational Risk reporting, report and programme of the Risk Control Function, Activity plan of the Asset Quality Review Function, IFRS 9, ICAAP, ILAAP, Top Issue Report), issues relating to Human Resources (including: identification of the “Identified staff” perimeter. updates to the remuneration and incentives policies), audit planning, matters relating to loans and receivables (including: NPL Strategy, problem loan trends and coverage and compliance issues (including: the annual report of the Compliance function and the Compliance plan). Related Parties and Connected Persons Committee On 12th April 2019 the Related Parties and Connected Persons Committee was composed of the following board members: - Armando Santus, as the Chairman - Letizia Bellini Cavalletti - Paola Giannotti. The Related Parties and Connected Persons Committee carried out the functions assigned to it by the Consob related party regulations, the provisions of the Bank of Italy and the Group’s Single Policy and Single Regulation (on transactions with Related Parties in accordance with Consob Regulation No. 17221/2010, Connected Parties in accordance with Bank of Italy Supervisory Regulations Circular No. 263, Identified Staff of the UBI Group and Identified Parties in accordance with Art. 136 of the Consolidated Banking Law and Other Identified Parties). More specifically, it was called upon to provide a reasoned non-binding opinion on the interests of the Bank in the performance of transactions with parties with a potential conflict of interest and also on the advantages and fairness in substance of the relative conditions, for the purposes of making a decision on the transaction; also, in cases of “Transactions of Greater Significance” it was involved starting at the negotiation and fact-finding stage by means of the receipt of full and prompt information and with the right to request information and to make observations to the delegated bodies and the parties charged with conducting the negotiations or the fact-finding investigation.


The Related Parties and Connected Persons Committee met six times from 1st January to 12th April 2019, with reference, amongst other things, to issues relating to offers to purchase assets owned by UBI Banca made by counterparties who were a related party/connected person; credit lines and limits for significant parties within the meaning of Art. 136 of the Consolidated Banking Law; periodical reporting of transactions performed by UBI Banca with related parties, connected persons and “Identified Staff” and by those performed by Group member companies with connected persons; relationships between the Purchase Department of UBI Sistemi e Servizi, in the name of and on behalf of UBI Banca, and a supplier classified as a related party/connected person; charitable initiatives for the benefit of counterparties falling within the scope of Significant Persons within the meaning of the regulations governing transactions with a potential conflict of interest; update to the Group’s Single Policy and Single Regulation in relation to conflicts of interest; provision of a “General Resolution” for repeat suppliers. 8.3 The Management Board On 12th April 2019 the Management Board was composed of seven members, appointed by the Supervisory Board which also appointed its Chairwoman and Vice Chairman: Maria Letizia Brichetto Arnaboldi Chairwoman Flavio Pizzini Deputy Chairman Victor Massiah Chief Executive Officer Silvia Fidanza Board Member Ranica Osvaldo Board Member Elvio Sonnino Board Member Elisabetta Stegher Board Member The Chief Executive Officer was appointed by the Board of Directors.

The members of the Management Board were appointed by the Supervisory Board, on the basis of a proposal by the Appointments Committee, according to a criterion which, in compliance with Law No. 120 of 12th July 2011, ensured a balance between genders for the period provided for by that law. Without prejudice to compliance with the applicable regulations in force, two members of the Management Board were selected from amongst the senior management of the Bank. The Board Member nominated as the Chief Executive Officer in accordance with article 33 of the Articles of Association was not counted in that number even if he was a senior manager of the Bank at the time of his appointment or was appointed to that position subsequently. The members of the Management Board remained in office for three financial years. Their term of office expired on the date of the Supervisory Board meeting convened to approve the financial statements relating to their last year in office. The Chief Risk Officer attended meetings of the Management Board in a purely advisory capacity, without prejudice to the provisions of the supervisory regulations. Persons who were ineligible or debarred within the meaning of Art. 2382 of the Civil Code, as well as those who did not satisfy the requirements of integrity, professionalism or any other requirement contained in the relevant legislation and regulations, also with regard to the limits on the accumulation of positions imposed by internal regulations, could not be appointed as Members of the Management Board. However, at least one member of the Management Board had to possess the requirements of independence set forth in Art. 148, paragraph three of the Consolidated Finance Law. The Members of the Supervisory Board could not be appointed as Members of the Management Board as long as they continued to hold that office.

The members of the Management Board were actively involved in the management of the Bank in compliance with policies approved by the Supervisory Board and submitted to it by the Management Board itself, which as specifically required by the Articles of Association performed its


main activities exclusively on a collegial basis with no powers to delegate authority. More detailed information on the composition of the Management Board is given in Summary table No. 3 attached to this Report. In order for meetings of the Management Board to be valid - as a general rule and without prejudice to resolutions that had to be passed by qualified quorum - the presence of more than half the members in office was required. The Management Board met at least once a month, as well as each time the Chairwoman thought it fit to call a meeting or when a request was submitted by at least half of the members in office. Meetings were held alternating between the city of Bergamo and the city of Brescia and generally once a year in the city of Milan. The Management Board met eleven times during the year (in the period from 1st January to 12th April 2019), and the average length of meetings was approximately five hours. Remote participation in meetings of the Management Board was admissible by means of appropriate audio-video conference and/or teleconference systems on condition that all those with the right could participate and be identified and that they were able to follow the meeting and intervene in the matters dealt with in real time as well as receive, transmit or view documents, examining them and deciding on resolutions simultaneously with other members. In these cases, the meeting of the Management Board were considered as being held in the place where the person chairing the meeting and the secretary were located. The resolutions of the Management Board were taken by open ballot, with the vote in favour of the majority of members present, unless a resolution had to be passed by means of a qualified quorum (Art. 27.2 of the Articles of Association). At least one member of the Internal Control Committee attended meetings of the Management Board in compliance with regulations in force. The Chairwoman, after consulting with the Chief Executive Officer or on his request, could invite senior managers of the Group and/or external consultants to meetings to report on specific matters, or officers of Group member companies to report on matters in subsidiaries. The functions of the Management Board were given in Art. 28 of the Articles of Association, according to which the Management Board was responsible for managing the Bank in compliance with the general guidelines and strategic policies approved by the Supervisory Board, with account taken of the proposals made in relation to this by the Management Board itself. For this purpose, it carried out all the transactions that are necessary, useful or advisable for achieving the company objects, whether they refer to ordinary or extraordinary management. 8.4 The Board of Arbitrators On 6th April 2018 a Shareholders’ Meeting appointed the following Board of Arbitrators for the three-year period 2018-2020: Giuseppe Onofri - Chairman Attilio Rota - - Full arbitrator Rodolfo Luzzana - Full arbitrator Pierluigi Tirale - Alternate arbitrator Giampiero Donati - Alternate arbitrator Following the changeover to the new one-tier system of governance, the Board of Arbitrators ceased to exist as a governing body, because it was a role that is not consistent with the governance of a società per azioni (joint stock company).


9 GENERAL MANAGEMENT At its meeting on 16th April 2019 the Board of Directors resolved to confirm the appointment of Dott. Victor Massiah, the Chief Executive Officer, to the position of General Manager. In accordance with the Articles of Association, the General Manager: a) is the head of the operating structure; b) is the head of personnel; c) usually deals (unless otherwise indicated by the competent management bodies) with executing

the resolutions of the Board of Directors and the Chief Executive Officer; d) manages the current business in conformity with the guidelines of the administrative bodies; e) if not already a board Director, attends, with consultative vote, at the meetings of the Board of

Directors; f) deals with the operational co-ordination of the Company and the Group. Various responsibilities within the Group were assigned to Dott. Elvio Sonnino as Senior Deputy General Manager, Dott. Frederik Geertman and Dott.ssa Rossella Leidi as Deputy General Managers.


10 OPERATIONAL STRUCTURE THE UBI BANCA GROUP The UBI Banca Group operates on a multi-functional model for the product companies and an integrated model for the instrumental and service companies, able to ensure the pursuit of a unified business model through policy-setting for and strategic control of Group entities by the Parent. This organisation enables the Parent to exercise direct oversight of the business and its relationship with the areas where it operates, while also performing its functions of strategic management and governance (management, co-ordination and supervision) focusing the subsidiaries on their own core businesses, and at the same time generating savings, synergies and an integrated provision of products and services. The organisational model adopted governs the specialisation of distribution, production, service and governance functions and consists of four main components: 1. Parent, with four principal missions:

a. direction, co-ordination and control of the Group. In exercising its management and co-ordination activities, the Parent identifies the Group's strategic objectives, draws up a common business approach (mainly through the business plan and the budget) and – without prejudice to the autonomy of each member company in terms of its articles of association – it defines the lines of strategic development for each of them;

b. supervision of business functions performed both directly (supervision of the relevant markets or specific business areas) and indirectly (support for the core business activities of Banks and Product companies);

c. supervision of the control functions using a management model that is normally performed centrally by the Parent.

d. provision of business support services. The Parent, either directly or through subsidiaries, ensures the provision of consolidated supervision and business support services, with the aim of facilitating business growth and providing effective customer service by optimising operating costs through economies of scale and ensuring that the level of service is up to the highest standards in the industry;

2. Banks (IWBank as well UBI Banca itself), which cover their own markets or specific areas of business, with the objective of consolidating and broadening customer relationships, detecting any new needs and maximising the economic value and the quality of the services they provide at local level;

3. Product companies: in close co-operation with the Parent and the other subsidiaries, with the main mission of optimising the quality and range of products provided to Group customers;

4. Other instrumental and service companies, instrumental to the Group’s activities; their main mission is to improve the quality, range and the competitiveness of the services offered by concentrating the specialist expertise present in the Group.

THE PARENT With the aim of ensuring oversight of the various operating areas and guaranteeing the governance of the Group, the organisational structure of the Parent consists of the following Roles at the highest level of the organisation which report directly to the Chief Executive Officer:

1. Chief Commercial Officer; 2. Chief Wealth and Welfare Officer; 3. Chief Lending Officer; 4. Chief Operating Officer; 5. Chief Financial Officer; 6. Chief General Counsel; 7. Chief Risk Officer; 8. Chief Compliance Officer.

In order to guarantee the necessary autonomy and independence, however, the Chief Audit Executive and Chief of the Suspicious Transactions Area report to the Board of Directors. The list of first hierarchical reports to the Chief Executive Officer is completed by three further Areas: Anti-Financial Crime, Investor Relations and Communication.


The structure of the organisation chart includes the following reports to the first line managers referred to above: second level organisational roles (Heads of Macro Geographical Areas, Corporate & Investment Banking and Top Private Banking and organisational units of various ranks (Areas, Departments, Services and Functions). The organisational structure of the Parent is described in full in the General Company Regulations, which take the form of separate documents relating to the Central Units, the Macro Geographical Areas, Top Private banking and Corporate & Investment Banking. The first and second level organisational roles and the managers of organisational units are responsible for achieving the objectives assigned to them, partly through the co-ordination of the units reporting to them and the optimum use of the allocated resources. In this regard it is reported that all the organisational units of the Bank operate on the basis of the provisions of the regulatory system in force from time-to-time (policy, regulations and rulebooks) which represent the set of internal regulations by which the procedures for carrying out the principal corporate and Group processes. MANAGERIAL COMMITTEES UBI Banca, as the Parent of the Unione di Banche Italiane Group, also manages and co-ordinates the companies in the Group through the Managerial Committees in compliance with Art. 61, paragraph 4 of the Consolidated Banking Law and Articles 2497 and following of the Civil Code, without prejudice to the Articles of Association and operational independence of each company. UBI Banca committees have been created with the following main aims: 1. to pass resolutions within the limits of its powers; 2. to express opinions on matters to be submitted to higher bodies for their decisions 3. to carry out fact-finding activities on various subjects for submission to higher competent

bodies, aimed at making a contribution on the matters presented and at ensuring full analysis and monitoring on specific subjects (including on specific request from the Board of Directors).

Steering Committee Pursuant to Art. 24.3, letter d) of the Articles of Association of the Articles of Association of UBI Banca S.p.A., the Board of Directors approved the formation of a Management Committee. This committee, chaired by the Chief Executive Officer and composed of the first line management of the Bank, has a decision-making, advisory, investigative and informative role and has been established for the purpose of: 1. supporting the Board of Directors and the CEO in the performance of their respective functions,

for which purpose they may ask the Management Committee to produce any type of report or analysis;

2. strengthen co-ordination and cooperation mechanisms between the different business, governance and control areas of the Bank and the Group, with the aim of sharing the main company choices;

3. launching and verifying the most important initiatives in relation to the Group’s objectives and verifying the extent to which they have been achieved, as well as implementing the transactions approved by the Board of Directors with particular reference to those of the greatest strategic importance.

Credit Committee Collegial body with a decision-making, advisory, investigative and informative role and the following principal powers: 1. take decisions on credit-related matters, within the limits of its remit and the terms defined by

the Bank’s Credit Authorisation Regulations; 2. pass resolutions on extraordinary transactions with customers and subsidised finance ; 3. express prior opinions on consistency with Group lending policy: 4. receive periodic reports on the resolutions passed and opinions expressed by the various units

of the Bank. ALCO Committee Collegial body with a decision-making, advisory, investigative and informative role; its principal powers concern the approval of transactions involving funding instruments (Institutional and


Retail), the management of intragroup liquidity, transactions on assets eligible as collateral and those linked to the management of interest rate risk. Finance Committee Collegial body with a decision-making, advisory, investigative and informative role; its principal powers concern approval powers over portfolios with its remit, the procedures for and timing of the performance of transactions involving funding instruments (Institutional and Retail) and transactions on assets eligible as collateral within the scope of the limits set by the ALCO Committee. Risk Management Committee Collegial body with a decision-making, advisory, investigative and informative role that provides for two sessions with the following approval powers: 1. Risk Management Session: to approve the operational early warning thresholds associated

with indicators monitoring the various types of risk, authorise any breaches that may occur and decide on the measures to be taken and on corrective actions and guidance in the context of the Risk Appetite Framework;

2. Operational Risk Sessions: to assign activities to the various units of the Bank for the reduction of operational problems that have arisen and monitor their progress.

Products Committee Collegial body with a decision-making, advisory, investigative and informative role; its principal powers concern passing resolutions for the creation and distribution of new products, the diversification of distribution channels and changes to and/or the suspension of the distribution of existing products. Real Estate Collateral Enhancement Committee Collegial body with a decision-making, advisory, investigative and informative role that provides for two sessions with the following approval powers: 1. Investments session: analyse and select real estate used as collateral for the bad loan positions

of UBI Banca and Banks of the UBI Group, to be offered to Kedomus S.r.l. for subsequent intervention in auctions;

2. Monitoring session: view the outcomes of the auctions in which the Bank took part and the progress of the sales.

Investment Banking Committee; Collegial body with a decision-making, advisory, investigative and informative role; its principal powers concern passing resolutions related to Investment Banking and monitoring the performance of the portfolios within its remit and the degree of exposure to market and counterparty risk. Data Governance Committee Collegial body with a decision-making, advisory, investigative and informative role, mainly responsible for monitoring the state of progress of Data Governance Programme project activities.


11 INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM Introduction During the year the Board of Directors, assisted by its internal committees for the areas in which they operate, and under the supervision of the Management Control Committee and the control functions, assessed the adequacy, completeness, functionality and reliability of the organisational, administrative and accounting structure of the Issuer and its strategic subsidiaries, with particular reference to the internal control and risk management system, including those that may become relevant in relation to the medium to long-term sustainability of the activities of UBI Group. The Board of Directors6, with the support of the Risk Committee7, evaluates the adequacy of the internal control system on the basis of reports made by Internal Audit, which also take into account the assessments made by the other Corporate Control Functions. Internal controls The UBI Banca Group, in compliance with Bank of Italy provisions and in line with the principles required by the Corporate Governance Code and the Articles of Association, defines its internal control system as the set of rules, procedures and organisational units designed, in accordance with sound and prudent management, to ensure the achievement of the following aims: • verifying that company strategies and policies are implemented; • containment of risk within the limits set in the reference framework for determining the risk

appetite of the Bank (Risk Appetite Framework - RAF); • safeguarding the value of assets and protecting against losses; • effectiveness and efficiency of company processes; • reliability and security of company records and IT procedures; • preventing the risk of the Bank being involved, even involuntarily, in illicit activities (with

particular reference to those associated with money laundering, usury and the financing of terrorism);

• compliance of operations with the law and supervisory regulations and also with internal policies, regulations and procedures (Bank of Italy Circular No. 285 of 17th December 2013: Title IV, Chapter 3 “The system of internal controls”, Section I, Par. 6 “General Principles”).

The process of defining and managing the internal control system and verifying its completeness, adequacy, functionality (in terms of efficiency and effectiveness) and reliability form part of the responsibilities of the corporate bodies which fulfil strategic supervision, control and management functions, supported by the control functions. In order to accomplish this, the Board of Directors8 makes use of the Risk Committee9 which it forms directly itself (the composition, powers and functioning of the Risk Committee have already been examined in this report in the section specifically on internal board committees). UBI Banca Group Internal Control System Policy In the context of the amendments required by the Supervisory Regulations for banks concerning the “Internal Control System” (Bank of Italy Circular No. 285 of 17th December 2013, Title IV, Chapter 3 “The Internal Control System”), the Board of Directors has adopted, with effect from 12th April 2019, an update of the “UBI Banca Group Internal Control System Policy” (updated from the version approved in November 2017) which is the reference document for the definition and implementation of all the components of the Group’s internal control system.

In particular, the UBI Banca Group Internal Control System policy: • is essential knowledge for the corporate bodies, making them fully aware of the current position

of the Bank; • ensures effective management of corporate risks and the relationships between them; • guides changes in the Bank’s strategies and policies;

6The Supervisory Board in the previous two-tier system of governance. 7 The Internal Control Committee in the previous two-tier system of governance. 8The Supervisory Board in the previous two-tier system of governance. 9 The Internal Control Committee and Risk Committee in the previous two-tier system of governance.


• makes it possible to adapt the organisational context in which the Group operates in a consistent manner;

• oversees the functionality of management systems and compliance with prudential supervision obligations;

• promotes the development of a positive culture in relation to risk, legality and corporate values.

In the light of these statements, it follows that the UBI Banca Group Internal Control System: • is of strategic importance and, more generally, that the “control culture” has widespread

approval, with a prominent position in the UBI Group’s hierarchy of values, and does not concern solely the corporate control functions, but also the entire business organisation of the Bank and the UBI Group member companies (e.g. corporate bodies, units, management hierarchy and staff);

• represents a key part of the corporate governance system of the Bank and UBI Group member companies and assumes a role of fundamental importance in the identification, mitigation and management of significant risks, contributing to the protection of shareholders' investments and the assets of the entire UBI Group as well as protecting its customers and the integrity of the markets in which it operates.

The guiding principles of UBI Banca Group’s internal control system are characterised by a scope of application that extends to all Group member companies. They are key to the definition and implementation of all the components of the internal control system. In this context the application of the internal control system by all the Group member companies is an important factor enabling the achievement of a single business model.

The principles described accordingly highlight the importance of: • an integrated vision designed to achieve high levels of effectiveness and efficiency, at the same

time avoiding overlaps and/or potential gaps in governance control, risk management and the valuation processes and methods used for corporate activities, including those used for accounting purposes;

• consistency in the organisational process of the Bank and the Group which, based on the Group’s mission, identifies values, defines objectives, immediately pinpoints risks that hinder their achievement and implements appropriate corrective measures;

• compliance with the general organisational principles that ensure the formalisation of the functions assigned to staff, the unambiguous identification of tasks and responsibilities and the separation of the operating and control functions for the prevention of conflicts of interest;

• compliance with legislation and regulations, even before they become compulsory, as a distinguishing feature and key factor of success for enhancing customer relations and, ultimately, creating value for all stakeholders;

• reinforcement of the capacity of the Bank to manage corporate risk in compliance with the RAF, ensuring sound and prudent management and financial stability.

With reference to the implementation of the internal control system, it should be noted that control activity is not the exclusive responsibility of the corporate control functions or bodies, but involves the entire business organisation (bodies, units, management hierarchy and staff) in developing and applying logical and systematic methods to identify, measure, communicate and manage the intrinsic risks of transactions, according to their different levels of responsibility.

Given the above, the internal control system of the Group is divided, in compliance with the provisions of the supervisory instructions, into the following levels of control: • line controls (“first level controls”): designed to ensure the proper performance of operations.

These controls are carried out by the operating units themselves (e.g. hierarchical, systematic and sample controls), and may also be carried out by units with control duties only who report to the managers responsible for the operating units (or they are carried out as part of back office activities) and, where possible, they are incorporated into IT procedures. With this approach the operating units are the first with responsibility in the risk management process, indeed, in the course of day-to-day operations these units are called upon to identify, measure or evaluate, monitor, mitigate and report the risks resulting from ordinary business activities in accordance with the risk management process. These units also have to comply with the operating limits assigned to them in accordance with the risk targets and the procedures that constitute the risk management process; Line controls consist of first line controls (controls implemented by the organisational units performing the operating activities) and second line controls (controls implemented by units/roles other than those responsible for first line controls);


• risk and compliance controls (second level controls): designed to ensure compliance with the operating limits assigned to the various functions, the correct implementation of the risk management process and the compliance of business operations with regulations, including self-regulation. In compliance with regulatory requirements, the functions responsible for second level controls are separate from the operational functions. In detail these functions are: o the risk control function (Risk Management); o the regulatory compliance function (Compliance); o other corporate control functions (Anti-Money Laundering functions and Validation functions). The second level control activities are also similar to those of the Senior Officer Responsible for the preparation of corporate accounting documents.

• internal audit (third level controls) - assigned to the Internal Audit Function: designed to identify violations of the procedures and regulations and periodically evaluate the completeness, adequacy, functionality (in terms of efficiency and effectiveness) and reliability of the internal control system and IT system (ICT audit), with a frequency set on the basis of the nature and intensity of risks.

Adequate reporting is provided to the Board of Directors on current and future exposure to risk which also includes a special progress chart providing information on actions requested by the Governing Bodies and the control functions, with the relative deadlines set by the Board also on the basis of recommendations made by the Management Control Committee or by the aforementioned control functions that is useful, amongst other things, for monitoring and assessing the system of internal controls. With specific reference to second level corporate control functions, the current organisation chart includes the presence of a Chief Risk Officer (CRO), a Chief Compliance Office (CCoO) and an Anti-Money Laundering Manager (role assigned to the Head of the Anti-Financial Crime Area) with hierarchical reporting to the Chief Executive Officer and functional reporting to the Board of Directors. The Credit Risk Management Unit, Capital & Liquidity Risk Management Unit, Risk Governance Unit and Internal Validation Unit report to the Chief Risk Officer (CRO), a position held by Dott. Mauro Senati. The Risk Governance Unit also oversees the Data Risk Management Service, a direct report to the Area, as a specific unit to manage data governance under the CRO). With effect from 1st July 2019, the competent bodies have approved the organisational changes to the units assigned to the Chief Compliance Officer, a position held by Dott. Roberto Rovere since 1st January 2019, which involve the following actions: • the formation of a new Products & Selling Processes Compliance Area, by reallocating the

activities carried out by Banking Services Compliance (renamed Banking Compliance ), Investment & Financial Services Compliance and Controls Compliance. These actions are intended to ensure the oversight of the risks of inappropriate conduct towards customers and mis-selling, ensuring oversight of product development and sales processes, from both the ex ante and the ex post point of view. In order to increase the specialisation of activities and a more effective and timely business response, the following functions have also been created: the Lending Products Compliance, Commercial Banking Compliance reporting to the Banking Compliance Service and also the Financial Markets Compliance and Investor Protection Compliance reporting to the Investment & Financial Services Compliance Service;

• the formation of a new Governance, Methodologies & Support Compliance Area, with the establishment within this Area of the Governance & 231 Service and the Support Compliance Service, thus ensuring a greater focus on their respective activities. The Methodologies, Monitoring & Reporting Service has at the same time been renamed the Methodologies & Reporting Compliance Service and been reallocated to report to this area. There are also two new functions reporting to the Governance & 231 Compliance Service, the Governance Compliance Function and the 231 & Contracts Compliance Function;

• the formation of a new DPO & ICT Compliance Area, to which both the Data Protection Office and the ICT Operations Compliance Service (at the same time renamed ICT Compliance) report, with the objective of improving co-ordination between their respective areas of operations. The new Analytics Compliance Function that has also been created also reports to the Area, in order to make compliance risk oversight more effective, through the development of Key Risk Indicators and big data analytics tools.

Also with reference to organisational structure, with effect from 1st November 2019, the competent bodies have approved the organisational changes related to the management of money-laundering risk, intended to implement the new AML operating model, improve oversight of financial sanctions


in accordance with Italian best practices and optimise the activities carried out by the Investigations Service. More specifically, this new structure, which is coming into action gradually at the same time as the implementation of the new model, includes: • renaming of the Anti-Money Laundering & Investigations Area as the Anti-Financial Crime Area,

which continues to report to the Group Anti Money-Laundering Officer, a position held by Dott. Alberto Armani;

• formation, reporting to the Area, of a new Anti-Financial Crime Governance Service with responsibilities that cut across the Area’s key processes, divided into three new functions: the Anti-Financial Crime Reporting & Operations Function, the Anti-Financial Crime Controls & Monitoring Function and the Anti-Financial Crime Measures & Analytics Function;

• formation, reporting to the Area, of the new Financial Sanctions Prevention Service, focused on the oversight of risks associated with sanctions and embargoes;

• formation of two new units reporting to the current Anti-Money Laundering Service: i) Anti-Money Laundering Regulation & Advisory Function, which supports the manager of the AML function in guaranteeing regulatory compliance for the entire Group and ii) the Customer Due Diligence Supervision Function, which supports enhanced customer due diligence (high risk customers of UBI Banca and IWB) at both the onboarding and review stages, consistent with the new AML operating model;

• formation of two new units reporting to the current Investigations Service: the Investigating Crime Function and the Seizures & Other Investigations Function, intended to improve the focus and effectiveness of the activities it already oversaw.

The roles and units mentioned are assigned the following functions with respect to the General regulations of the Bank: • The Chief Risk Officer: is responsible for implementation of governance policies and the risk

management system, performing the control function and providing the corporate bodies with an overview of the various risks (credit, market, operational, liquidity, reputational etc.). He co-ordinates the process of defining and managing the Risk Appetite Framework (RAF) in order to ensure that the risk appetite reported in the RAF and the risk-taking policies and procedures adopted by the Group are consistent with the prudent person approach. Again with regard to the process of defining and managing the RAF, amongst other things he proposes the risk capacity and risk tolerance levels and also validates the risk appetite proposed by the Chief Financial Officer in order to ensure that they are consistent with the RAF and with adequate levels of prudence within current and future risk targets. He proposes the allocation of internal capital by type of risk, consistently with the process of assessing internal capital. Together with the Chief Financial Officer, he proposes the risk appetite, with a view to its subsequent approval by the governing bodies, and verifies with the Chief Financial Officer that the risk appetite is consistent with corporate requirements and with the expectations of the Supervisory Authorities. He also co-ordinates the preparation of the risk appetite document. He also proposes the risk limits and co-ordinates the consolidation process for the risk appetite document for purposes including the internal authorisation procedure, while also verifying the overall adequacy of the RAF. As part of the process for drawing up and monitoring the NPL Strategy, he assesses the consistency of the NPL Strategy against the RAF risk appetite indicators and the policies that relate to the Strategy and the internal process for valuing capital adequacy (ICAAP). He ensures the measurement and control of the Group’s exposure to different types of risk. In this respect he ensures the supervision and implementation of activities concerning risk management, partly by means of activities carried out by its own units. He supports the governing bodies and senior management in the creation and maintenance of an effective and efficient Internal Control System and the formulation of risk and limits management policy proposals. He provides independent information to the Board of Directors10, partly by attending meetings of the Board and the Risk Committee11, by sending reports and intervening directly; He is responsible for defining the non-viability risk management framework associated with the Group Recovery Plan and updating the Resolution Plan, monitors the relevant indicators for which he is responsible and, to the extent of his responsibility, may initiate a process of escalation to the corporate bodies responsible for managing the recovery process. In this context, he works with the Chief Financial Officer and the relevant corporate bodies, to draw up/update the Recovery plan, proposing possible changes and updates on at

10The Supervisory Board in the previous two-tier system of governance. 11 The Internal Control Committee and Risk Committee in the previous two-tier system of governance.


least an annual basis and notifying the parties responsible. In the context of the planning process, he is responsible for producing forward estimates of expected loss by customer segment to support loan loss and capital allocation projections, forward estimates of capital requirements and indicators of individual company and consolidated structural balance and liquidity ratios and the verification of their adequacy in relation to the risk appetite and the Group policies and procedures for the assumption of credit risk. He is also responsible for forecasting estimates for the elements for which he is responsible and for validating the discretional aspects of the strategic planning process on the basis of the definitions contained in the relevant internal regulations. He supervises and co-ordinates the regulatory stress tests set by the Supervisory Authorities. He supervises the process for evaluating capital adequacy in relation to the risks taken (ICAAP), the public disclosure process, the process for evaluating liquidity adequacy (ILAAP) and in general the risk evaluation process for the purposes of the Supervisory Review and Evaluation Process (SREP) used by the Supervisory Authority. Oversight is ensured while taking account of current prudential rules, as well as strategy guidelines, the business model, the complexity of operations, and the ability to raise funds. He is responsible for providing prior opinions on the compliance of transactions of major significance with the RAF and carrying out second level verifications of credit exposures. he establishes a credit activities function framework, in line with the regulatory provisions issued by the Supervisory Authorities. He is responsible for the development, validation and maintenance of the risk measurement and control systems, supervises the Group credit rating process and co-ordinates the units involved in the overall data entry and data quality process. In relation to the IFRS 9 financial reporting standard, he is responsible for defining, developing and maintaining stage allocation models and motors in the context of assets, for calculating Expected Credit Loss and for developing and maintaining choices of methodology for the benchmark text for the accounting classification of financial assets. He develops and maintains internal operational models for analysing creditworthiness and associated assessments used to support the business. In the framework of the overall risk management process, he ensures oversight of the second level controls connected with data quality that fall within its remit and holds the position of Process Owner for the risk measurement systems. He is responsible for defining and applying the IT risk analysis methodology together with the related process of evaluation and data processing. He is involved in defining policies and processes for the valuation of properties provided as guarantee for exposures and provides a prior opinion on the reliability of any internal standards for the valuation of properties. He is involved in defining policies and processes for write-downs and the granting of forbearance measures; in this context he issues an opinion in order to check compliance with the rules set by the UBI Group for proposals relating to the granting, changing or confirmation of the amount of provisions and the granting of a second or subsequent long-term forbearance measure. He identifies portfolios that are potentially subject to transfer on the basis of optimisation and consistency with the RAF and capital position of the Group. He works alongside and co-ordinates with the other control functions for the purpose of developing a shared view on operational and methodological aspects and the actions to be taken if significant or critical events occur in order to identify possible synergies and avoid potential overlaps and duplications of activity. He contributes to the spread and development of an internal control culture within the Group. He also helps to ensure compliance with the relevant regulatory recommendations, overseeing them in a structured and precise manner on the basis of consolidated procedures and shared compliance methodologies. He participates in the process of defining remuneration and incentive policies and the relative regulations to implement them with the objective of containing the long and short-term risk of each legal entity and the Group overall. The Chief Risk Officer, under the overall supervision of senior management and within the fields for which he has specific responsibility, performs the co-ordination function for Group member companies. For the benefit of the Board of Directors, the Management Control Committee12 and Senior Management, the Chief Risk Officer provides an integrated outline of risks considered significant that, identified by the second level control functions responsible for monitoring them and provided using an integrated reporting tool - the SREP Dashboard - in the context of the report’s broader purpose of representing a self-assessment of the situation of UBI Group in relation to the recommendations of the European Banking Authority (EBA) guidelines on the “Supervisory Review and Evaluation Process” (SREP) and those in the annual “SREP Decisions” on the UBI Group.

12The Supervisory Board and Management Board respectively, in the previous two-tier system of governance.


The SREP Dashboard is also a tool for summarising co-ordination activities amongst the second level control functions.

• Chief Compliance Officer: he is responsible for circulating the directives provided for in the “UBI Banca Group Policies for the management of compliance risk” issued by the Board of Directors13 of the Parent, overseeing their implementation and reporting on this to those same bodies. 14He is the compliance processes owner and ensures that compliance risk is managed efficiently and effectively, in accordance with a risk-based approach, verifying for that purpose that processes, internal procedures and the entire organisational and regulatory system and the IT infrastructure for monitoring all operations are consistent with the objective of preventing the violation of any regulation applicable to the Bank and the Group member companies, whether they are of a generic external or a self-regulatory nature. Within these areas of responsibility he communicates independently with the management and supervisory bodies by sending reports and intervening directly, as appropriate. He uses unified control to ensure oversight of compliance risk, by supervising and managing operating activities associated with the performance of compliance processes, running across the Bank and the Group, supervising their methodological aspects, the adequacy of the contents, the performance of the checks for which he is responsible, also assisted for that purpose by the assistance of the specialist skills available there (legal, organisational, risk management, technological, human resources, Internal Audit Function etc.) as well as the contributions of the various roles specified in the compliance model. He centralises for oversight purposes the analysis of potential non-compliance reports: i) received from the operating units of the Bank; ii) reported by the other second and third level control functions; iii) identified using the checks for which he is responsible (e.g. tests for effectiveness, analyses of complaints received); he monitors measures taken to resolve the non-compliances detected. He works alongside and co-ordinates with the other control functions for the purpose of sharing operational and methodological aspects and the actions to be taken if significant and/or critical events occur, in accordance with the areas of responsibility assigned to them, in order to identify possible synergies and avoid potential overlaps and duplications of activity. To achieve this, he manages the structural exchange of information flows with the other control functions to ensure that their specific responsibilities are properly performed, in accordance with the rules set out in the model of the internal control system adopted by the UBI Group, and co-ordinates with them about methodological aspects in order to ensure the consistency of the risk assessments performed and also for the annual activity plan. He employs a preventive approach to ensure substantial compliance with regulations by corporate processes and therefore appropriate conduct by all personnel, ensuring that the interests of clients and investors are protected and it co-operates in the policy to establish relations of trust with all stakeholders. With this in view he co-operates in activities to train staff on the measures applicable to the activities they perform, in order to promote a corporate culture based on principles of risk culture, and principles of integrity and professional ethics. He performs a policy-setting, co-ordination and control role for the subsidiaries, forming direct relationships with local compliance managers and contacts, where present, and with their General Management teams. He operates as a service provider to the subsidiaries of the Group that have conferred the appropriate powers upon it, ensuring the oversight of risk and non-compliance with regulations. He sends the other control functions details relevant to the quantification of operational, IT and reputational risks resulting from non-compliance and/or attributable to misconduct.

• Anti-Financial Crime: he is the manager responsible for the Anti Money-Laundering Function of the Parent and the Group. He monitors activities to combat money laundering and the finance of terrorism, consistent with the responsibilities defined in the “Group policy and organisational regulations on combating money laundering and the finance of terrorism”. He monitors the risk of non-compliance with the rules adopted by the Group for issues relating to financial sanctions, adjusting this to the relevant regulations and guidelines. Within these areas of responsibility he communicates independently with the management and supervisory bodies by sending reports and intervening directly, as appropriate. He deals with requests made by the investigating authorities in relation to investigations and seizures due to criminal proceedings and preventative measures imposed on customers. He also co-ordinates contributions to the Fondo Unico di Giustizia (Single Justice Fund) for the companies for which he operates as a service provider. Within the scope of his responsibilities, he ensures that the regulatory and operational system of the Parent and the subsidiaries for which he operates as a service provider are in

13 Consiglio di Sorveglianza con il previgente sistema di Governance dualistico. 14The Supervisory Board in the previous two-tier system of governance.


compliance with current regulations and performs planning and advisory activities concerning the application of regulations at Group level. He contributes, within the scope of his remit, to the implementation of policies and the risk management process. He works alongside and co-ordinates with the other control functions for the purpose of developing a shared view on operational and methodological aspects and the actions to be taken if significant or critical events occur in order to identify possible synergies and avoid potential overlaps and duplications of activity. The Manager of the Anti-Financial Crime Area, within the fields for which he has specific responsibility, performs the co-ordination function for Group member companies.

Internal auditing (third level), which is performed by the Internal Audit Function detailed in sub-section 15.2 below, serves to make an independent assessment intended on the one hand to check, with a view to third level checks, including on-site inspections, that its functioning and changes in risks are in accordance with the rules, and on the other to evaluate the completeness, adequacy, functionality and reliability of the organisational structure and the other components of the internal control system, reporting to the governing bodies on potential improvements that could be made, with particular reference to risk management policies and tools for risk measurement and control. More specifically, the Internal Audit Function audits the completeness, adequacy, functionality (in terms of efficiency and effectiveness) and reliability of the Group’s internal control system, while also taking into account information provided by the other control functions, and also verifies its performance and changes in risks, identifying the actions required to improve the system concerned and proposing them to the administrative and auditing bodies, with particular reference to the Risk Appetite Framework, the risk management process and the relative systems of measurement and control. To achieve this, it carries out independent assessments on the basis of a specific activity plan, using methods, operating procedures and predetermined tools. Within the fields for which it has specific responsibility, it performs the co-ordination function for Group member companies that have their own internal audit functions. It verifies the compliance of activities carried out as part of the internal audit mandate in order to identify any need for updating and ensure that, through the Quality Assurance and Improvement Programme, it is consistent with international professional standards. It ensures the preparation of periodic summary information statements to be provided to the corporate bodies with regard to the main managerial features of the Function, the control activities performed, the monitoring of the findings and the progress of mitigation action. It provides periodic information statements concerning the co-ordination of the control functions; this activity is, amongst other things, intended to promote more structured and systematic co-operation between them and with the corporate bodies, by sharing operational and methodological aspects and the actions to be taken if significant and/or critical events occur. It is the body responsible for the internal reporting systems for whistleblowing for UBI Banca and the UBI Group companies that have granted a specific mandate for this.

The “principal characteristics of the risk and internal control management systems in relation to financial reporting” pursuant to Art. 123 bis paragraph 2, letter b) of the Consolidated Finance Law are illustrated in attachment 2 to this report. Regulations for the Risk Appetite Framework of the UBI Banca Group Again as part of the changes required by Supervisory regulations for banks on the question of the “internal control system” (Bank of Italy Circular No. 285 of 17th December 2013: Title IV, Chapter 3 “The system of internal controls”), the Board of Directors approved, with effect from 12th April 2019 (updated from the first version approved in July 2014), the “Regulations for the Risk Appetite Framework of the UBI Banca Group” which define the principles and rules of the process for the management of the Risk Appetite Framework, describing, on the basis of a management model consistent with the operations and complexity of the UBI Group and developed in observance of the principle of proportionality defined on the basis of the size of the exposure and the materiality of the risks: - The main elements of the Risk Appetite Framework; - the main roles and responsibilities assigned to the main macro units involved in activities to

define, implement and monitor the RAF; - the RAF formation and approval macro processes, consistent with the strategic plan, the Group

budget and with the definition of monitoring, reporting and internal audit objectives; - the main reporting lines between the Group units involved.


In relation to the Risk Appetite framework, the UBI Group has adopted a risk management framework consistent with definition of Group regulations and strategies which have developed over the years consistent in turn with developments in the regulatory framework. The main parts of the current framework regard the following: - definition of the risk appetite (Risk Appetite Statement - RAS); - definition of risk management policies; - interpretation and management of the RAF in UBI Group companies; - definition of the risk monitoring and reporting framework.

Group Policy and Regulation on internal systems for reporting violations (whistleblowing) The Group has a Group policy and Regulations on internal systems for reporting violations (whistleblowing), intended to provide the senior officers and other staff of Group member companies with guidelines to them to follow when they report actions and facts during the performance of their professional duties which may constitute the following: a violation of regulations governing banking or financial activities, inclusive of the relative connected and service activities; significant unlawful conduct in accordance with regulations governing the corporate liability of entities; violations of the Organisation and Management Model of the company to which they belong; and violations of anti-money laundering regulations. This is with a view to contributing to the uncovering and prevention of risks and situations harmful to the companies to which they belong and, as a consequence, it is in the interests of the entire UBI Group and, more generally, all its stakeholders, making it possible to take effective action in this regard. Reports by Senior Company Officers and staff are facilitated and incentivised through the adoption by the UBI Group of measures which guarantee the reserved and confidential nature of the information given, the protection of the personal data of the person making the report and of the person reported and the protection of the whistleblower from being the victim of possible retaliatory, discriminatory or in any case unfair treatment as a consequence of making the report. With effect from 12th April 2019 the competent bodies have approved the update to the Policy and Regulations which has become necessary following the adoption of the new one-tier model of governance.

11.1 Director with responsibility for the internal control and risk management system The Board of Directors, with effect from 16th April 2019, in compliance with the provisions of the Articles of Association and without prejudice to the powers of the board itself, confirmed Chief Executive Officer Victor Massiah in the role of Director with responsibility for the internal control and risk management system, which he had already held in the previous mandate of the board, thus granting him the power, in relation to internal control, to ensure that the structure of the internal control and risk management system is adequate for the nature and dimensions of the Bank and that it puts initiatives in place and carries out actions needed to ensure the continuous reliability of those systems. The Director with responsibility reports to the Board of Directors and the Management Control Committee on at least a quarterly basis in relation to the structure of the control system and the initiatives and actions implemented to ensure the continuous reliability of those systems, except for cases of particular urgency when the he reports without delay. 11.2 Chief of the Internal Audit Function The mission of the Internal Audit is set out in the “Audit Mandate”, a document that, in compliance with the provisions of the International Standards for the Professional Practice of Internal Auditing, formalises internal auditing activities and clarifies their spheres of competence, tasks, independence, authority, responsibilities and interactions with other corporate functions as well as defining the procedures for the periodic approval and revision of the Mandate itself by the Board of Directors.


The Chief Audit Executive, a position held by Dott. Stefano Maria Tortelotti, is appointed by the Board of Directors15, to which he reports hierarchically. He reports functionally to the Management Control Committee with which he communicates without restrictions or intermediaries, and has direct access to all the information required to carry out his work and has no responsibility for any operational unit. In September 2018 the Quality certification awarded to the Internal Audit Function was renewed by a leading consulting firm. In particular, on conclusion of the effective application of the External Quality Assessment Review of the Internal Audit - performed in order to verify the effective application of organisational design of internal audit activities and the procedures defined for carrying these out with professional internal auditing practice standards and the Ethical Code of the Profession - the consulting firm expressed the opinion that it was “generally compliant”, which is the highest level of opinion available on the scale of values applied. In application of the Supervisory Regulations with regard to the remuneration and incentive policies and practices of banks and banking groups, the Remuneration Committee has provided recommendations and advice with regard to the remuneration of the Chief of the Internal Audit Function and directly oversees the correct application of the rules relating to his remuneration, in close co-operation with the Management Control Committee. In compliance with supervisory regulations and the Articles of Association, the Board of Directors16 also verifies that the Chief Audit Executive has adequate resources to fulfil his duties. The Internal Audit Function conducts auditing activities on UBI Banca and on subsidiaries which have delegated internal auditing to the Bank, and more generally on all the companies in the group as the Parent. The Internal Audit Function acts on a third level basis, providing an opinion that is independent from the second level operational and control stage, concerning the overall reliability and effectiveness of the internal control and risk management system, and also considers the ability of that system to identify errors and irregularities. Using a process-oriented and risk-driven approach, the Internal Audit defines control priorities and draws up the audit activity plan on the basis, amongst other things, of the most significant changes affecting the operating environment of the Bank. The activities plan is submitted annually to the Management and Control bodies of the subsidiaries and, at a consolidated level, by the Management and Control bodies of the Parent. To perform the activities provided for in this plan the Internal Audit Function makes use of internal resources and also of outside consultants for work of an extraordinary nature, whose work has also been guaranteed for 2019 by the allocation of a specific budget. The performance of the various audit activities makes it possible to appraise the capacity of the first and second level specialist control units to supervise risks in an adequate manner, and thereby makes it possible to evaluate the principal corporate processes, in part with a view to contributing to an increase in the degree of reliability and, as a consequence, the overall internal control system. During the year, in compliance with the policies set and the relative regulations, the Internal Audit Function carried out activities focused on verifying the proper functioning of risks and changes in them and assessing the general functioning of the UBI Group internal control system reporting to corporate bodies and to senior management on potential improvements that could be made to risk management policies and to measurement instruments and procedures. In addition to the specific report submitted following the conclusion of the analysis to senior management and, as applicable, the Audit Contact of the company concerned, the results of auditing activities have been the object of regular reports to the Boards of Directors and Boards of Statutory Auditors of the subsidiaries, presented on a cumulative basis to the governing and control bodies of the Parent. This reporting also provides a summary of the main situations that have emerged from the audit activities and the state of the findings and the related mitigation actions, as well as evidence of the monitoring of the actions carried out by the Internal Audit Function to remedy them. 15 The Supervisory Board in the previous two-tier system of governance. 16 Consiglio di Sorveglianza con il previgente sistema di Governance dualistico.


In the event of particularly significant circumstances appropriate information is immediately provided and sent to the Management and Supervisory bodies and the Board Member responsible for the internal control system. 11.3 Model of Organisation, Management and Control pursuant to Legislative Decree

No. No. 231/2001 UBI Banca has adopted its own “Model of Organisation, Management and Control” (hereinafter the “231/01 Model”), which complies with Legislative Decree No. 231/2001 and the relative legislation and regulations that apply and is based on principles that are already rooted in its governance culture and on the recommendations contained in the guidelines of the major trade and professional associations. The Model 231/01 consists of the following documents: - The “UBI Banca Spa Model of Organisation, Management and Control pursuant to

Legislative Decree No. 231/2001” is divided into two parts and it contains: o in the general part a description of: the legislative framework; the nature of the company (system of governance and organisational structure of UBI

Banca); the structure of the 231 Model of Organisation, Management and Control of UBI Banca; identification and appointment of the supervisory body of UBI Banca, with specification of

the relative powers, tasks and reporting systems; the functioning of the disciplinary system and the relative penalties; the training and communication plan to be adopted to ensure that people have a knowledge

of the measures and regulations of Model 231/2001; o in the special part, a description of: the types of crime (and corporate offences) that are important for the purposes of the

corporate liability of entities which the Bank had decided to take into consideration in view of the nature of its business; sensitive processes/activities and the relative control procedures.

The types of violations (crimes and administrative violations) covered by the special part of the UBI Banca Model are as follows: - crimes against public administrations (referred to in articles 24 and 25 of Legislative

Decree No. 231/2001); - computer crime (referred to in Art. 24-bis of Legislative Decree No. 231/2001); - organised crime (referred to in Art. 24-ter of Legislative Decree No. 231/2001); - crimes against public trust (referred to in Art. 25-bis of Legislative Decree No. 231/2001); - crimes against industry and commerce (referred to in Art. 25-bis.1 of Legislative Decree

No. 231/2001); - corporate crimes (referred to in Art. 25-ter of Legislative Decree No. 231/2001); - crimes of terrorism and subversion of democratic law (referred to in Art. 25-quater of

Legislative Decree No. 231/2001); - crimes concerning customs of mutilation of female genital organs (referred to in Art. 25-

quater.1 of Legislative Decree No. 231/2001); - crimes against the person of the individual (mentioned in Art. 25-quinquies of Legislative

Decree No. 231/2001); - administrative offences concerning market abuse (referred to in Art. 25-sexies of the

Legislative Decree No. 231/2001 and Art. 187-quinquies of the Consolidated Finance Law);

- transnational crimes mentioned in Art. 10 of Law No. 146 of 16th March 2006 which “ratifies and executes the United Nations convention and protocols on transnational organised crime, adopted by the General Assembly on 15th November 2000 and 31st May 2001”.

- crimes committed in violation of health and safety regulations at the work place (referred to in Art. 25-septies of Legislative Decree No. 231/2001);

- crimes consisting of the receipt, laundering and use of money, goods or benefits of illicit origin, and also money laundering (referred to in Art. 25-octies of Legislative Decree No. 231/2001);


- crimes concerning copyright (referred to in Art. 25-novies of Legislative Decree No. 231/2001);

- the crime of “inducing persons not to make statements or to make false statements to judicial authorities” (referred to in Art. 25-novies of Legislative Decree No. 231/2001).

- environmental crimes (referred to in Art. 25-undecies of Legislative Decree No. 231/2001);

- the crime of “employing citizens of third party countries whose stay documents are irregular”(referred to in Art. 25-duodecies of Legislative Decree No. 231/2001)

- crimes of racism and xenophobia (referred to in Art. 25-terdecies of Legislative Decree No. 231/2001).

- The UBI Group Code of Ethics, which defines the manner in which UBI Banca and the Group companies intend to pursue their mission and act in dealings with their various stakeholders, basing their management and operating activities on the observance of moral and legal obligations towards society;

- The UBI Banca Code of Conduct, which constitutes UBI Banca’s internal self-disciplinary rulebook, which was drafted on the basis of the Code of Ethics and provides those it regulates with a framework of the principles of behaviour with which to assess concrete situations from time to time and whether decisions to be taken are compliant with ethical principles and with regulations;

- The “UBI Banca Risk Area Identification Matrix” (RAIM), which maps activities that, given the specific contents, are potentially vulnerable to the commission of crimes (and corporate offences) that are significant for the purposes of the possible corporate liability of UBI Banca;

- The UBI Banca Implementation Matrix, which specifies the relationships between the RAIM (Risk Area Identification Matrix) and the specific protocols for implementing the revisions of the 231 Model.

The Model 231/01, as shown above, was adopted by the Board of Directors with effect from 12th April 2019. In addition to the Model 231/01, UBI Banca has adopted the “Regulation governing the Model of Organisation, Management and Control”, which governs the processes, roles and responsibilities of the units involved in the overall management of the Model 231/01. More specifically, in relation to the provisions contained in Model 231/01, the said Regulation is intended to establish:

- the role of the Parent in relation to its subsidiary undertakings, for the purposes of Legislative Decree No. 231/01;

- the process for updating the 231/01 Model, by formulating proposals for amendments for submission to be submitted to the Board of Directors for approval;

- the process for verification of the adequacy of Model 231/01 for the purpose of evaluating its ability to prevent illegal conduct and evaluate the consistency of the actual behaviour within UBI Banca and the provisions of the Model itself;

- the establishment of a standardised and predetermined system for the exchange of information.

In consideration of the Bank’s new governance model, its size and the organisational complexity of its structure, the duties of the Supervisory Body are assigned to a mixed collegial body composed mainly of members external to UBI Banca, who have professional expertise and skills in the banking, finance, economic and risk control areas, amongst others and are able to guarantee autonomy, independence, professionalism and integrity in the performance of the tasks assigned to it. UBI Banca’s Supervisory Body is nominated by a resolution of the Board of Directors and its term of office is three years. On 16th April 2019, on the basis of a proposal from the Management Control Committee and having consulted the Appointments Committee, the Board of Directors appointed the members of the Supervisory Body of UBI Banca, created in accordance with Legislative Decree No. 231/2001. The Supervisory Body of UBI Banca is composed as follows: - Sergio Pivato - external member and Chairman - Luca Troyer - external member


- Roberto Rovere - Chief Compliance Officer of UBI Banca In the process for verifying and updating the Model 231 the Supervisory Body makes use of the second level internal control functions and the Internal Audit function, establishing an efficient, standardised system for dialogue and the exchange of information designed to prevent the risk of senior officers and staff becoming involved in predicate offences for which the institution is responsible. The Supervisory Body reports to Governing Bodies on the adoption and effective implementation of the Model, on the oversight of its functioning and on the supervision of updates to it. It employs two separate lines of reporting to achieve this. The first is on a continuous basis directly to the Chief Executive Officer and the General Manager and the second consists of periodic reporting to the Board of Directors and the Management Control Committee. The Supervisory Body pursuant to Legislative Decree No. 231/2001 has met eight times since the changeover to the new one-tier model of governance. UBI Banca, as the Parent, identifies general principles and informs the subsidiaries of them in order to promote a consistent approach to the prevention of illegal conduct across the Group. An extract of the UBI Banca Model entitled "Summary of the UBI Banca Spa Model of Organisation, Management and Control pursuant to Legislative Decree No. 231/2001” and the Code of Ethics are available on the website of the Bank at https://www.ubibanca.it/pagine/Documenti-societari-IT.aspx.

11.4 Independent Auditors On 30th April 2011, on the basis of a reasoned proposal submitted by the Supervisory Board, and having received a favourable opinion from the Internal Control and Audit Committee, a Shareholders’ Meeting appointed the independent auditors Deloitte & Touche S.p.A., with registered address at 25 Via Tortona, Milan. They have been engaged to perform the statutory audits of the separate company financial statements of UBI Banca and the consolidated financial statements of the UBI Banca Group, to verify that the corporate accounts are properly kept and that operating events are accurately recorded in those accounts, and also to perform a limited audit of the condensed interim consolidated financial statements of the UBI Banca Group for the years running from 2012 until 2020, setting the fees and the criteria for adjusting them during the period of the appointment. Deloitte & Touche S.p.A. is enrolled with the Milan Company Registrar under No 03049560166, Milan R.E.A. (Administrative and Economic Reg.) No 1720239 and is a member of ASSIREVI (Italian association of auditors).

* * *

When the financial statements are approved on 31st December 2020 (the 2021 Shareholders’ Meeting) the engagement of the independent auditors Deloitte & Touche S.p.A. to carry out the external statutory audit for the nine-year period from 2012 to 2020 will come to an end. We also report that EU Regulation 537/2014 has, amongst other things, introduced the concept of a “cooling-in period”, which does not permit the external statutory auditor to perform specific services from the financial year immediately prior to the first year in which it carries out the audit. In relation to the above, the “cooling-in period” for the appointment of an external statutory auditor to be made by UBI Banca for the nine-year period from 2021 to 2029 starts in the 2020 financial year. In order to restrict the “cooling-in period” to the independent auditors who are to be engaged and at the same time ensure an adequate changeover period between the current and new external statutory auditors, it was considered appropriate to bring the appointment of the new external statutory auditor forward, submitting it for the approval of the 2020 Shareholders’ Meeting. The Senior Officer Responsible is also required to make special reports to the Chief Executive Officer, the Board of Directors, the Risk Committee and the Management Control Committee. The periodic reports must allow these bodies and officers to assess the adequacy and effective application of the administrative and accounting procedures of the Group and to verify that the powers and means conferred on this officer are appropriate. It is underlined that, in accordance with Legislative Decree No. 39/2010 and subsequent amendments and in compliance with European Regulation 537/2014, the outgoing firm of independent auditors (Deloitte & Touche S.p.A.) may not be appointed.

https://www.ubibanca.it/pagine/Documenti-societari-IT.aspx

https://www.ubibanca.it/pagine/Documenti-societari-IT.aspx


Again in accordance with the above regulation, the selection procedure for the new auditor has been carried out by the Management Control Committee, in its capacity as the committee responsible for internal controls and auditing of the accounts. On completion of the selection procedure, the Management Control Committee (in compliance with the provisions of the above-mentioned Regulation) identified two possible alternatives for the appointment and expressed a duly reasoned preference for one of the two.

11.5 Senior officer responsible for the preparation of corporate accounting documents

In a meeting held on 30th April 2007, the Management Board appointed dr.ssa Elisabetta Stegher, with the favourable opinion of the Supervisory Board. She is the current Chief Financial Officer and Senior Officer Responsible for the preparation of corporate accounting documents pursuant to Article 154-bis of the Consolidated Finance Law, in possession of the requirements of professionalism required by the Articles of Association which, in addition to the requirements of integrity prescribed by the current regulations in force for persons performing administrative and management functions, also require qualities of professionalism in order to guarantee specific administrative and accounting expertise in the banking, finance, investment or insurance fields. The following responsibilities are conferred on that senior officer; - to certify that market disclosures together with the related financial reports, including interim

reports, are reliably based on the records contained in corporate documents and accounting records;

- to put adequate administrative and accounting procedures in place for the preparation of financial reports and all other financial disclosures;

- to certify – jointly with the Chief Executive Officer, by means of a specific report, attached to the separate financial statements, to the consolidated financial statements and to interim financial reports – the adequacy and effective application in the relative period of the procedures just mentioned and that the disclosures correspond to the records contained in the corporate accounting documents and records and provide a true and fair view of the capital, operating and financial position of UBI Banca and the Group.

The Senior Officer Responsible is also required to make special reports to the Chief Executive Officer, the Board of Directors, the Risk Committee and the Management Control Committee. The periodic reports must allow these bodies and officers to assess the adequacy and effective application of the administrative and accounting procedures of the Group and to verify that the powers and means conferred on this officer are appropriate. The certifications signed by the Chief Executive Officer and the Senior Officer Responsible in accordance with Art. 154 bis of the Consolidated Finance Law are included in the Annual Report (one for the consolidated report and one for the separate company report) and they are disclosed to the public according to the provisions laid down by Consob regulations (Attachment 3c-ter of the Issuers’ Regulations). For the purposes of concrete implementation of the aforementioned legislation, the Senior Officer Responsible must be able to: - gain direct access to all the information needed to produce accounting data. The Officer may

access all sources of corporate information without the need for authorisation; - rely on internal channels of communication which ensure accurate and proper access to

intercompany information; - define her own office and organisational unit independently, with regard to both personnel and

technical means (material resources, hardware, software, etc.); - define the administrative and accounting procedures of the Bank autonomously, also being able

to benefit from the co-operation of all the offices involved in the supply of significant information;

- have powers to propose, evaluate, or veto all “sensitive” procedures within the Bank and the Group;

- participate in board meetings in which matters concerning the functions of the officer are discussed;

- make use of external consultants, where particular requirements of the Bank make this


necessary; - establish reporting systems with other roles responsible for control (independent auditors,

Internal Control Officer, Chief Risk Officer, Compliance Officer, etc.) and reports and information flows which ensure constant mapping of risk and processes and adequate monitoring of the proper functioning of procedures, partly by means of specific co-ordination sessions held with the corporate control functions including operational and methodological issues.

With regard to the provisions introduced by Law No. 262/2005, a System of Administrative and Financial Governance has been created for subsidiaries of UBI Banca which, amongst other things, regulates internal controls for financial reports produced for listed issuers. This “system” provides proper management of the various risks connected with financial reporting and it also confers adequate powers and means on the Senior Officer Responsible through a hierarchical system of certifications. That same certification obligation applies to the executive officers of Group companies subject to full consolidation. Certifications issued by subsidiaries are brought to the attention of the Board of Directors in the meeting that approves the proposed annual or half-yearly financial report and they are sent to the Bank prior to the meeting of the Board of Directors which approves the separate annual report of the Bank and the consolidated annual report or the half-yearly financial report. The System of Administrative and Financial Governance of UBI Group also includes a specific specialist staff unit under the Senior Officer Responsible, for the overall co-ordination of the UBI Group’s activities, and the definition and performance of assessments in support of certifications.

11.6 Co-ordination between those involved in the internal control and risk

management system Within the UBI Banca Group, in compliance with the provisions of the supervisory provisions and in direct continuity with actions taken in the recent past, a model of co-ordination and co-operation between the corporate bodies and the control functions is in operation, divided in relation to the following three components: - processes and methods; - co-ordination tools; - reporting lines. On 9th April 2019 the Supervisory Board, having examined the 2018 Internal Audit report, in accordance with the provisions of criterion 7.C.1 of the code, expressed the opinion that the report was adequate, amongst other things in relation to the co-ordination procedures for all those involved in the internal control and risk management system. The “model of co-ordination” adopted by the Group is completed through the co-ordination provided by the Parent at Group level, in the context of its own management and co-ordination activities. With particular regard to co-ordination tools, that component provides for the definition of tools intended to promote an immediate practicality that are simple to operate and organise so as to promote active co-operation and liaison between the control functions and between them and the corporate bodies, without prejudice to the responsibilities assigned by law and without altering, even in substance, the primary responsibility of the corporate bodies for the internal control system. In particular, the following tools have been defined at Group level: - Co-ordination activities between the control functions; - Integrated progress chart of the Corporate Control Functions, consisting of a Top Issue Report and

a Flash Report; - the Internal Control System Calendar (ICS Calendar); - Managerial committees in the context of the matters within their remit. The co-ordination activities typically include periodic meetings of the chiefs of the corporate control functions and the Senior Officer Responsible and exchanges of information between them, normally on a monthly basis.


At the end of each meeting the Chief Audit Executive provides a memorandum outlining the matters discussed and the subsequent evidence, which is used, amongst other things, to provide a quarterly summary that the Chief Audit Executive presents to the Management Control Committee, in the presence of the Chief Executive Officer, the Chiefs of Corporate Control Functions and the Senior Officer Responsible. In compliance with regulatory requirements, matters discussed at meetings particularly concern the co-ordination of annual inspection programmes (without prejudice to the powers and duties of the respective Control Functions), significant findings resulting from control activities and the monitoring of the state of progress of the related mitigation actions in order to identify possible synergies and to avoid potential overlaps and duplications of activity, while maintaining compliance with the principles of autonomy and independence that characterise the Control Functions. Furthermore, that co-ordination regards, amongst other things, agreement on methodological aspects in order to encourage a common language in terms of the classification of processes, procedures for assessing risks and controls and the scales of importance used. Amongst various tools designed to improve ways of co-ordinating, while also ensuring the diffusion of a shared language for risk management and the structure of risk monitoring, the Corporate Control Functions have an provided an integrated progress chart. It consists of two documents focused on bringing together the most significant findings (the Top Issues Report (TIR) and Flash Report) which provide a summary of all the issues contained in control function reports, which are significant in terms of their impact on the achievement of corporate goals. These impacts (sanction-related, administrative, economic, financial, reputational, etc.) are viewed in terms of their potential, for the purposes of preventing them. The TIR is prepared on the basis of reporting provided by single Control Functions, which remain responsible for the contents proposed, in order to guarantee their autonomy and independence. In this context, the TIR does not replace summary and detailed reports prepared by the respective Control Functions in compliance with the provisions of regulations. It is prepared at least once every six months and sent to the Board of Directors (which examines it with the assistance of the Risk Committee) and the Management Control Committee, at the subsequent board sessions in which the interim financial report and the consolidated annual results are approved. The Flash Report, presented together with the individual reports of the Control Functions, provides evidence of new findings that have arisen since the TIR for the previous period (incoming/outgoing findings). It is prepared at least once every six months and sent to the Board of Directors (which examines it with the assistance of the Risk Committee) and the Management Control Committee, in conjunction with the board sessions in which the interim financial report and the consolidated annual results are approved. These reports are governed by specific documentation describing the roles, timings, procedures and means for their production. The Internal Control System Calendar (ICS Calendar) identifies, in accordance with the diary of meetings of the Governing Bodies, the deadlines for the corporate control functions and the Senior Officer Responsible to hold regular discussions of subjects connected with the internal control system (e.g. the activity plan, periodic reports etc.) Lastly, a series of co-ordination activities connected with the internal control system take place as part of the usual activities of committees with consultative (as applicable within the new governance model), informational and proposal-making roles in the context of the matters within the remit of the Parent and, when they are present, the subsidiaries.

The UBI Banca committees with consultative, informational and proposal-making roles in the context of the matters within their remit are the: - Steering Committee; - Credit Committee; - ALCO Committee; - Finance Committee; - Risk Management Committee - Product Committee; - Real Estate Collateral Enhancement Committee; - Investment Banking Committee; - Data Governance Committee.


12 TRANSACTIONS WITH RELATED PARTIES, CONNECTED

PERSONS AND OTHER SIGNIFICANT PARTIES WITH A POTENTIAL CONFLICT OF INTEREST - INTERESTS OF BOARD MEMBERS AND MANAGEMENT OF PERSONAL TRANSACTIONS

Transactions with related parties, connected persons and other significant parties with a potential conflict of interest The Bank pays particular attention to the issue of potential conflicts of interest due to transactions with related parties, connected persons and other significant parties that are in a position of particular proximity to the decision-making centres of the Bank and the other UBI Group companies. Effective from 2nd November 2018, issues relating to potential conflicts of interest within the UBI Group are governed by the “Single Policy on transactions with Related Parties in accordance with Consob Regulation No. 17221/2010, Connected Persons in accordance with Bank of Italy Supervisory Regulations Circular No. 263, “Identified Staff” of the UBI Group, Significant Parties in accordance with Art. 136 of the Consolidated Banking Law and Other Significant Parties” (the Single Policy) and the related implementing regulation, the “Group Regulation on Related Parties in accordance with Consob Regulation No. 17221/2010, Connected Persons in accordance with Bank of Italy Supervisory Regulations Circular No. 263, “Identified Staff” of the UBI Group, Significant Parties in accordance with Art. 136 of the Consolidated Banking Law and Other Significant Parties” (the Single Regulation). Changes have been made to the above regulations during the year, with effect from 12th April 2019. They are mainly intended to (i) reflect the adoption of the one-tier system of governance and control and (ii) take account of the provisions of the Policy on suitability requirements and criteria for carrying out the duties of the senior officers adopted by UBI Banca in 2019. The Single Policy and Single Regulation establish a unitary set of rules at the level of the UBI Group, which the Bank and other Group companies are required to adopt with regard to transactions with a potential conflict of interest pursuant to the Consob Related Parties Regulation, Art. 2391-bis of the Civil Code, the Regulations concerning risk assets and conflicts of interest with connected persons and the Consolidated Banking Law. In detail: - the Single Policy contains the principles and guidelines applicable to: (i) transactions performed

with parties related to UBI Banca, persons connected to the UBI Group, "Identified Staff" of the Group and significant parties pursuant to Art. 136 of the Consolidated Banking Law, for which the law expressly requires the adoption of strengthened decision-making procedures and specific monitoring actions, as well as (ii) any other transaction which, although it does not directly involve the aforementioned parties, is concluded with parties that may be considered to be connected or associated with, or in any way linked to them and that may thus compromise the impartiality and objectivity of decisions relating to transactions performed at any time, for which the Bank, by way of self-regulation, intends to apply the monitoring and mitigation procedures for potential conflicts of interest referred to under (i);

- the Single Regulation governs issues concerning transactions with the aforementioned parties, relating to investigative and decision making issues and disclosures to the corporate bodies and the market, in accordance with the applicable legislation and regulations.

The Single Policy and Single Regulation have also introduced significant new developments compared to the previous regulations. These include the following: (i) the definition of a single set of procedural rules for monitoring and managing all conflict of interest situations (both actual and potential); (ii) the introduction of a “Single Group Perimeter”, more extensive than is required by the Consob Related Parties Regulation and the Regulations concerning risk assets and conflicts of interest with connected persons, in order to ensure the improved identification, mitigation, management and prevention of conflicts of interest; (iii) the establishment of specific operational limits for particular transactions with some significant parties according to the Single Group


Perimeter; (iv) a specific mapping procedure for significant parties that enables the automatic detection of transactions with a potential conflict of interest. The Single Policy and Single Regulation are published in the Corporate Governance section of UBI Banca's website (www.ubibanca.it). Interests of board members and management of personal transactions Pursuant to Art. 2391 of the Civil Code, the members of the Board of Directors are required to report all interests which, either directly or through third parties, they may have in a determined transaction of the Bank or the Group, stating its nature, terms, origin and extent. The respective Board resolution must adequately motivate the reasons and convenience for the Company of the transaction, subject to any other provision of law or regulation applicable in that regard. UBI Banca has adopted an “internal policy for the management of personal transactions” which provides detailed regulation of obligations concerning personal transactions in financial instruments performed by significant parties, as identified in the legislation mentioned.



13 HANDLING OF CORPORATE INFORMATION In order to ensure the appropriate management of confidential and inside information (as defined in Art. 7 of EU Regulation No. 596/2014 - the MAR), the Bank has adopted the “Group Policy and Regulation for the management and disclosure of inside information” (last updated following a resolution of the Board of Directors on 12th April 2019, in order to implement Consob guidelines on the management of inside information). These regulations include definitions of: (i) measures to be adopted to protect the confidentiality of the information in question; (ii) the roles and responsibilities of each of the units involved in the process of managing relevant and/or inside information; (iii) in compliance with the aforementioned Consob guidelines, the establishment of the relevant information list (register of persons with access to specific relevant information, or relevant information that may at some time and possibly the immediate future become inside information); (iv) the establishment of the insider list (register of persons that have access to inside information pursuant to Art. 18 MAR); (v) procedures for the disclosure of inside information to the public (or the activation of the procedure for delayed disclosure to the public, in accordance with the principles defined by Art. 17 MAR). The Bank will update the “Group Policy and Regulation for the management and disclosure of inside information” to take account of regulatory developments that may occur from time to time, including those of a secondary nature. In line with European market abuse regulations, UBI Banca has insider dealing regulations in place (“Regulations for transactions performed by significant parties and persons closely associated with them”). The regulations govern reporting obligations and the operational restrictions to which board members and the senior management of banks and those who are closely associated with them are subject, in relation to the performance of transactions involving financial instruments quoted on public markets by the Bank (or other related financial instruments). These regulations are available on the Bank’s website, together with any transactions that may have been performed by significant parties (www.ubibanca.it, Corporate Governance/internal dealing section).


14 RELATIONS WITH SHAREHOLDERS UBI Banca pays particular attention to the continuous management of relations with shareholders, institutional investors and the national and international financial community and it guarantees systematic disclosure of reliable, exhaustive and timely information on the UBI Group's activities, results and strategies. The Corporate & Regulatory Affairs Area (Manager Ing. Lorenzo Brambilla di Civesio) for retail shareholders is provided for this purpose, together with the Investor Relations Area (Manager Dott.ssa Laura Ferraris), which is responsible for relations with operators, analysts and institutional investors. Information of significant importance to shareholders and the market in general is also provided in the shareholders and investor relations section of the corporate website of the UBI Group (www.ubibanca.it, Shareholders’ Section, Corporate Governments Section and Investor Relations Section). The Corporate & Regulatory Affairs Area, which reports to the Chief General Counsel, fulfils the corporate obligations of the Bank, including those it has as the Parent, by providing advisory support and assistance for the institutional activities of the governing bodies of the Bank and UBI Group companies and their senior officers. In particular it oversees relations with retail shareholders and co-ordinates preparations for the Shareholders' Meetings of the Bank, managing all the related activities. The Investor Relations Area reports directly to the Chief Executive Officer. It is responsible for interactions with the Italian and foreign financial markets. The UBI Group share is currently followed by 18 brokerage houses (not including companies affected at the end of 2019 by the replacement of the analyst responsible for covering the UBI Banca share). During 2019, 50 price sensitive press releases were issued (and translated into English) and approximately 479 institutional investors (equity and debt) were met in one-on-one or group meetings, for a total of approximately 1,120 contacts over the year, including telephone contacts. Participating in international conferences with public presentations has made it possible to convey information to a wider audience. Representatives of UBI Banca were present at eight international conferences for equity and eight for debt. Fifteen equity and fixed income road shows were proactively organised as well as 52 individual or group meetings and conference calls with investors. Activities for communications and discussions with debt portfolio investors who subscribed to the numerous issues placed successfully throughout 2019 (seven public issues) have been particularly intense and significant over the year, making it possible to reach the expected MREL requirements well ahead of schedule. As concerns the equity market, careful monitoring of performance of the share with the factors contributing to changes in it and constructive dialogues with the specialist operators both continued. As a result of this there were increases in the number of direct contacts with investors and the base of potential shareholders. Attention is drawn to the increased frequency with which investors and analysts send questionnaires on the various ESG issues, and in particular those relating to corporate governance, diversity and the environment, which are having an increasing impact on the policies of asset managers. The Investor Relations Area also manages and supervises the Bank’s corporate website, www.ubibanca.it as a whole, with direct responsibility for the Investor Relations Sections.




15 SHAREHOLDERS’ MEETINGS (pursuant to Art. 123-bis,

paragraph 2, letter c) of the Consolidated Finance Law) Shareholders’ General Meetings, properly convened and constituted, represent the Shareholders as a whole and resolutions of those meetings, passed in compliance with the law and the Articles of Association, are binding on all Shareholders, even if absent or dissenting

Shareholders’ Meetings are either ordinary or extraordinary. Ordinary Shareholders’ Meetings: a) appoint and remove the members of the Board of Directors and determine the remuneration of

the Directors according to the provisions of Art. 23 of the Articles of Association; it appoints the Chairman and the Deputy Chairman of the Board, without prejudice to the provisions of Art. 22.21 of the Articles of Association;

b) appoint and remove the members of the Board of Directors who are members of the Management Control Committee, therein including the Chairman in accordance with the provisions of Art. 22.19 of the Articles of Association, and determine their remuneration;

c) approve: the remuneration and incentive policies for the members of the Board Directors and staff; - the remuneration and/or incentive plans based upon financial instruments; - the criteria for calculating the indemnity to be granted in the case of early termination of the

employment relationship or early cessation from the role, therein including the limits fixed to that remuneration in terms of annual payment of fixed remuneration and the maximum amount deriving from their application;

- on the Board of Directors' proposal, a ratio higher than 1:1 between the variable and fixed component of the individual remuneration of key personnel, in any case no higher than the maximum limit established by the pro tempore laws and regulations in force;

d) resolve on the liability action of members of the Board of Directors; e) at the reasoned proposal of the Management Control Committee, appoint the external

statutory auditors responsible for auditing the accounts and, if necessary, having heard from that Committee, remove or modifies the appointment;

f) approve the financial statements and resolve upon the net income allocation; g) approves and amends the Shareholders' Meeting Regulations; h) resolve upon the other matters attributed by law or by these Articles of Association to its

competence. The Extraordinary Shareholders' Meeting shall resolve on amendments to the Articles of Association, on the appointment, removal, replacement and powers of the liquidators and on any other matter within its purview pursuant to the law. The Shareholders' Meeting meets in all cases provided by law and by these Articles of Association, and is convened by the Board of Directors or by the Management Control Committee subject to communication to the Chairman of the Board of Directors; this is without prejudice to the other powers of convocation provided by law. Ordinary Shareholders’ Meetings are convened in any event at least once a year within 120 (onehundredandtwenty) days of the end of each financial year to pass resolutions on matters for which it holds responsibility by law or in accordance with these Articles of Association. Ordinary and extraordinary Shareholders' Meetings are convened without delay at the request of Shareholders who represent at least one-twentieth of the share capital following submission of a request indicating the grounds and the agenda. In compliance with the procedures, according to the terms and within the time limits set forth by the law, the Shareholders who, jointly, represent at least one-fortieth of the share capital may, by written application, request additions to the items to be discussed at the Shareholders' Meeting, as recorded by the notice of convocation of the same, indicating in the application the additional


matters proposed by them as well as they may submit resolution proposals on matters already on the agenda. Legitimation to exercise the right is given by filing a copy of the communication issued by the intermediary in accordance with the law and regulations in force.

Shareholders' meetings are usually held alternately in the city or province of Bergamo and in the city or province of Brescia. The Shareholders' Meetings are convened by notice - containing an indication of the matters to be discussed, the location, day and time of the meeting and anything else required by the pro tempore laws and regulations in force - published within the time limits set forth by the laws and regulations in force on the Company's internet website, as well as according to the other procedures provided by such laws and regulations. UBI_2018_10_29_STATUTO IT_ing.docx Notices must also be affixed in the branches of the Bank. The notice to convene may contain a second call for the Shareholders' Meeting and, limited to the extraordinary Shareholders' Meeting, even a third call. The Board of Directors may establish that the Shareholders' Meeting, ordinary or extraordinary, is held in a single meeting, excluding subsequent calls after the first, applying the majorities required by the applicable regulations. That decision is indicated in the notice to convene. If indicated in the notice to convene, those entitled to vote may attend at the Shareholders' Meeting by means of telecommunication and exercise the right to vote electronically according to the methods provided in the notice itself.

Persons having the right to vote, for which the Company has received, within the time limits provided for by the law, the notice of the authorised intermediary certifying their voting right, may attend at the Shareholders' Meeting.

Each ordinary share attributes the right to one vote. Those who have the right to vote may be represented at the Shareholders' Meeting in compliance with existing regulations. The delegation may be notified electronically by email, according to the instructions contained in the notice to convene, or by another method chosen from those provided by applicable laws and regulations. The Board of Directors may designate for each Shareholders' Meeting, reporting this information in the notice to convene, one or more persons to whom the holders of the voting right may grant, following the procedures provided for by applicable laws and regulations, a proxy with voting instructions on all or some of the items on the agenda. The proxy is valid solely with regard to those items for which the voting instructions have been granted. Without prejudice to the provisions of Art. 2372, second paragraph of the Italian Civil Code, the delegation may only be granted for individual Shareholders' Meetings, with effect also for any subsequent calls, but may not be granted without specifying the name of the representative. Voting by mail is not permitted. Those with the right to vote may also submit questions on the items on the agenda before the Shareholders’ Meeting. Questions received in advance of the Shareholders’ Meeting will, at the latest, be answered during it. The bank reserves the right to provide a single answer to questions with the same content. Notices to convene meetings state the time limit before which questions submitted before the Shareholders’ Meeting must be received by the Bank. The time limit may not be more than five market trading days before the data of the Shareholders’ Meeting at first or only one call, or the “record date” pursuant to Art. 83-sexies, paragraph 2 of the Consolidated Finance Law (the end of the accounting day of the seventh trading day prior to the date set for the Shareholders’ Meeting) if the notice to convene the meeting states that the Bank will provide an answer to the questions submitted before the Shareholders’ Meeting. In the latter case the answers are provided at least two days before the Shareholders’ Meeting, by publication, amongst other things, in an appropriate section of the Bank’s website. The right to vote may also be proved after


the questions have been sent, as long as this is done within the third day following the aforementioned record date. The members of the Board of Directors, including the members of the Management Control Committee, may not vote in resolutions concerning their liability.

In order for the Shareholders' Meeting constitution to be valid, as well as for the validity of its respective resolutions, the pro tempore laws and regulations in force are applied, without prejudice to the provisions of Art. 22 below for the appointment of the Board of Directors and the Management Control Committee. If it is not possible to complete the agenda during one day, the Chairman of the Shareholders' Meeting arranges for it to be continued no more than seven days afterwards, giving verbal communication thereof to the attendees without the need for further notice. At the second call, the Shareholders' Meeting is constituted and resolves with the same majorities established for the validity of the constitution and resolutions of the Shareholders' Meeting being continued.

The proposal indicated in Art. 11, second paragraph, letter c) fourth line of the Articles of Association is approved by the ordinary Shareholders' Meeting when (i) the Shareholders' Meeting is convened by at least half of the share capital and the resolution is passed with the favourable vote of at least 2/3 of the share capital represented in the Shareholders' Meeting or (ii) the resolution is passed with the favourable vote of at least 3/4 of the share capital represented in the Shareholders' Meeting, whatever the amount of the share capital present. If the Shareholders' Meeting, both ordinary and extraordinary, is convened to resolve on a proposal relating to a transaction with related parties made by the competent bodies of the Company in the presence of a contrary opinion of the committee constituted in accordance with the pro tempore regulations in force on transactions with related parties and the Shareholders’ Meeting has approved that proposal in respect of the quorum provided for by these Articles of Association, the finalisation of that transaction shall be forbidden if a number of unrelated Shareholders representing at least 5% of the share capital is represented at the Shareholders' Meeting and the majority of those unrelated voting shareholders have voted against that transaction.

The Shareholders' Meeting, both ordinary and extraordinary, is chaired by the Chairman of the Board of Directors or, in his absence, by the Deputy Chairman or in the latter's absence, by another person designated by the Board of Directors or, failing that, by the Shareholders' Meeting itself. The Chairman of the Shareholders' Meeting is responsible for verifying the regularity of the proxies and in general the right of the attendees to participate in the Shareholders' Meeting, to verify if the Shareholders' Meeting is duly convened and fit to resolve, to manage and regulate the discussion, as well as to establish the procedures for conducting the votes, ascertaining their respective results. On proposal of the Chairman, General Meetings appoint a Secretary and two or more scrutineers. In extraordinary Shareholders’ Meetings, or when the Chairman deems it appropriate, the functions of the secretary shall be performed by a notary appointed by the Chairman of the meeting.

As concerns proceedings in Shareholders' Meetings, the Bank has (by means of a shareholders’ resolution) adopted regulations, designed to govern the ordered and efficient functioning of these meetings and in particular to regulate the procedures for Shareholders to speak and reply. These regulations have been published on the Bank's website in the shareholders’ section. The Shareholders’ Meeting met once in during the year, on 12th April 2019 in ordinary session (all the members of the Management Board and 13 out of the 15 members of the Supervisory Board in office were present). At the Shareholders’ Meeting the Board reported on the activities performed and planned.


In this regard, with particular reference to the items placed on the agenda for the Shareholders’ Meeting and in relation to the appointment of members of the Board of Directors and the Management Control Committee for the years 2019-2020-2021 and the determination of their remuneration, the Bank informed the public17: - on 22nd March 2019, the filing of a slate of candidates for the appointment of members of the

Board of Directors and of the Management Control Committee of UBI Banca S.p.A. for the years 2019-2020-2021.

- On 2nd April 2019, the receipt of a proposed resolution concerning the determination of remuneration for members of the Board of Directors and members of the Management Control Committee.

from some shareholders. At the Shareholders’ Meeting shareholders were provided with adequate disclosure of the necessary information to enable them take the decisions for which the Shareholders’ Meeting is responsible with full knowledge of the facts. For further information see the minutes of the Shareholders’ Meetings available on the website of the Bank (www.ubibanca.it – Shareholders Section).

* * * Stock market capitalisation At a global level the share markets ended the year on a positive note, driven by the new records on Wall Street, despite the uncertainties relating specifically to the trade war between the USA and China and more generally the outlook for the international economic situation. The high volatility seen in early 2019 was reducing and the stock markets have followed a growth trajectory since August, mainly reflecting an easing of monetary conditions from the Federal Reserve and the ECB. The Italian stock market, reflecting the context just described, went up by over 27% (for the FTSE Italia All-Share and +28.3% for the FTSE Mib). In the first half of the year it recovered from the low recorded in 2018 while in the second the formation of a new more pro-European government majority favoured signs of recovery, with substantial share price recoveries, including those of Italian banks (+23% for the FTSE Italia Banks index). On the last trading day of the year (30th December 2019) the UBI Banca share price stood at €2.91 (official price €2.916 and reference price €2.912), an improvement of 15% compared to the €2.53 of 28th December 2018. The minimum and maximum prices for the year were €2.037 and €3.093 respectively. At the end of the year the stock market capitalisation (calculated on the official price) had risen to around €3.3 billion from €2.9 billion at the end of 2018, ranking UBI Banca in third place among Italian commercial banking groups listed on the FTSE MIB (and in fourth place amongst all the listed Italian banking groups). At European level, the UBI Banca Group was again among the top 45 institutions on the basis of the classification drawn up by the Italian Banking Association in its European Banking Report, which considers 14 countries of the European Union plus Switzerland (EBR International Flash: stock market trend – January 2020).

17Press releases of 22nd March 2019 and 2nd April 2019


16 ADDITIONAL CORPORATE GOVERNANCE PRACTICES (pursuant to Art. 123-bis, paragraph 2, letter a) of the Consolidated Finance Law) The Issuer does not apply any additional corporate governance practices other than those required by law or regulations and described in this Report.


17 CHANGES OCCURRING SINCE THE END OF THE YEAR No further changes in the structure of the corporate governance of the company have occurred in addition to those reported in the specific sections.


18 CONSIDERATIONS ON THE LETTER OF 19th December 2019

from the CHAIRMAN OF THE CORPORATE GOVERNANCE COMMITTEE

The Corporate Governance Committee issues, together with the report on its own activities, an annual report on the application of the Corporate Governance Code, in order to monitor the extent to which it has been implemented by the issuers that have stated that they comply with it. This document was sent to all the listed companies together with a letter dated 19th December 2019 from the Chairman of the Corporate Governance Committee to provide evidence of the monitoring that has been performed and indicate the key findings, with an invitation to submit the recommendations of the Code for 2020 for examination by the Board of Directors and the relevant committees, in the hope that they would be the subject of a specific board discussion while also receiving careful consideration as part of the self-assessment, in order to identify possible changes to governance or addressing any gaps in the application or explanations provided. The letter also invited the companies to submit the same recommendations to the supervisory body, which is responsible for monitoring the implementation of the recommendations made in the Code. It also repeated the wish for the observations concerning the recommendations made by the Committee and any initiatives that were planned or undertaken would be reported in the Corporate Governance Report. As concerns the four principal areas that the Corporate Governance Committee identified for Corporate Governance with a view to urging issuers to improve their governance practices, we note the following: - Sustainability, understood as a matter of general and strategic significance to business:

the Corporate Governance Committee invites the Boards of Directors to incorporate business sustainability when they set their remuneration strategies and policies. This may be on the basis of an analysis of the significance of the factors that may influence the generation create value in the long term. (see sections 1, 6, 11, and 7 of this report) and the Report on remuneration policies and wages, which may be consulted.;

- Quality of information provided to the Board of Directors: The Corporate Governance Committee recommends that companies should ensure the adequate management of information flows to the Board of Directors, respecting confidentiality requirements without compromising the completeness, usability and timeliness of the information provided (see sections 4.4 and 5.4 of this report);

- quality of independence assessments, understood as a key element for the effective functioning of the corporate governance system set out in the Code: The Corporate Governance Committee invites the management bodies to apply the independence criteria set out in the Code more rigorously and encourages the control bodies to oversee their correct application. In addition to stressing the exceptional nature and necessary individual reasons – which are thus linked to the specific case of the individual director – for making exceptions to any independence criteria recommended by the Code, the Committee invites the issuers to pay closer attention to the evaluation of the significance of the relationships assessed. To achieve this, the Committee invites the management bodies to start the process by defining the quantitative and/or qualitative criteria to be used to assess the significance of the relationships under consideration.

- Adequacy of the remuneration for non executive directors and members of the control bodies, partly in view of a comparative analysis: Partly in view of the comparative analysis, the Corporate Governance Committee advises the management bodies – and the related committees responsible for matters relating to remuneration – to evaluate whether the remuneration paid to non executive directors and members of the control bodies is appropriate for the expertise, professionalism and commitment required for their role. It may be of assistance for this purpose to refer to refer to widespread remuneration practices for companies


of a similar size in the relevant sectors, potentially including other countries (see sect. 7 of this report and the Report on remuneration policies and wages, which may be consulted).

The recommendations made in the letter were brought, on 7th February 2019, to the attention of the Management Board, which recognised the overall adequacy of the Bank in terms of the recommendations made and arranged for it to be sent to the Supervisory Board at its next meeting. More precisely: - Board of Directors: 14th January and 28th February 2020; - Management Control Committee: 14th January and 28th February 2020; - Risk Committee: 25th February 2020.


Attachment A Positions held by the members of Board of Directors of UBI Banca in other companies listed in regulated markets including foreign markets (*), in financial, banking, insurance or large companies. (**) Companies belonging to the UBI Banca Group

Name Position held in the issuer

Positions held in other companies listed on organised markets, both in Italy and abroad(*), in financial, banking and insurance companies or in companies of significant size.

Letizia Maria BRICHETTO ARNABOLDI MORATTI

Chairwoman of the Board of Directors

Chairwoman of the Board of Directors: - Securfin Holdings srl - Fondazione E4Impact Director: - AON Italia S.r.l. - Bracco S.p.A. - Italian Banking Association

Roberto NICASTRO

Deputy Chairman of the Board of Directors

Chairman: - Officine CST S.p.A. Director: - La Finanziaria Trentina S.p.A. - PBI S.r.l. Director: - Italian Banking Association - Interbank Deposit Protection Fund - Voluntary Scheme

Victor MASSIAH Chief Executive Officer/General Manager

Chairman: - Associazione per lo Sviluppo degli Studi di Banca e Borsa (Association for bank and stock market studies) Director: - Italian Banking Association - La Scala Theatre Academy Member: - COMI (Market operators and investors’ committee)

Letizia BELLINI CAVALLETTI

Director /

Paolo BOCCARDELLI

Director Director: - UBI Sistemi e Servizi S.C.p.a (**) - The Amsterdam Fashion Academy B.V. - Fondazione Nuovo Millennio (New Millennium Foundation)

Paolo BORDOGNA

Director Director: - Bracca Acque Minerali S.p.A. - Fonti Pineta S.p.A.

Ferruccio DARDANELLO

Board Member Chairman: - Cuneo Chamber of Commerce Chairman of the Board of Directors: - Agroqualità S.p.A.




Silvia FIDANZA Board Member Chairwoman of the Supervisory Board: - Befado S.p.z.o.o. (Poland)

Pietro GUSSALLI BERETTA

Director Chairman of the Board of Directors and Chief Executive Officer: - Beretta Holding S.A. - Beretta Industrie S.p.A. Chairman of the Board of Directors: - Benelli U.S.A. Corp. Deputy Chairman of the board of directors and chief executive officer: - Beretta U.S.A. Corp. Deputy Chairman of the Board of Directors and Executive Director: - Fabbrica d’Armi Pietro Beretta S.p.A. - Benelli Armi S.p.A. Chief Executive Officer: - Arce Gestioni S.p.A. Director: - Lucchini RS S.p.A. - Upifra S.A. - Upifra Agricole S.A. - San Lorenzo S.p.A. (*)

Osvaldo RANICA

Director Chairman: Italian Banking Association - Regional Commission for Lombardy Deputy Chairman of the Board of Directors - UBI Leasing S.p.A. (**) Board Member: -- Digital Innovation Hub (DIH) Association - Bergamo

Alessandro MASETTI ZANNINI

Board Member and Chairman of the Management Control Committee

Director: - Editoriale Bresciana S.p.A. - Gold Line S.p.A. Chairman of the Board of Statutory Auditors: - Inbre S.p.A. - Azienda Elettrica Vallecamonica S.r.l. Statutory Auditor: - Ferriera Valsabbia S.p.A.

Alberto CARRARA

Board Member and Member of the Management Control Committee

Full Statutory Auditor:: - Bianchi Industry S.p.A. - Comelit Group S.p.A.

Francesca CULASSO


/

Simona PEZZOLO DE ROSSI

Board Member and Member of the Management

Full Statutory Auditor: - Linea Gestione S.r.l. Unipersonale - Sapes S.p.A.




Control Committee

Monica REGAZZI


Chief Executive Officer: - Homepal a better place S.r.l.


SUMMARY TABLES TABLE 1: INFORMATION ON THE OWNERSHIP STRUCTURE STRUCTURE OF THE SHARE CAPITAL (as at 31st December 2019) and at the date of this report)

Number of shares

Percentage of share capital

Listed (indicate markets)

/ unlisted Rights and obligations (*)

Ordinary shares 1,144,285,146 100%

MTA FTSE MIB

Each share gives the right to one vote.

The rights and obligations of shareholders are those provided for by articles 2346 et seq. of the Civil

Code. Shares with multiple voting rights == == ==

Shares with limited voting rights = = = = = =

Shares with no voting rights = = = = = =

Other == == == SIGNIFICANT INVESTMENTS IN THE SHARE CAPITAL (*)

Declarant Direct shareholder

Percentage (%) of ordinary share capital

Percentage (%) of voting share capital

Fondazione Cassa di Risparmio di Cuneo (declared on 29th June 2017) Yes 5.910% 5.910%

Silchester International Investor Llp (declared on 4th November 2015) stake held as part of its discretionary investment management

No 5.123% 5.123%

Fondazione Banca del Monte di Lombardia (Declared on 7th December 2017) (1) Yes 4.959% 4.959%

HSBC Holdings Plc (of which 4.837% relating to HSBC Bank Plc) (2) (declared on 27/5/2019);

No 4.886% 4.886%

(*) Source: communications performed in accordance with Art. 120 of the Consolidated Finance Law. (1) On the basis of the communication received on 22nd February from the “Shareholders’ pact concerning shares of UBI

Banca S.p.A”, the Fondazione Banca del Monte di Lombardia holds 3.951% of the share capital of UBI Banca. (2) In that same declaration this company also declared a total indirect position of 4.976%, consisting of the investment

already mentioned (4.886%) and an overall long position with settlement in cash (an equity swap) amounting to 0.090% with maturity date on 10th February 2023;

It must in any case be considered that the percentage stakes declared may no longer be those actually held if a change has occurred in the meantime which does not involve disclosure obligations in accordance with the applicable regulations. It should be noted that the list reported above does not include the asset management companies and authorised entities holding assets under management amounting to between 3% and 5% of the share capital of UBI Banca, since, pursuant to Art. 119-bis, paragraph 7 of the Consob Issuers' Regulations, they are not subject to the disclosure obligations under Art. 117 of the aforementioned Regulations.

117 Report on corporate governance

TABLE 2: BOARD OF DIRECTORS (BoD), MANAGEMENT CONTROL COMMITTEE (MCC) AND COMMITTEES (1): FROM 12th April 2019

Board of Directors Appoint-ments

Committee Remuneration

Committee

Risk

Committee

Related Parties and Connected

Persons Committee

Position Members Year of birth

Date of first appointment

to the Governing

Bodies of UBI Banca

In office since

In office until

Slate (2)

Independent directors (3)

Executive Directors BoD

(****) MCC (****)

No. of appointments (**)

(***) (****) (***) (****) (***) (****) (***) (****)

Chairwoman LETIZIA MARIA

BRICHETTO ARNABOLDI

1949 14/4/2016 12/4/2019 2022 AGM M

21/22 = = 5

Deputy Chairman ROBERTO NICASTRO 1964 12/4/2019 12/4/2019 2022 AGM M X 21/22 = = 5 M 16/16 C 20/21

Chief Executive Officer and General Manager

VICTOR MASSIAH (4) 1959

27/11/2008 (appointed

Chief Executive Officer on

27/11/2008 with effect

from 1/12/2008)

12/04/2019 (appointed

CEO on 27/11/2008

2022 AGM M

X 22/22 = = 4

Board Member BELLINI

CAVALLETTI LETIZIA

1962 20/04/2013 12/4/2019 2022 AGM M X

22/22 = = = = P 16/16 M 10/10

Board Member PAOLO BOCCARDELLI 1971 12/4/2019 12/4/2019 2022 AGM M X 22/22 = = 3 C 10/10

Board Member PAOLO BORDOGNA 1958 12/4/2019 12/4/2019 2022 AGM M X

22/22 = = 2 M 21/21

Board Member FERRUCCIO DARDANELLO 1944 7/04/2017 12/4/2019 2022 AGM M X 22/22 = = 2 M 16/16

Board Member SILVIA FIDANZA 1974 23/04/2013 12/4/2019 2022 AGM M 22/22 = = 1

Board Member PIETRO

GUSSALLI BERETTA

1962

from 01/04/2007

to 20/04/2013

from 02/04/2007

12/4/2019 2022 AGM M

21/22 = = 11 M 15/16

Board Member OSVALDO RANICA 1952 14/4/2016 12/4/2019 2022 AGM M 22/22 = = 3 M 16/16 M 10/10

Board Member and Chairman of the Management Control Committee

ALESSANDRO MASETTI

ZANNINI (*) 1965 12/4/2019 12/4/2019 2022 AGM M X

22/22 26/26 5

Board Member and Member of

ALBERTO CARRARA (*) 1961 14/12/2018 12/4/2019 2022 AGM M X 22/22 25/26 2


the Management Control Committee


FRANCESCA CULASSO 1973 12/4/2019 12/4/2019 2022 AGM M X

22/22 25/26 = =

M 12/12


SIMONA PEZZOLO DE

ROSSI (*) 1975 12/4/2019 12/4/2019 2022 AGM M X

22/22 26/26 2 M

21/21 M 12/12


MONICA REGAZZI 1969 12/4/2019 12/4/2019 2022 AGM M X

22/22 26/26 1

C 12/12

Number of meetings held during 2019 Board of Directors: 22 Management Control Committee: 26 Appointments

Committee: 16 Remuneration Committee: 10 Risk Committee: 21 Related Parties and Connected Persons Committee: 12

NOTES 1) BOARD OF DIRECTORS and MANAGEMENT CONTROL COMMITTEE: appointed by the Shareholders’ Meeting on 12th April 2019 for the three year period 2019/2020/2021.

BOARD COMMITTEES: appointed by the Board of Directors on 16th April 2019

2) Board members indicated with the letter “M” were drawn from the only slate presented at the Shareholders’ Meeting of 12th April 2019, filed on 16th March 2019 by the following shareholders: Fondazione Cassa di Risparmio di Cuneo, Fondazione Banca del Monte di Lombardia, Mar.Bea S.r.l. and Dott. Matteo Zanetti, which together hold 118,153,595 shares (10.33% of the UBI Banca share capital), in implementation of the agreement entered into on 18th December 2018 between Sindacato Azionisti UBI Banca S.p.A., Patto dei Mille and Fondazione Cassa di Risparmio di Cuneo.

3) Art. 21 of the Articles of Association: independent directors are considered to be directors in possession of the independence requirements provided for by Art. 148 of Legislative Decree No. 58 dated 24th February 1998 and the implementing regulation of Art. 26 of the Legislative Decree No. 385 dated 1st September 1993.Notwithstanding the above, the independent members of the Board of Directors shall satisfy the requirements set forth in the Corporate Governance Code of Italian listed companies issued by Borsa Italiana S.p.A., from time to time applicable. The existence of the independence requirement is verified by the Board of Directors, in accordance with the application criteria set by the above-mentioned Corporate Governance Code and incorporated in the relevant internal regulation approved by the Board itself.

4) Chief Executive Officer and the director with responsibility for the internal control and risk management system.

(*) Enrolled in the Register Of External Statutory Auditors (**) Number of directorships or appointments as statutory auditor (or equivalent positions) held in other companies listed on regulated markets including foreign markets, in financial, banking or

insurance (***) This column shows the position of the member of the Board of Directors within the Committee (“C” Chairman; “M” Member). (****) This column shows the number of meetings attended by the member in relation to the total number of meetings he/she could have attended.


MEETINGS OF GOVERNING BODIES - ONE-TIER SYSTEM OF GOVERNANCE(*)

2019 Board of Directors

Management Control

Committee

Appointments Committee

Remuneration Committee Risk Committee

Related Parties and Connected Persons

Committee Meetings in 2019

22 26 16 10 21 12

Average duration

6 hours and 30

minutes 4 hours and 15

minutes 1 hour and 10

minutes 1 hour 4 hours and 20 minutes 1 hour

Attendance rate

99.1

98.5 98.8 96.8 100

Meetings planned for 2020

22

34

n.a.

n.a.

32

n.a.

(*) One-tier system of governance and control adopted 12th April 2019.


TABLE 3: SUPERVISORY BOARD AND COMMITTEES (1) until 12th April 2019

Supervisory Board Appointments

Committee Remuneration

Committee

The internal control

committee

Risk

Committee

Related Parties and Connected

Persons Committee

Position Members Year of birth

Date of first appointment to the Governing Bodies of UBI

Banca

In office since

In office until

Slate (*)

Independent as per Corporate Governance

Code

Attendance at meetings

Supervisory Board (***)

Attendance at meetings of the

Management Board (***)

(**) (***) (**) (***) (**) (***) (**) (***) (**) (***)

Chairman ANDREA MOLTRASIO 1956

from 01/04/2007

to 24/04/2010

from 20/04/2013

02/04/2016 12/4/2019 M 10/10 C 3/3

Senior Deputy Chairman

MARIO CERA 1953 20/04/2013 20/04/2013 12/04/2016 M 8/10 M 3/3

Deputy Chairman

PIETRO GUSSALLI BERETTA

1962

from 01/04/2007

to 20/04/2013

02/04/2016 (Appointed

DC on 14/4/2016)

02/4/2019 M 7/10 M 2/3

Deputy Chairman

ARMANDO SANTUS 1969 28/04/2012

2/04/2016 (Appointed

DC on 14/4/2016)

12/4/2019 M X 8/10

C 6/6

Board Member

FRANCESCA BAZOLI 1968 02/04/2016 02/04/2016 12/4/2019 M X 9/10 M 6/7

Board Member

LETIZIA BELLINI CAVALLETTI

1962 20/04/2013 02/04/2016 12/4/2019 M X 10/10 M (4) 3/3 M 6/6

Board Member

PIERPAOLO CAMADINI 1963 20/04/2013 02/04/2016 12/4/2019 M X 9/10 6/11 (§) M 7/7

Board Member

ALBERTO CARRARA (°) (2)

1961 14/12/2018 14/12/2018 12/4/2019 (*1) X 8/10 3/11 (§) M (5) 7/7 M (5) 7/7

Board Member

FERRUCCIO DARDANELLO (3)

1944 07/04/2017 07/04/2017 12/4/2019 (*2) X 10/10 M (6) 4/4

Board Member

ALESSANDRA DEL BOCA 1947 20/04/2013 02/04/2016 12/4/2019 M X 9/10 C 4/4

Board Member

GIOVANNI FIORI (°) 1961 2/04/2016 02/04/2016 12/4/2019 m X 9/10 O/11 (§) M 3/3 C 7/7

Board Member

PATRIZIA MICHELA GIANGUALANO

1959 2/04/2016 02/04/2016 12/4/2019 m X 9/10 4/11 (§) M 4/4 M 7/7

M 6/7

Board Member

PAOLA GIANNOTTI 1962 2/04/2016 02/04/2016 12/4/2019 m X 9/10 C 7/7 M 6/6

Board Member

GIUSEPPE LUCCHINI 1952

from 01/04/2007

to 20/04/2013 02/04/2016 12/4/2019 M X 6/10


Board Member

Sergio PIVATO (°) 1945 01/04/2007 02/04/2016 12/4/2019 M 10/10 0/11 (§) M 7/7 M (7) 6/7

Number of meetings held during 2019 Supervisory Board: 10 Appointments

Committee: 3 Remuneration Committee: 4 Internal Control Committee: (#) 7 Risk Committee: 7 Related Parties and Connected Persons Committee: 6

(#) From 28th April 2016 to 12th April 2019 the members of the Internal Control Committee were also members of the Supervisory Body of UBI Banca pursuant to Legislative Decree No. 231/01, the latter met twice during the year. NOTES 1) SUPERVISORY BOARD: appointed by the Shareholders’ Meeting of 2nd April 2016 for the three-year period 2016/2017/2018 - COMMITTEES: appointed by the Supervisory Board on 13th April 2016 2) BOARD MEMBER appointed by a Shareholders' Meeting on 14th December 2018 3) BOARD MEMBER appointed by a Shareholders' Meeting on 7th April 2017 4) Member since 2/2/2017 5) BOARD MEMBER since 20/12/2018 6) MEMBER SINCE 12/09/2017 7) MEMBER SINCE 02/02/2017

(°) Enrolled in the Register of External Statutory Auditors (§) As a member of the Internal Control Committee (*) Board members indicated with the letter “M” were in the slate that received the second highest number of votes at the Shareholders’ Meeting of 2nd April 2016. Board Members Moltrasio, Cera and

Santus were appointed by the slate vote mechanism set out in the Articles of Association, while the remaining board members were appointed by a decision of the Shareholders’ Meeting taken by a majority vote, again on 2nd April 2016. Board members indicated with the letter “m” were drawn from the list that obtained the majority of the votes at the Shareholders’ Meeting of 2nd April 2016.

(*1) Board Member appointed by the Shareholders’ Meeting on 14th December 2018 by a majority vote to replace a Board Member who had resigned; the candidature was presented by Dott. Matteo Zanetti, Dott. Paolo Zanetti, Quattro Luglio srl, Scame srl, Nuova Fourb srl, Mar.Bea srl, Fondazione Banca del Monte di Lombardia and Fondazione Cassa di Risparmio di Cuneo shareholders in implementation of the agreement stipulated on 22nd November 2018 between Sindacato Azionisti UBI Banca S.p.A. (UBI Banca S.p.A. Shareholders' Syndicate), Patto dei Mille and Fondazione Cassa di Risparmio di Cuneo.

(*2) Board Member appointed by the Shareholders’ Meeting on 7th April 2017 by a majority vote to replace a Board Member who had resigned; the candidature was presented by the Mar.Bea Srl and Fondazione Banca del Monte di Lombardia shareholders in implementation of the agreement stipulated between Sindacato Azionisti UBI Banca S.p.A. (UBI Banca S.p.A. Shareholders' Syndicate) and Patto dei Mille (Pact of the Thousand).

(**) This column shows the position of the Member of the Supervisory Board within the Committee (“C” Chairman; “M” Member). (***) This column shows the number of meetings attended by the member in relation to the total number of meetings he or she could have attended.


TABLE 3 continued: MANAGEMENT BOARD (1) until 12th April 2019

Position Members Year of birth Date first appointed In office since In office until

Independent (in

accordance with Art. 147 quater of the Consolidated Finance Law)

(**)

Executive

Attendance at meetings of the

Management Board (***)

Chairwoman LETIZIA MARIA BRICHETTO ARNABOLDI 1949 14/4/2016 14/4/2016 12/04/2019 X 10/11

Deputy Chairman FLAVIO PIZZINI 1955 02/04/2007 14/4/2016 12/04/2019 X 10/11

Chief Executive Officer/General Manager

VICTOR MASSIAH (2) 1959

27/11/2008 (appointed Chief Executive

Officer on 27/11/2008 with effect from 01/12/2008)

14/04/2016 (appointed Chief

Executive Officer on 15/4/2016)

12/04/2019 X 11/11

Board Member SILVIA FIDANZA 1974 23/04/2013 14/4/2016 12/04/2019 X 11/11

Board Member RANICA OSVALDO 1952 14/4/2016 14/4/2016 12/04/2019 X 11/11

Board member /Senior Deputy General Manager

ELVIO SONNINO 1960 23/04/2013 14/4/2016 12/04/2019 X 11/11

Board Member/Chief Financial Officer ELISABETTA STEGHER 1967 14/4/2016 14/4/2016 12/04/2019 X 11/11

11 meetings of the Management Board were held in 2019.

NOTES (1) appointed by the Supervisory Board on 14th April 2016 2) the Chief Executive Officer to whom duties concerning internal controls have been assigned. * The mandate of the members of the Management Board (in office for the three-year period 2016-2017-2018 and expiring on the date of the Supervisory Board meeting convened

to approve the financial statements relating to their last year in office and in any event until a new Management Board is appointed) ended on 12th April 2019 when the adoption of the one-tier system of governance became effective from the time of the appointment of the new governing bodies by the Shareholders’ Meeting.

(**) The members of the Management Board are not required to meet the requisites of independence in the Corporate Governance Code, due, amongst other things, to the decision

made by UBI Banca to form internal committees within the Supervisory Board provided for by that code for which those requisites are required. (***) This column shows the number of meetings attended by the member in relation to the total number of meetings he or she could have attended.


TABLE 4 – Composition of governing bodies – diversity indicators

COMPOSITION OF GOVERNING BODIES BY DIVERSITY INDICATORS

2019 Board of Directors Management Control Committee

Gender Men 60.0% 40.0% Women 40.0% 60.0% Educational Qualifications Senior high school graduate

6.7% 0.0%

First degree 93.3% 100.0% Other 0.0% 0.0% Age under 30 0.0% 0.0% 30 to 50 26.7% 60.0% 50 to 60 40.0% 40.0% Over 60 33.3% 0.0% Average age in years 57 51


Attachment B

Main characteristics of the risk management and internal control systems in relation to the financial reporting process pursuant to Art. 123-bis, paragraph 2, letter b) of the Consolidated Finance Law. 1) Introduction The existing risk and internal control management system in relation to the financial reporting process of the UBI Banca Group consists of a set of corporate rules and procedures adopted by various operational units, designed to ensure the reliability, accuracy and promptness of financial reporting. In this respect of Law No. 262 of 28th December 2005 (and subsequent amendments) “Measures for the protection of savings and to regulate financial markets”, inserted Art. 154-bis into the Consolidated Finance Law which introduced the role of the Senior Officer Responsible for the preparation of corporate accounting documents (hereinafter the “Senior Officer Responsible) into the corporate organisation of listed companies in Italy, who is held responsible for the preparation of corporate accounting documents. The UBI Group responded to the legislation designed to strengthen the system of internal controls in relation to the financial reports produced by listed issuers by adopting an organisational and methodological system (administrative and financial model of governance), which, in a context of integrated compliance, makes it possible to continuously regulate activities concerning the adequacy and effective application of the management of financial reporting risk and consequently to be able to make an accurate assessment of the internal control system in question. The model developed was approved by the Management Board and the Supervisory Board on 15th January 2008 and 6th February 2008 respectively and then officially implemented in a specific set of regulations, issued with Group Communication No. 166 of 8th August 2008. These regulations were supplemented by the “Methodological Annex for the management of financial reporting risk pursuant to Law No. 262/05”, updated for consistency with the one-tier model of governance and control and the “Policy for the management of Group regulations” and then published on 12th April 2019. The model adopted, the efficacy of which is the subject of constant monitoring, takes the risk driven approach, according to which monitoring activities are focused on significant processes pursuant to Law No. 262/2005, that are considered to be at greatest risk. It is based on the main reference frameworks recognised nationally and internationally for the development of adequate systems of internal controls for financial reporting, the COSO Framework and the COBIT Framework18, and it involves different areas described in detail in the section that follows. 2) Description of the main characteristics of the risk and internal control management

system in relation to financial reporting processes. The system of controls for financial reporting is based on three fundamental pillars: the existence of an adequate internal control system at company level designed to reduce the

risk of errors and improper conduct for the purposes of accounting and financial reporting, by verifying on an ongoing basis that adequate systems of governance and standards of conduct and adequate risk management processes are in place and that there are effective organisational structures, clear reporting systems and adequate IT and communication systems. Verification at company level, conducted by the Parent Audit Methodologies & Frauds Area, is performed by using a special tool known as “Company Level Control (CLC) Assessment”, which is based on the

18 COBIT (Control OBjectives for IT and related technology Framework) was drawn up by the IT Governance Institute, a United States body

which has the objective of defining and improving corporate standards in the IT sector. More specifically, the UBI Group has adopted the Framework IT Control Objectives for Sarbanes Oxley, defined specifically to control financial information.


qualitative assessment of a series of risk factors considered essential for the soundness and reliability of an administrative and financial governance system;

the development, maintenance and formalisation of adequate processes to control the production of accounts and financial reports and subsequent verification annually that they are adequate and actually applied. This includes administrative and accounting procedures that guarantee reasonable certainty of the reliability of financial reporting, whether it relates to financial reporting processes in the strict sense of the term or to business and support processes considered nevertheless significant for the purposes of financial reporting;

the development of controls on the management of technological infrastructures and software applications which regard financial and administrative processes and subsequent verification annually that they are adequate and actually applied.

The adequacy and effective application of administrative and accounting procedures, forming part of the broader system of financial reporting controls, is also subject to specific verification by an external independent consultant, who reports on the activities carried out in a special report issued for each Group company included as part of the investigation pursuant to Law No. 262/2005, defined annually on the basis of significant quantitative or qualitative indicators. a) Stages of the risk and internal control management system in relation to financial reporting

processes

With regard to the development, maintenance and formalisation of adequate processes of control over the production of accounts and financial reports and the development of controls over the management of technological infrastructures, the framework adopted involves the following stages of analysis and investigation:

identification of the relevant scope of application consisting of the companies in the UBI Group, the items on the financial statements and the processes considered significant on the basis of both quantitative parameters, in relation to operating and capital amounts in the consolidated financial statements, and qualitative parameters, in relation to the complexity of the business and the type or implicit risks. The method adopted by the UBI Group for the definition of the relevant scope of application requires the identification of significant variables derived, in consecutive order, from: - selection of the significant companies; - selection of the significant items in the financial statements at Group level; - selection of the significant items in the financial statements at single company level; - tracing the significant items in the financial statements to significant processes/contexts;

definition of the area of investigation for the year in question, approved annually by the Board of Directors, by planning annual audit activities over the course of the whole year, in application of the risk-driven Model referred to above, involving the assignment of a risk ranking to processes. On the basis of that Model, differentiated analysis approaches are defined, while always ensuring an appropriate level of supervision of the most significant processes, partly on the basis of qualitative elements inferred from: - anomalies found in previous analyses; - level of stability of the processes; - the analysis of anomalies found by other monitoring functions;

formalisation of the relevant processes and risks connected with financial reporting and related supervisory controls prioritised on the basis of an analysis of external regulations, self-regulation and interviews of the relative process owners. This activity is designed to assess and document the processes identified as significant for the purposes of Law No. 262/2005 and also the risks connected with financial reporting and the relative controls set in place to oversee them. The production of these documents constitutes a preliminary condition for the subsequent verification of the adequacy of the internal control system;

definition of the regular frequency of assessment processes, on the basis of the degree of risk assigned to the process, giving priority to processes that are considered to be at high risk but in any event ensuring, over the three year period, that all significant process are assessed, even if they are considered to be at low risk;

risk measurement and the adequacy of the controls. The objective of that activity is to verify the adequacy and effective application of the administrative and accounting procedures employed in the preparation of financial statements and in all other financial reporting, as well as how


efficiently the controls have been designed and implemented. The activity consists of the following steps: - verification of the adequacy of the administrative and accounting procedures employed in the

preparation of financial statements and in all other financial reporting.. activity, known as “risk and control assessment”, is carried out by monitoring the risks associated with financial reporting procedures intrinsic to the life cycle of financial data, attributable to observance of “financial assertions” which international standards define as the requirements which financial reports must meet for compliance with legal obligations. “Financial assertions” therefore perform the function of an operational tool which guides the identification and assessment of the principal controls, the absence or ineffectiveness of which can prejudice the achievement of veracity and accuracy in the representation of the capital, operating and financial position of the Group;

- valuation of the key controls for mitigation of financial reporting risks, identified and defined at the “risk and control assessment” stage. This activity, known as “test of design”, is intended to define the requirements of the key controls for mitigation of the risks of failure to comply with "financial assertions”. This activity may bring to light concerns which require the preparation of appropriate corrective action plans;

- verification of the effective and continuous application of controls. This stage, which consists of “effectiveness tests”, is designed to assess the effective application, in the accounting period, of administrative and accounting procedures employed in the preparation of financial statements and in all other financial reporting. In this stage, verification is performed of the implementation of the controls provided for by the system of documentation put in place during the stage when processes and procedures were formulated and introduced. This activity may bring to light concerns which require the preparation of appropriate corrective action plans;

definition and monitoring of corrective action to be undertaken as a result of the verifications performed. The methodology involves the initiation, on the basis of the corrective action plans just mentioned, of a structured course of action which by means of specific monitoring action, leads to effective reinforcement of controls by the involvement and empowerment of the relative process owners and the consequent modification of the related internal system of regulations. The corrective action plans are communicated by means of a special report to the Board of Directors of the Parent and of the subsidiaries responsible for the consequent decisions;

a brief assessment, on completion of the stages described above, of the overall degree of adequacy of the internal control system put in place to oversee financial reports produced relating to the reporting period for oversight activities. The final assessment, which considers the significance of any points found requiring attention, is formalised in a special report, drawn up for each significant company in the Group and submitted to the attention of the Board of Directors of the Parent and of the subsidiaries;

a “Cascade-like certification system” is put in place with the issue of certifications, the content of which is substantially similar to that required by law, by the Governing Bodies of Group companies subject to full consolidation, addressed to the Chief Executive Officer and the Senior Officer Responsible of the Parent.

b) Roles and functions involved The operational stages described above are conducted by the specialist structure within the Bank, in staff units under the Senior Officer Responsible, and also with the support of various other corporate roles involved for various reasons in compliance with the specific requirements of Law No. 262/2005.

The following are involved: - the Chief Operating Officer through the units reporting to him. More specifically, the

Organisation Area of UBI and of UBI Sistemi e Servizi Scpa are involved in the organisation and maintenance of document systems, designed to meet the requirements of assessing the adequacy and effectiveness of procedures that impact financial reporting;

- the other control functions, in order to create organisational synergies and consistency in assessment across the various units concerned.

The roles and responsibilities of the stakeholders involved in the specific activities required by Law No 262/2005, as well as the relations between the Senior Officer Responsible and the various


company personnel involved, with particular reference to the exchange of information between them, are defined by the specific Organisational Policy and Regulation which serves as follows: • to clearly state the tasks and operational responsibilities of the Senior Officer Responsible and

those of the other persons involved in the processes/activities for compliance with Law No 262/2005;

• to define the necessary reporting to the Senior Officer Responsible, and identify the units responsible for providing them, and their frequency and deadlines;

• to provide for the Senior Officer Responsible to have a functional role within the corporate governance of the Group

The interactions of the Senior Officer Responsible with the other control functions are also regulated by the “UBI Banca Group Internal Control System Policy” approved by the Supervisory Board on the basis of proposals submitted by the Management Board. This policy formalises the co-ordination activity that normally takes the form of periodic meetings of the Chiefs of the corporate control functions and the Senior Officer Responsible with the aim of promoting the constant exchange of information flows. This co-ordination also relates to the sharing of operational aspects (e.g. activity programmes), methodological aspects (e.g. procedures for assessing risks and controls) and any actions to be taken. Information on these co-ordination activities is reported periodically to the competent Governing Bodies at meetings which are also attended by the Senior Officer Responsible. The administrative and financial governance model also employs the aforementioned cascade-like certification system whereby in addition to the competent bodies of the individual Group companies subject to full consolidation and first line staff of UBI Banca, together with the competent bodes of the “outsourcer” companies, provide the Chief Executive Officer and the Senior Officer Responsible of the Parent with special internal certifications.


Attachment C

COMPLIANCE TABLE

PUBLIC DISCLOSURE OBLIGATIONS FOR BANKS RELATING TO ORGANISATIONAL

STRUCTURE AND CORPORATE GOVERNANCE PURSUANT TO THE SUPERVISORY

REGULATIONS (Bank of Italy Circular No. 285 - Title IV, Chapter 1, Section VII)

CONTENTS OF THIS

REPORT ON CORPORATE GOVERNANCE AND THE

OWNERSHIP STRUCTURE

Information on general aspects of organisational structure and corporate governance

Sections 1, 2, 4, 5 and 6

Indication of the category in which the bank is placed as a result of the assessment process pursuant to section I, paragraph 4.1 of the “supervisory regulations”

Section 1

Total number of members of the collegiate bodies in office and reasons for any extra members with respect to the limits set in the application guidelines contained in Section IV of the “Supervisory Regulations”

Section 1

Distribution of the members of the collegiate bodies by age, gender and length of time in office

Tables 2, 3 and 4

Number of board members in possession of the requirements of independence

Sections 5 and 5

Number of board members representing minorities

Section 4 and Table 2

Number and type of positions held by each senior officer of the bank in other companies and entities

Attachment A

Number and names of board committees, their functions and responsibilities

Section 6

Succession policies in place, number and type of positions concerned

Section 7


Table No. 1: Checklist

Principles and Criteria of the Corporate Governance Code

App

lied

(incl

udin

g w

ith

adap

tatio

ns)

Not

app

lied

Section Reference

1. ROLE OF THE BOARD OF DIRECTORS 1.P.1 The issuer is guided by a Board of Directors that meets at regular intervals and

organises itself and works in a manner that ensures the effective performance of its functions.

SECT 4.4

1.P.2. The directors act and take decisions independently and on an informed basis, pursuing the primary objective of creating wealth for shareholders over a medium to long-term time horizon.

SECT 4.4

1.C.1. The Board of Directors: a) examines and approves the strategic, business and financial plans of the issuer and the Group it leads, periodically monitoring its implementation; it defines the system of corporate governance of the issuer and the structure of the Group; b) defines the nature and level of risk that is compatible with the issuer’s strategic objectives, including in its assessments all the risks that might be significant with a view to the sustainability of the issuer’s activities in the medium to long-term; c) assesses the adequacy of the organisational, administrative and financial structures of the issuer and its strategic subsidiaries, with particular reference to the internal control and risk management system; d) establishes the intervals (at least quarterly) at which the authorised bodies must report to the Board on the activities performed in the use of the powers granted to them; e) assesses general business performance, taking account of information received from the authorised bodies and periodically comparing the results achieved with those planned; f) takes decisions concerning the transactions of the issuer and its subsidiaries, when those transactions have significant strategic, operating, capital or cash flow importance for the issuer itself. In order to achieve this it establishes general criteria for the identification of significant transactions; g) at least once a year, carries out an assessment of the functioning, size and composition of the Board of Directors and the board committees, with account also taken of factors such as professionalism and experience, including managerial experience and the gender of its members as well as length of service in office, and also the diversity criteria referred to in Art. 2. If the Board of Directors makes use of external consultants for self-assessment purposes, the Corporate Governance Report provides information on the name of the consultants and any other services they provide to the issuer or companies in a control relationship with it; h) having taken account of the outcomes of the assessment referred to under g) and before the appointment of the new Board, it provides the shareholders with guidance on the managers and professionals it considers it advisable to have on the Board, while also having regard to the diversity criteria recommended in Art. 2; i) provide information in the Corporate Governance Report on (1) its composition, indicating for each member the qualification (executive, non-executive, independent), the relevant role held within the Board of Directors (including by way of example, chairman or chief executive officer, as defined by article 2), the main professional characteristics as well as the duration of his/her office since the first appointment; (2) the application of article 1 of this Code and, in particular, on the number and average duration of meetings of the Board and of the executive committee, if any, held during the fiscal year, as well as the related percentage of attendance of each director; (3) how the self-assessment procedure as at previous item g) has developed; (4) goals, tools and results of diversity criteria applied according to art. 2 and 8; j) in order to ensure the correct handling of corporate information, adopt, upon proposal of the managing director or the chairman of the Board of Directors, internal procedures for the internal handling and disclosure to third parties of information concerning the issuer, having special regard to price sensitive information.

SECT 4 SECT.13

1.C.2. Directors accept appointment only if they consider themselves able to devote the necessary time to the diligent performance of their duties, taking into account the commitments associated with their working and professional lives, the number of appointments as director or auditor they hold with other companies listed on organised

SECT 4.3 Attachment A



App

lied

(incl

udin

g w

ith

adap

tatio

ns)

Not

app

lied

Section Reference

markets (including those abroad), in financial companies, banks, insurance companies or companies of significant size. The Board, on the basis of information received from the Directors, reports on the positions as director or statutory auditor held by directors in the aforementioned companies each year in the Corporate Governance Report.

1.C.3. The Board gives its guidance on the maximum number of positions as a director or statutory auditor in the companies referred to above that can be considered compatible with the effective performance of the position of director of the issuer, taking account of the board committees of which directors are also members. For this purpose it identifies general criteria, differing on the basis of the commitment connected with each role (executive, non-executive or independent director), also in relation to the type and size of the companies in which they have positions and whether or not they are a part of the issuer’s Group.

SECT 4.3

1.C.4. If the Shareholders’ Meeting, in order to meet needs of an organisational nature, authorises any general or advance exception to the prohibition on competition contained in Art. 2390 of the Civil Code, the Board of Directors assesses in this respect each type of problem and reports any critical situations to the first possible shareholders’ meeting; To achieve this, each director informs the board of any activities they perform in competition with the issuer when they accept the post and, subsequently, all significant changes.

SECT 4.3

1.C.5. The Chairman of the Board of Directors ensures that the documentation relating to the matters on the agenda are brought to the knowledge of the directors and statutory auditors in good time before the date of the board meeting. In the Corporate Governance Report the Board of Directors provides information on the promptness and completeness with which information is provided before board meetings, including information on the notice generally considered appropriate for the information to be sent and stating whether this time limit is normally complied with.

SECT 4.4

1.C.6. The chairman of the Board of Directors, also at the request of one or more directors, may ask the executive directors to arrange for meetings to be attended by senior managers of the issuer and of the group companies it heads, who are responsible for the relevant corporate functions based on the subject matter concerned, in order to provide additional input with regard to the items on the agenda. The Corporate Governance Report shall provide details of their actual attendance.

Sect 4.4

2. COMPOSITION OF THE BOARD OF DIRECTORS 2.P.1. The Board of Directors shall be composed of executive and non-executive members,

who have adequate skills and professional expertise. SECT 4.3

2.P.2. The non-executive directors shall bring their specific expertise to board discussion,

contributing to knowledgeable decision-making and taking particular care over areas in which conflicts of interest could arise.

SECT 4.3

2.P.3. The number, expertise and authoritativeness of non-executive Directors and the time they make available are sufficient to ensure that their judgements have a significant weight when Board decisions are made.

SECT 4.3

2.P.4. The issuer shall apply diversity criteria, including gender-related criteria, in the composition of the Board of Directors, in accordance with the priority objective of ensuring adequate expertise and professional capability of its members.

SECT 4.3

2.P.5. It is best to avoid appointing a single person to more than one corporate position. SECT 4.3 2.P.6. Where the Board of Directors has assigned management powers to the Chairman, it

shall provide suitable disclosure in the Corporate Governance Report on the reasons for this organisational decision.

SECT 4.3

2.C.1. The following shall be classified as executive directors of the issuer: - executive directors of the issuer or of a subsidiary of strategic importance, including their chairmen when they are assigned individual management powers or when they have a specific role in the development of corporate strategies; - directors who hold managerial positions in the issuer or in a subsidiary of strategic importance, or in the parent company when the position also involves the issuer; - directors who are members of the issuer’s executive committee, when no chief executive officer has been identified or when participation in the executive committee, in view of the frequency of the meetings and the subject of the related resolutions, actually entails the systematic involvement of its members in the day-to-day management of the issuer. The assignment of vicarious powers or solely for urgent matters to directors that do not have management powers does not, in itself, qualify them as executive directors, unless those powers are actually used with considerable frequency.

SECT 4.3



App

lied

(incl

udin

g w

ith

adap

tatio

ns)

Not

app

lied

Section Reference

2.C.2. Directors are required to know the duties and responsibilities relating to their role. The Chairman of the Board of Directors ensures that, following their appointment and during their mandate, the directors and statutory auditors can take part, in the most appropriate ways, in initiatives for the purpose of providing them with an adequate level of knowledge of the activity sector in which the issuer operates, business dynamics and trends, principles of correct risk management and the relevant regulatory and self-regulatory framework. In the Corporate Governance Report the issuer reports on the type and organisational procedures for the initiatives that have taken place during the year in question.

SECT 4.3

2.C.3.

At least a third of the of the Board of Directors consists of directors of the less represented gender.

SECT 4.3

2.C.4. The Board of Directors shall designate an independent director as Lead Independent Director, in the following cases: (i) if the Chairman of the Board of Directors is the Chief Executive Officer; (ii) if the position of Chairman is held by the person who controls the issuer. The Board of Directors of issuers belonging to the FTSE MIB Index shall appoint a Lead Independent Director if this is requested by the majority of the independent directors, unless the Board decides otherwise in a reasoned decision to be disclosed in the Corporate Governance Report.

SECT 4.3

2.C.5.

The Lead Independent Director: a) shall be the liaison and co-ordinator for requests and contributions from the non-executive directors and, in particular, from the directors that qualify as independent in accordance with Art. 3 below; b) the Lead Independent Director shall work with the Chairman of the Board of Directors to ensure that directors receive full and prompt information flows.

SECT 4.3

2.C.6. The Chief Executive Officer of an issuer (A) shall not accept a directorship at another issuer (B) of which a director of issuer (A) is Chief Executive Officer, if it is not part of the same group.

Attachment A

3. INDEPENDENT DIRECTORS 3.P.1. A sufficient number of non-executive directors shall be independent, meaning that they

do not have, nor have they recently had, either directly or indirectly, any relations with the issuer or parties linked to the issuer that could currently affect their independence of mind.

SECT 4.3

3.P.2. The independence of directors is assessed by the Board of Directors when they are appointed and then annually. The outcome of the Board’s assessments is communicated to markets.

SECT 4.3

3.C.1. The Board of Directors assesses the independence of its non-executive members having regard to substance rather than form and bearing in mind that a director is not normally considered independent in the following cases, which should not be considered exhaustive: a) if they control the issuer, either directly or indirectly even through subsidiaries, trust companies or intermediaries or are able to exert significant influence over it or are a party to shareholders’ agreements through which one or more entities may exercise significant control or influence over the issuer; b) if they are, or have been in the three previous years, a senior officer of standing of the issuer, of one of its subsidiaries of strategic importance or of a subsidiary subject to common control with the issuer, or of a company or entity which, even together with others through a shareholders’ agreement, controls the issuer or is able to exert significant influence over it; c) if they have, or had in the previous year, either directly or indirectly, (e.g. through subsidiaries or companies in which they play a significant role, or have influence as a partner of a professional firm or consulting company) a significant commercial, financial or professional relationship: with the issuer, one of its subsidiaries or any of the relative senior officers; with a person or entity which, even together with others through a shareholders’ agreement, controls the issuer, or – in the case of a company or entity – with the relative senior officers; or they are, or have been in the previous three years, an employee of any of the aforementioned entities; d) if they receive or have received in the three previous years, from the issuer or from any of its subsidiaries or its parent companies, a significant additional remuneration (with respect to the “set” emoluments of a non-executive director of the issuer and to the compensation for attending committees recommended by this Code), including in the form of participation in incentive schemes linked to company performance, including share based payments;

SECT 4.3



App

lied

(incl

udin

g w

ith

adap

tatio

ns)

Not

app

lied

Section Reference

e) if they have been a director of the issuer for more than nine years in the last twelve years; f) if they occupy the post of executive director in another company in which an executive director of the issuer is a director;

g) if they are either shareholders, or directors of a company or entity belonging to the network of companies appointed for the statutory audit of the accounts of the issuer; h) if they are a close family relative of a person who finds him/herself in any of the situations referred to in the previous points.

3.C.2. For the purposes of the above, the following shall be considered “senior officers” of a company or entity: the chairman of the entity, the chairman of the board of directors, and the executive directors and key management personnel of the company or entity concerned.

SECT 4.3

3.C.3. The number and expertise of the independent directors shall be adequate in relation to the size of the Board and the activity carried on by the issuer. They shall also be sufficient to enable the establishment of committees within the Board, in accordance with the instructions contained in the Code. At least a third of the Board of Directors of issuers belonging to the FTSE MIB index shall consist of independent directors. If that portion does not correspond to a whole number, the number is rounded down. In any event, there shall be no fewer than two independent directors.

SECT 4.3

3.C.4. After a director who qualifies as independent has been appointed and, subsequently, when circumstances arise that are relevant for the purposes of independence and in any case at least once a year, the Board of Directors, based on the information provided by the person concerned or available to the issuer, shall assess the relationships that could or appear to be able to compromise that director’s independent of mind. The Board of Directors shall disclose the result of its assessments, after the appointment, by means of a press release to the market, and, subsequently, in the Corporate Governance Report. In these documents, the Board of Directors shall: - report whether assessment parameters different from those indicated in the Code have been adopted, also for individual directors, and, if so, the reasons why; - describe the quantitative and/or qualitative criteria that may be used to assess the significance of the relationships examined.

CA.4.3

3.C.5. The Board of Statutory Auditors, as part of the duties assigned to it by law, shall check that the assessment criteria and procedures of adopted by the Board to assess the independence of its members have been implemented correctly. The results of these checks shall be disclosed to the market in the Corporate Governance Report or in the Statutory Auditors’ Report to Shareholders.

SECT 4.3

3.C.6. The independent directors shall meet at least once a year in the absence of the other directors.

SECT 4.3

4. CREATION AND FUNCTIONING OF THE INTERNAL COMMITTEES OF THE BOARD OF DIRECTORS 4.P.1. The Board of Directors shall establish several committees from among its members

with consultative and proposal-making functions, as detailed in the articles below. SECT 6

4.C.1. The establishment and functioning of the committees envisaged by the Code shall meet

the following criteria: a) the committees shall be composed of no less than three members. However, in issuers whose Board of Directors is composed of no more than eight members, committees may be composed of only two directors, provided they are independent. The work of the committees shall be coordinated by a chairman; b) the tasks of the individual committees shall be set out in the resolution establishing the committees and may be supplemented or amended by subsequent resolution of the Board of Directors; c) the functions assigned by the Code to the different committees may be allocated differently or assigned to a smaller number of committees than envisaged by the Code, provided the rules established by the Code governing their composition are observed and the achievement of the underlying objectives is ensured; d) minutes shall be taken of the meetings of each committee and the chairman of the committee shall report on them at the next Board of Directors meeting; e) in the performance of their functions the committees shall have access to the information and corporate functions necessary for the performance of their duties and

SECT 6



App

lied

(incl

udin

g w

ith

adap

tatio

ns)

Not

app

lied

Section Reference

may use external consultants according to conditions established by the Board of Directors. The issuer shall allocate funds to the committees that are sufficient

for it to perform its duties, within the limits of the budget approved by the Board of Directors; f) the meetings of each committee may be attended by non-members of the committee, including other members of the issuer’s Board or organisation, upon invitation from the committee in respect of specific items on the agenda; g) the issuer shall provide suitable disclosure, in its Corporate Governance Report, regarding the establishment and composition of the committees and the content of the task assigned to them, and, based on the information provided by each committee, also regarding the work actually carried out during the year, the number and average duration of the meetings held and the percentage attendance by each member.

4.C.2. The establishment of one or more committees may be avoided by assigning their functions to the Board as a whole, under the co-ordination of the Chairman, subject to the following conditions: (i) the independent directors shall represent at least half of the Board of Directors, rounded down to the nearest whole number if there is an odd number of board members; (ii) sufficient room shall be given in the Board meetings for the committees to perform the functions that are assigned to them by the Code, and details of this shall be provided in the Corporate Governance Report; (iii) solely for the Audit and Risk Committee, the issuer shall not be controlled by another listed company, or subject to management and co-ordination. The Board of Directors shall provide a detailed description in the Corporate Governance Report of the reasons why it has decided not to establish one or more committees. In particular, it shall provide suitable justification of the decision not to establish an Audit and Risk Committee due to the issuer’s degree of complexity and sector of operations. The Board shall also periodically review the choice made.

SECT 6

5. APPOINTMENT OF DIRECTORS 5.P.1. The Board of Directors shall establish an internal Appointments Committee, consisting

of a majority of non-executive directors. SECT 6

5.C.1. The Appointments Committee shall be assigned the following functions:

a) submitting opinions to the Board of Directors on the size and composition of the Board and making recommendations on the presence on the Board of professional roles that are considered necessary, in addition to the matters referred to in articles 1.C.3 and 1.C.4; b) proposing candidates to the Board of Directors for the post of Director in the event of co-opting members and replacing independent Directors when necessary.

SECT 6

5.C.2. The Board of Directors shall consider whether to adopt a succession plan for executive directors. If it has adopted such a plan, the issuer shall disclose this in its Corporate Governance Report. The preparation work for the plan shall be carried out by the Appointments Committee or by another Board committee designated for this purpose.

SECT 7

6. DIRECTORS' REMUNERATION

6.P.1. The remuneration of directors and key management personnel shall be set at a level sufficient to attract, keep and motivate people with the professional abilities required to successfully manage the issuer.

SECT 7

6.P.2. The remuneration of the executive directors and the key management personnel shall be set in a manner that aligns their interests with the pursuit of the primary objective of creating wealth for shareholders over a medium- to long-term time horizon. For directors who have been assigned management powers or who, including solely on a de facto basis, perform functions related to the management of the company, as well as for key management personnel, a significant part of the remuneration shall be linked to the achievement of specific performance objectives, both financial and non-financial, which shall be specified in advance and set in accordance with the guidelines contained in the policy referred to in principle 6.P.4 below. The remuneration of non-executive directors shall be commensurate to the

SECT 7



App

lied

(incl

udin

g w

ith

adap

tatio

ns)

Not

app

lied

Section Reference

commitment required from each of them, also taking into account whether they are members of one or more committees.

6.P.3. The Board of Directors shall establish an internal Remuneration Committee, consisting of independent directors. Alternatively, the committee may be composed of non-executive directors, the majority of whom shall be independent, in which case the chairman of the committee shall be selected from among the independent directors. At least one member of the Committee shall possess adequate knowledge and experience in financial matters or remuneration policies, to be assessed by the Board of Directors when the appointment is made.

SECT 6

6.P.4. The Board of Directors, based on a proposal from the Remuneration Committee, shall establish a policy for the remuneration of directors and key management personnel.

SECT 4.1

6.P.5. In the event of a director retiring from office and/or the termination of the employment relationship of an executive director or a general manager, after the internal processes that lead to the award or payment of indemnities and/or other benefits has been concluded, the issuer shall provide detailed information in this regard by means of a press release to the market.

SECT 7

6.C.1. The policy for the remuneration of executive directors or directors appointed to particular posts, shall provide guidelines regarding the following aspects and criteria: a) the fixed component and the variable component shall be appropriately balanced

according to the issuer’s strategic objectives and risk management policy, also taking into account its sector of operations and the nature of the business conducted;

b) upper limits shall be established for the variable components; c) the fixed component shall be sufficient and appropriate to remunerate the director’s

services in the event that the variable component is not paid, due to failure to achieve performance objectives set by the Board of Directors;

d) the performance objectives – i.e. the financial results and any other specific objectives that the payment the variable components is linked to (including the objectives set for share-based compensation schemes) – shall be set in advance, measurable and linked to the creation of wealth for shareholders over a medium- to long-term time horizon;

e) the payment of a significant part of the variable component of remuneration shall be deferred for a suitable period of time from the when it becomes vested, and the amount of this part and the duration of the deferral shall be consistent with the nature of the business conducted and the related risk profiles;

f) contractual clauses shall be established that allow the company to request the repayment, in whole or in part, of the variable components of remuneration paid (or to withhold deferred sums), which have been determined based on data that has subsequently been found to be evidently incorrect;

g) any indemnity established for early termination or non-renewal of the directorship shall be set so that its total amount does not exceed a particular amount or number of years of remuneration. This indemnity shall not be paid if the termination of the relationship is due to the achievement of results that are objectively inadequate.

SECT 7

6.C.2. When drawing up share-based compensation schemes, the Board of Directors shall ensure that: a) shares, options and any other rights assigned to the directors to purchase shares or

to be remunerated based on share price movements have an average vesting period of at least three years;

b) the vesting according to point a) is subject to pre-set measurable performance objectives;

c) the directors retain a portion of the shares assigned or purchased through the exercise of the rights specified in point a) until the end of their term of office.

SECT 7

6.C.3. Criteria 6.C.1 and 6.C.2 are compatible and therefore also apply to the determination, by the bodies delegated to do this, of the remuneration of key management personnel; The incentive schemes for the head of the internal audit function and the senior officer responsible for preparing the company accounting documents shall be consistent with the duties assigned to them.

SECT 7



App

lied

(incl

udin

g w

ith

adap

tatio

ns)

Not

app

lied

Section Reference

6.C.4. Remuneration of non-executive directors shall not be linked to the profits of the issuer, other than for an immaterial amount. The non-executive directors shall not be beneficiaries of share-based compensation schemes, unless approved by reasoned decision by the Shareholders’ Meeting.

SECT 7

6.C.5. The Remuneration Committee shall: - periodically assess the appropriateness, overall consistency and actual implementation of the policy for the remuneration of directors, key management personnel and other senior managers, making use, with regard to the latter, of information supplied by the executive directors; and submit proposals to the Board of Directors in this regard; - submits proposals or express opinions to the Board of Directors on the remuneration of executive directors and other directors who occupy specific positions and on the setting of performance objectives in relation to the variable component of that remuneration; monitors the implementation of decisions made by the Board itself, verifying the actual achievement of the performance objectives;

SECT 6

6.C.6.

No Directors may participate in meetings of the Remuneration Committee in which proposals are made the Board of Directors regarding their own remuneration.

SECT 6

6.C.7. If the Remuneration Committee intends to use the services of a consultant to obtain information on market practices concerning remuneration policies, it shall first verify that the consultant is not in any situation that would compromise its independence of judgement.

SECT 6

6.C.8. The communication to the market referred to in principle 6.P.5 shall include: a) adequate information on the indemnity and/or other benefits, including the amount involved and the timing of payment – distinguishing between the part paid immediately and the part that may be subject to deferment and between the components allocated due to the position held as director and those relating to any employee relationships – as well as any repayment clauses, with particular regard to: - indemnities for end-of-term-of-office and end-of-employment relationship, specifying the circumstances that have made them become due (e.g. termination of office, revocation of office, or settlement agreement); - maintenance of the rights attached to any monetary incentive schemes based on financial instruments; - (monetary or non-monetary) post-employment benefits; - non competition commitments, with a description of their main contents; - any other remuneration awarded for any reason and in any form; b) information on whether or not the indemnity and/or other benefits comply with the instructions contained in the remuneration policy, and, if they do not comply either partially or otherwise with the instructions in the remuneration policy, information on the resolution procedures adopted in implementation of the Consob rules on related-party transactions; c) details regarding whether or not any mechanisms are applied that impose restrictions or adjustments in relation to the payment of the indemnity when the termination of the relationship is due to the achievement of results that are objectively inadequate, as well as details of any requests made for the repayment of any remuneration already paid; d) information regarding whether the replacement of the outgoing executive director or general manager is governed by a succession plan adopted by the company and, in any event, details of the procedures that have been or will be adopted for the replacement of the manager or director.

SECT 7

7. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM 7.P.1. Each issuer shall set up an internal risk management and control system consisting of a

set of rules, procedures and organisational structures designed SECT 11



App

lied

(incl

udin

g w

ith

adap

tatio

ns)

Not

app

lied

Section Reference

to enable the identification, measurement, management and monitoring of the main risks. This system shall be integrated within the more general organisational structure and corporate governance adopted by the issuer and shall give due consideration to existing standard models and national and international best practices.

7.P.2. An effective internal control and risk management system helps ensure that the management of the company is consistent with the business objectives established by the Board of Directors, in addition to facilitating informed decision-making. It contributes to guaranteeing the protection of company assets, the efficiency and effectiveness of company processes, the reliability of the information provided to the corporate bodies and the market, and compliance with laws and regulations and with the articles of association and internal procedures.

SECT 11

7.P.3. The internal risk management and control system shall involve the following, each to the extent of their responsibilities: a) The Board of Directors, which performs the role of setting policies for the system and assessing its adequacy, and selects the following from among its members: (i) one or more directors who are given responsibility for the creation and maintenance of an effective internal control and risk management system (below Article 7, “director/s responsible for the internal control and risk management system”); and (ii) an Audit and Risk Committee, with the characteristics set out in principle 7.P.4, which, by carrying out the appropriate fact-finding, has the task of supporting the Board of Directors in its assessments and decisions relating to the internal control and risk management system and also those relating to the approval of periodic financial reports; b) the head of the Internal Audit Function, responsible for verifying that the internal control and risk management system is functioning and adequate; c) the other company roles and functions with specific tasks relating to internal control and risk management, structured according the company’s size, complexity and risk profile; d) the Board of Statutory Auditors, also acting as the Committee for Internal Control and Auditing, which is responsible for monitoring the effectiveness of the internal control and risk management system. The issuer shall establish procedures for the co-ordination between the parties listed above in order to maximise the efficiency of the internal control and risk management system and reduce duplication of work.

SECT 11

7.P.4. The Audit and Risk Committee shall be composed of independent directors. Alternatively, the committee may be composed of non-executive directors, the majority of whom are independent, in which case the chairman of the committee shall be chosen from among the independent directors. If the issuer is controlled by another listed company or is subject to the management and co-ordination of another company, the committee shall, in any event, be composed solely of independent directors. At least one member of the Committee shall possess adequate experience in finance and accounting or in risk management, to be assessed by the Board of Directors when the appointment is made.

SECT 6

7.C.1. Subject to the opinion of the Audit and Risk Committee, the Board of Directors shall: a) define the guidelines for the internal control and risk management system, so that the principal risks to which the issuer and its subsidiaries are exposed are correctly identified and adequately measured, managed and monitored. It shall also determine the degree to which risks are compatible with management of the company that is consistent with its strategic objectives; b) assess, at least annually, the adequacy of the internal control and risk management system with respect to the nature of the company, its risk profile and also its effectiveness; c) approve, at least annually, the working plan drawn up by the Head of the Internal Audit Function, after consultation with the Board of Statutory Auditors and the Director with responsibility for the internal control and risk management system; d) provide a description, in the Corporate Governance Report, of the main characteristics of the internal control and risk management system and the procedures for co-ordination between the parties involved, providing an assessment of

SECT 4.1



App

lied

(incl

udin

g w

ith

adap

tatio

ns)

Not

app

lied

Section Reference

its adequacy; e) after consultation with the board of statutory auditors, it assesses the results furnished by the external statutory auditor in its letter of recommendations (if provided) and in its report on basic issues arising from its external statutory audit. On the basis of a proposal submitted by the Director with responsibility for the internal control and risk management system, subject to the approval of the Audit and Risk Committee and after consultation with the Board of Statutory Auditors, the Board of Directors shall: - appoint and remove the Head of the Internal Audit Function; - ensure that he or she has adequate resources to fulfil his or her responsibilities; - set his or her remuneration in line with company policies.

7.C.2. In its work to support the Board of Directors, the Audit and Risk Committee: a) shall assess, together with the manager appointed to prepare the corporate accounting documents and after consultation with the external statutory auditors and the Board of Statutory Auditors, the correct use of accounting policies and, in the case of groups, their consistency in the preparation of the consolidated financial statements; b) shall express opinions on specific aspects concerning the identification of the main corporate risks; c) shall examine periodic reports for the assessment of the internal control and risk management system and those of particular importance prepared by the Internal Audit Function; d) shall monitor the independence, adequacy, effectiveness and efficiency of the Internal Audit Function; e) may request the Internal Audit Function to investigate specific operational areas, reporting promptly to the Chairman of the Board of Statutory Auditors; f) shall report to the board, at least half-yearly, when annual and interim financial reports are approved, on its activities and also on the adequacy of the internal control and risk management system; g) shall, through appropriate fact-finding, support the assessments and decisions of the Board of Directors concerning the management of risks arising from adverse events that the Board of Directors becomes aware of.

SECT 6

7.C.3. At least the Chairman of the Board of Statutory Auditors or another statutory auditor designated by him or her shall take part in the proceedings of the Audit and Risk Committee. However, the other statutory auditors may also take part.

SECT 6

7.C.4. The Director with responsibility for the internal control and risk management system: a) shall be responsible for identifying the main corporate risks, taking into account the nature of the business conducted by the issuer and its subsidiaries, and shall submit them periodically to the examination of the Board of Directors; b) shall implement the guidelines defined by the board of directors and oversee the design, implementation and management of internal control and risk management system, constantly checking its overall adequacy, efficiency and effectiveness; c) shall adapt the system to changes in operating conditions and in the legislative and regulatory framework; d) may request the Internal Audit Function to investigate specific operational areas and compliance with internal rules and procedures in carrying out company operations, reporting promptly to the chair of the board of directors, to the chair of the audit and risk committee and to the chair of the board of statutory auditors; e) shall report promptly to the audit and risk committee (or to the board of directors) with regard to problems and difficulties found in carrying out their activities or of which they have nevertheless learnt, so that the committee (or the board) make undertake appropriate initiatives.

SECT 11.1

7.C.5. The Head of the Internal Audit Function: a) oversees, both on a continuous basis and in relation to specific needs and in observance of international standards, the functioning and the adequacy of the internal control and risk management system, by carrying out an audit plan approved by the Board of Directors, based on a structured process to analyse and prioritise the main risks; b) has no responsibility for any operational area and reports to the Board of Directors; c) has direct access to all information useful for performing his/her duties; d) prepares periodic reports containing adequate information on his activities, on the procedures employed to manage risks and on compliance with the plans drawn up to

SECT 11.2



App

lied

(incl

udin

g w

ith

adap

tatio

ns)

Not

app

lied

Section Reference

mitigate them. These periodic reports contain an assessment of the appropriateness of the internal control and risk management system; e) promptly prepares reports on events of particular importance; f) shall submit the periodic reports referred to in points d) and e) to the chairmen of the Board of Statutory Auditors, the Audit and Risk Committee, and the Board of Directors, and to the Director with responsibility for the internal control and risk management system; g) as part of the audit plan, oversees the reliability of IT systems, including those responsible for bookkeeping.

7.C.6. The internal audit function may be assigned, as a whole or for particular operating segments, to a party external to the issuer, provided that party has sufficient professional capabilities, independence and organisational capacity. The adoption of such organisational choices, which must be duly justified, shall be communicated to shareholders and the market in the Corporate Governance Report.

11.2

8. Statutory Auditors 8.P.1. Statutory auditors act with autonomy and independence even with regard to the

shareholders that have elected them. SECT. 5

8.P.2. The issuer shall apply diversity criteria, including gender-related criteria, with regard to the composition of the Board of Statutory Auditors.

SECT. 5.3

8.P.3. The issuer shall implement measures to ensure the effective performance of the duties of the Board of Statutory Auditors.

SECT. 5

8.C.1. The Statutory Auditors shall be selected from among those that qualify as independent, also based on the criteria set out in this Code for the directors. The Board of Statutory Auditors shall check the compliance with those criteria after the appointment and, subsequently, on an annual basis, and shall send the results of those checks to the Board of Directors, which shall communicate them, after the appointment, through a press release to the market and, subsequently, in the Corporate Governance Report, in same manner as required for the directors.

SECT. 5.3

8.C.2. The Statutory Auditors shall accept the office when they believe they can devote the necessary time to the diligent performance of their duties.

SECT. 5.3

8.C.3. At least one third of the standing and alternate members of the Board of Statutory Auditors shall be auditors of the least represented gender.

SECT. 5.3

8.C.4. The remuneration of the Statutory Auditors shall be commensurate to the commitment required, to the importance of the position held and also to the size of the company and its sector of operations.

SECT. 7

8.C.5. Any Statutory Auditor who holds a personal or third party interest in a specific transaction of the issuer must inform the other Statutory Auditors and the Board of Directors in a timely and thorough manner about the nature, terms, origin and extent of his or her interest.

SECT. 12

8.C.6. In performing their duties, the Statutory Auditors may request the Internal Audit Function to investigate specific operational areas or company operations.

5.1

8.C.7. The Board of Statutory Auditors and the Audit and Risk Committee shall promptly exchange significant data and information required for the performance of their respective duties.

SECT. 5.4

9. RELATIONS WITH SHAREHOLDERS 9.P.1. The Board of Directors shall promote initiatives aimed at encouraging the widest

possible participation of shareholders at shareholders’ meetings and at facilitating the exercise of the shareholders’ rights.

SECT 15

9.P.2. The Board of Directors shall endeavour to establish ongoing dialogue with shareholders based on an understanding of each other’s roles.

SECT. 15

9.C.1. The Board of Directors shall ensure that a person responsible for managing relations with shareholders is identified and shall periodically assess the need to establish a corporate structure responsible for this function.

SECT. 14

9.C.2. Normally all directors take part in general meetings. Shareholders’ Meetings are SECT. 15


also opportunities for communicating information to shareholders on the issuer, in compliance with the rules on inside information. Specifically, the Board of Directors shall report to the Shareholders’ Meeting on the activities performed and planned and shall ensure that shareholders are provided sufficient information to enable them to make the decisions required of the Shareholders’ Meeting with full knowledge of the facts.

9.C.3. The Board of Directors shall propose regulations to shareholders setting out the procedures to be adopted for holding Shareholders’ Meetings in an ordered and functional manner, whilst also guaranteeing the right of each shareholder to speak on the matters discussed.

SECT. 15

9.C.4. The Board of Directors, in the event of significant changes in the market capitalisation of the issuer’s shares or in the composition of its shareholder structure, shall consider the need to submit a proposal to the Shareholders’ Meeting for changes to the articles of association concerning the percentages established for the exercise of the actions and rights established for the protection of minorities.

SECT. 15

10. TWO-TIER AND ONE-TIER SYSTEMS OF MANAGEMENT AND CONTROL 10.P.1 If a two-tier or one-tier management and control system is adopted the above articles

shall apply insofar as compatible, adapting individual provisions to the particular system adopted, consistently with the objectives of good corporate governance, transparency of information and protection of investors and the markets pursued by the Code and in the light of the criteria provided by this article.

SECT. 3

10.P.2. If the adoption of a new administration and control system is proposed, the directors shall inform the shareholders and the market of the reasons for the proposal and how the Code will be applied to the new management and control system.

SECT 1 and 3

10.P.3. In the first Corporate Governance Report published after the change in the management and control system, the issuer shall provide a detailed description of how the Code has been applied to the system. This information shall also be published in subsequent reports, detailing any changes in how the Code is being implemented in the management and control system selected.

SECT. 3

10.C.2. If the one-tier administration and control system has been adopted, the application of the Code shall be based on the following criteria: a) the articles of the Code referring to the Board of Directors, the Board of Statutory Auditors, or their members shall be generally applicable, respectively, to the Board of Directors, the Management Control Committee and their members; b) the functions assigned to the Audit and Risk Committee envisaged by Art. 7 of this Code may be reported to the Management Control Committee envisaged by Art. 2409-octiesdecies of the Italian Civil Code, if it meets the criteria governing composition set out in said Art. 7.

SECT. 3


Table No. 2 “Art. 123-bis - Report on corporate governance and the ownership structure”

Art. 123-bis - Report on corporate governance and the ownership structure

Section

Reference

1. The report on the management of companies that issue securities admitted to trading on regulated markets contains a specific section, entitled: “Report on corporate governance and the ownership structure”, detailed information regarding: a) the structure of the share capital, including securities that are not traded on a regulated market in a European Union Member State, with details of the various share classes and, for each share class, the related rights and obligations and the percentage of the share capital they represent;

Section 2a and Summary Table 1

b) any restrictions on the transfer of securities, such as limitations on the holding of securities or the need to obtain approval from the company or other holders of securities;

Section 2b

c) significant holdings in share capital, both direct and indirect, for example through pyramid structures or cross holdings, as indicated in communications made in accordance with Article 120;

Section 2c and Summary Table 1

d) if known, the holders of any title conferring special controlling rights and a description of those rights; Section 2d

e) the mechanism for the exercise of voting rights envisaged in any employee shareholding system, where the voting rights are not exercised directly by employees;

Section 2e

f) any restrictions on voting rights, such as voting rights restricted to a particular percentage or number of votes, time limits imposed for the exercise of voting rights, or systems through which, with the cooperation of the company, the financial rights attaching to the securities are separated from possession of the securities;

Section 2f

g) agreements that are known to the company in accordance with Art. 122; Section 2g

h) significant agreements that the company or its subsidiaries are parties to and that become effective, are modified or are terminated in the event of a change of control of the company, together with the effects of those agreements, unless the their nature is such that their disclosure would cause serious harm to the company; this exemption shall not apply where the company has a specific obligation to disclose such information under other legal provisions;

Section 2h

i) agreements between the company and directors, members of the management board or the supervisory board, which provide for the payment of indemnities in the event of resignation, dismissal without just cause or where the contract of employment is interrupted following a public tender offer;

Section 7

l) the regulations for the appointment and replacement of directors and members of the management and supervisory boards and for amendments to the articles of association, if different from the laws and regulations applicable on a supplementary basis;

Sections 4.2, 5.2 and 6

m) the existence of authorisation powers for increases in share capital pursuant to Article 2443 of the Italian Civil Code or the power of the directors or members of the management board to issue equity financial instruments and authorisations for the purchase of own shares.

Section 2i

2. In the same section of the report on operations referred to in paragraph 1, information shall be provided regarding: a) adherence to a corporate governance code promoted by management companies of regulated markets or trade associations, stating the reasons for any failure to adhere to one or more of its provisions, as well as the corporate governance practices actually adopted a by the company beyond those required by the laws or regulations. The company shall also state where the corporate governance code that it adheres to is available to the public;

Section 3

b) principal characteristics of the risk and internal control management system in relation to financial reporting processes, including consolidated reporting where applicable;

Attachment B

c) the procedures for the functioning of shareholders’ meetings, its principal powers, the shareholder rights and the procedures for exercising them, if different from those laid down in the laws and regulations applicable on a supplementary basis;

Section 15

d) composition and functioning of management and control bodies and their committees Sections 4.3, 4.4, 5.3, 5.4 and 6

d-bis) a description of the diversity policies adopted in relation to the composition of the administration, management and control bodies with regard to aspects such as age, gender composition and educational and professional background, as well as a description of the objectives, methods of implementation and results of those policies. If no policy is adopted, the company shall provide a clear and detailed justification of the reasons for this choice.

Sections 4.3 and 5.3