(This English version is a courtesy translation from the Italian original document which remains the definitive version) Regulations of the Internal Control Committee of UBI Banca S.p.A. 22 nd December 2016
Regulations of the Internal Control Committee of UBI Banca S.p.A. Duties and rules for the functioning of the Committee (pursuant to Art. 41 of the Articles of Association) Introduction In accordance with article 41 of the Articles Association of UBI Banca S.p.A. (hereafter the Bank ), in compliance with the Supervisory Regulations for banks on the subject of corporate governance, internal controls, risk management issued by the Bank of Italy with Circular No. 285 (Title IV - Chapter 1) and in accordance with the recommendations contained in the Corporate Governance Code of Borsa Italiana S.p.A., these regulations approved by the Supervisory Board have been adopted, to govern the duties and functioning of the Internal Control Committee (hereafter the Committee ). Article 1 (Formation and Chairmanship) 1.1 The Committee is composed of between three and five board members chosen from among the members of the Supervisory Board with the exclusion of the Chairman of that Supervisory Board and in accordance with the combined provisions of articles 36, paragraph 7 and 41, paragraph 2 of the Articles of association, at least the majority must be chosen from among board members who are enrolled on the Register of Statutory Auditors and who have practised as statutory auditors of accounts for a period of not less than three years. 1.2 In its first meeting the Committee elects its Chairman, if not already appointed by the Supervisory Board, who must not be the Chairman of another committee. 1.3 If, for any reason whatsoever, the position of a Committee member is vacated, the Supervisory Board shall appoint a new member in accordance with the indications contained in the preceding paragraphs. 1.4 The duration of the mandate conferred on the Committee is the same as that of the Supervisory Board, which if, for any reason whatsoever, it is terminated in advance, causes the immediate termination of the Committee s mandate. 1.5 Justifiable grounds must be given for the removal of members of the Committee by the Supervisory Board. 2
1.6 Vacation of a position as a member of the Supervisory Board of the Bank also causes vacation of the relative position as a member of the Committee. Article 2 (Meetings and Resolutions) 2.1 The Committee meets periodically, and normally once each month, to carry out its functions and duties contained in the subsequent article 3 of these Regulations and nevertheless before meetings of the Supervisory Board which have the examination of reports of corporate control functions regarding their respective responsibilities on the agenda and also, in its capacity as the Committee for internal control and auditing of the accounts in accordance with article 19 of Legislative Decree No. 39 of 27 th January 2010 (see article 3.2 of these regulations), the approval of the proposed separate and consolidated financial reports and the examination of the half-year financial report and the quarterly financial reports. Meetings are also called whenever circumstances which require prompt investigation or examination occur. 2.2 Meetings of the Committee are chaired by the Chairman and in his absence by the most senior member by age. The Chairman conducts proceedings in meetings encouraging discussion and dialogue within the Committee. 2.3 In order to ensure the best possible co-ordination, the Chairman may convene joint meetings with other internal Board Committees, liaising with the relative Chairman in order to examine issues of common interest. 2.4 The Committee may meet at any location in the territory of Italy. 2.5 Meetings of the Committee are convened by the Chairman or, in the event of his absence or impediment, by the most senior member by age with notice of at least four days, by means of email, fax, telegram or registered letter, providing details of the items on the agenda; the relative documentation must be delivered to Committee members in good time in advance. For urgent matters it may be convened with 24 hours notice. 2.6 Meetings may be held by means of audio conference and/or video conference, on condition that all those participating can be identified and that they are able to follow the meeting and intervene at the same time in discussions of the issues addressed and that they are able to receive, transmit and view documents in real time. Once these conditions have been verified, the Committee meeting is considered as being held in the place where the Chairman of the meeting and the Secretary are. 2.7 Should the items on the agenda require it, the Chairman of the Supervisory Board may take part in the proceedings of the Committee on his request, subject to the prior consent of the 3
Chairman, or on invitation of the Chairman himself and the Chairwoman of the Management Board and the Chief Executive Officer may also be invited to take part in meetings. The Chief Audit Executive, the Chief Risk Officer, the Head of the Compliance Area and, for matters that regard their responsibilities pursuant to article 3.2, the Chief Financial Officer and the Senior Officer Responsible for accounting documents normally take part in meetings on invitation of the Chairman. Furthermore, the following persons whose presence is considered useful by the Committee may be invited to take part: the General Manager, when appointed, the Chief Operating Officer, the Chiefs of other Corporate Control Functions, other senior managers of internal units and functions of the Bank and the senior officers of the management and supervisory bodies of subsidiaries. A member of the Risk Committee may also be invited to meetings, if the person is not already a member of the Committee. Senior officers of the Independent Auditors engaged to carry out the statutory audit of the accounts may be invited to meetings in relation to matters pursuant to article 3.2. 2.8 The Chief Audit Executive is normally responsible for investigating matters to be submitted to the Committee. 2.9 The Committee shall appoint a Secretary who may be chosen from among the members of the Committee itself or selected from among employees of the Bank. 2.10 The attendance of the majority of the members is necessary for Committee meetings to be valid. The Committee passes resolutions with a vote in favour by the majority of those present in the meeting. 2.11 Minutes are written for each meeting and they are normally approved during the following meeting of the Committee. 2.12 The minutes approved, signed by the Chair of the meeting and by the Secretary, are recorded in a book of minutes kept and conserved by the Secretary. 2.13 Copies of notices to convene and the minutes of meetings must be sent in good time to the Chairman of the Supervisory Board. 2.14 Each member of the Supervisory Board may gain access to consult documents and information discussed by the Committee by making a request to the Chairman of the Committee itself. The same right is also held by the Independent Auditors who may also have access to consult the minutes of meetings and receive a copy of them. Article 3 (Functions and duties) 3.1 The Committee carries out activities with fact-finding, advisory and proposal making 4
functions to support the Supervisory Board in carrying out the supervisory functions assigned to it by the supervisory regulations in force from time to time (Circular No. 285 issued by the Bank of Italy, in particular). Furthermore, the Committee also supports the Supervisory Board with its supervisory functions pursuant to article 149, paragraphs one and three, of Legislative Decree No. 58 of 24 th February 1998. The Committee provides a point of reference for corporate internal control functions and units in order to increase the efficacy and efficiency of controls. For this purpose it is granted full powers to take initiatives and carry out controls on the activities of the Bank and also in its capacity as Parent and it may proceed at any time to carry out inspections and checks. In detail, the Committee supports the Supervisory Board in the following activities: - it oversees the functioning of the internal control system as a whole and ascertains the effectiveness of the units and functions involved in the system itself and that they are properly co-ordinated, initiating corrective action for shortcomings and irregularities where they are found; - assessment of the basic elements of the general architecture of the internal control system (powers, responsibilities, resources, information and management of conflicts of interest); - it oversees the completeness, adequacy, functionality and reliability of the RAF; - it oversees the process for calculating internal capital and the adequace of liquidity (inclusive of the ICAAP and ILAAP processes) and the completeness, adequacy, functionality and reliability of internal risk measurement systems for calculating capital requirements and that they comply with regulatory requirements; - it provides an opinion on the appointment and removal of the heads of the compliance, risk management and internal audit functions and the senior officer responsible for preparing the corporate accounting documents pursuant to article 154-bis of Legislative Decree No. 58 of 24 th February 1998, by submitting its assessment of the candidates to the Risk Committee; - it examines periodic reports on the activities carried out by control functions and also the results of the self-assessment of internal Group adequacy in terms of the principles of the Supervisory Review and Evaluation Process (SREP) of the competent supervisory authorities; 5
- verification of the proper performance of strategic control and management activities by the Parent in relation to Group companies. - it oversees compliance with laws, regulations and the Articles of Association, the proper performance of management activities and the adequacy of the Bank s organisational structure and its accounting systems; - communication to the Bank of Italy of events or facts which might constitute a management irregularity or an infringement of banking regulations pursuant to article 52 of the Consolidated Banking Act. Should the Committee become aware in the course of its activities of circumstances that may be relevant pursuant to article 52 of the Consolidated Banking Act, it shall inform the Supervisory Board and Management Board of the shortcomings and irregularities found, and it shall request corrective action to be taken and monitor its effectiveness over time; - verification and study of the causes and remedies for management irregularities, performance problems and shortcomings in organisational structures and accounting systems, with particular attention paid to regulations concerning conflicts of interest and infringements of rules governing the provision of investment services, on the basis of the reporting specified in article 3.4; - it examines Group policy on whistleblowing and carries out the activities required of the Committee by that policy as well as periodically examining reports received; it examines the relative annual report to be submitted to the Supervisory Board; - assessment of proposals formulated by the independent auditors for their engagement, examining their professionalism and experience to ensure these qualities are adequate for the size and operational complexity of the Bank; - assessment of reports for Shareholders Meetings called in accordance with article 2364-bis of the Italian Civil Code, and also for any other Shareholders Meetings, ordinary or extraordinary, on its supervisory activities carried out, on omissions and on irregularities observed. 3.2 The Committee performs its internal control and accounting audit functions in accordance with article 19 of Legislative Decree No. 39 of 27 th January 2010, specifically including the following: - financial reporting; - effectiveness of the system of internal control, internal audit and risk management; - statutory audit of annual separate and consolidated financial statements; 6
- the independence of auditors particularly with respect to the provision of non-audit services. In this respect, the Committee periodically exchanges information with the auditors engaged to carry out the statutory audit of the accounts and it examines the workplan drawn up by those auditors and the report on fundamental issues found during the independent statutory audit and, in particular, on significant shortcomings of the system of internal controls relating to the financial reporting process. It co-ordinates, within the scope of its remit, with the Risk Committee for the purpose of the latter Committee s assessment of the proper use of accounting policies for the preparation of separate and consolidated financial reports. The Committee supports the Supervisory Board with its duties connected with assessing the adequacy and functionality of the accounting and tax systems, inclusive of IT systems, in order to ensure accurate recording of corporate events and facts. In detail, it oversees the adequacy and functionality of corporate processes that have an impact on the accounts and that fall within the perimeter of the provisions of Law No. 262/2005 (administrative liability). 3.3 When determining in practice the intensity and methods of the verifications to be carried out and also in its assessment of the irregularities found, the Committee takes into consideration both the magnitude of the losses which could result for the Bank and also the repercussions in terms of reputation and safeguarding the trust of the public. The controls must be across the board throughout the organisation of the Bank and they must include verifications of systems and procedures (e.g. IT and administrative and accounting systems), the different lines of business (lending, finance, etc.), operations (the introduction of new products, entering new business or geographical areas, business continuity, outsourcing) and organisational units (e.g. foreign branches). 3.4 The Supervisory Board may also ask the Committee to study specific issues within the scope of its responsibilities. 3.5 In accordance with article 34 of the Articles of Association, the Committee also activates the internal control function in response to extraordinary requests for inspections and/or investigations made by the Chief Executive Officer. 3.6 The Committee normally performs its duties using the information provided to the Supervisory Board in compliance with the relevant regulations and information provided by corporate internal control units and functions and the results of activities carried out by the 7
Supervisory Body pursuant to Legislative Decree No. 231/2001. The committee also identifies additional reporting that it must receive on control matters (subject, format, frequency, etc.) and it must be able to access relevant company information. 3.7 In order to acquire constant information on the principal management events and to support the control function carried out by the Supervisory Board, at least one member of the Committee shall attend meetings of the Management Board on a rotation basis in accordance with article 41 of the Articles of Association and shall report to the Committee and through its Chairman to the Supervisory Board on matters of major importance that are dealt with. 3.8 The Committee has a duty to report to the Supervisory Board on its activities, normally by means of appropriate reports to be submitted to the next subsequent meeting. The Chairman of the Committee reports on specific questions that the Committee has been asked to investigate by the Supervisory Board and it also submits the relative supporting documentation for the work to the Supervisory Board itself. 3.9 The Committee and the Risk Committee exchange all information of mutual interest and they co-ordinate appropriately in carrying out their respective duties. In order to ensure maximum co-ordination between the Risk Committee and the Internal Control Committee, without prejudice to their respective roles and responsibilities, a member of the Internal Control Committee attends meetings of the Risk Committee, if the person is not already a member of that Committee. The member of the Committee that attends meetings of the Risk Committee reports on the work of that committee at the next meeting, or if it is urgent, at a specially convened meeting. Article 4 (Powers) 4.1 The Committee, in accordance with article 41 of the Articles of Association, by employing the services of the appropriate organisational units of the Bank, can proceed to inspections and controls at any time and exchange information with the control bodies of the companies of the Group with regard to the management and control systems and to corporate activity. In order to carry out its activities, the Committee may make use of outside consultants, at the expense of the Bank, that it selects and shall assess in advance whether such consultants might place themselves in a situation that compromises the independence of their judgement. 4.2 When it is considered necessary, the Committee may, in carrying out its activities, assign determined tasks individually to one or more of its members who must report to the committee on their activities. 8
Article 5 (Fees) 5.1 Members of the Committee are paid fees set in accordance with article 36 of the Articles of Association. Article 6 (Amendments to the Regulations) 6.1 These Regulations may be amended by a resolution of the Supervisory Board. 9