Banca Generali S p A : Report of the Board of Statutory Auditors to the General Shareholders' Meeting

March 27, 2024 at 02:18 pm EDT

REPORT OF THE BOARD OF STATUTORY AUDITORS TO THE GENERAL

SHAREHOLDERS' MEETING

pursuant to Article 153 of Legislative Decree No. 58/1998.

Shareholders,

The Board of Statutory Auditors (the "Board") is required to report to the General Shareholders' Meeting of Banca Generali S.p.A. (hereinafter also "Banca Generali", the "Bank" or the "Company"), convened, inter alia, to approve the Financial Statements for the year ended 31 December 2023, on the supervisory activity performed and any omissions and censurable facts identified, pursuant to Article 153 of Legislative Decree No. 58/1998 ("TUF"). This activity was carried out in accordance with the code of conduct recommended by the Roll of Certified Public Accountants and Commercial Experts, while also taking account of the provisions issued by Consob and the Bank of Italy, the instructions set out in the Corporate Governance Code and the provisions of Article 19 of Legislative Decree No. 39/10. The following information also takes account of Consob recommendations contained in Communication No. 1025564/2001.

It bears recalling that on 22 April 2021 the General Shareholders' Meeting of Banca Generali had appointed this Board of Statutory Auditors until the approval of the Financial Statements for the year ended 31 December 2023, in the persons of Natale Freddi (Chairman), Flavia Daunia Minutillo and Mario Francesco Anaclerio (Acting Auditors). On the same date, the Board of Directors also granted the Board of Statutory Auditors the functions attributed to the Supervisory Board pursuant to Article 6 of Legislative Decree No. 231/2001.

During the year, the Board of Statutory Auditors met 19 times and 6 times in its capacity as Supervisory Body. It also took part in 16 meetings of the Board of Directors, 18 meetings of the Internal Audit and Risks Committee, 12 meetings of the Remuneration Committee, 10 meetings of the Nomination, Governance and Sustainability Committee and 14 meetings of the Credit Committee. The Board of Statutory Auditors also took part in the induction programme for members of the Bank's corporate bodies.

Supervisory activity concerning compliance with the law and Articles of Association

The Board of Statutory Auditors periodically obtained information from the Directors - including by participating in the meetings of the Board of Directors and its Board Committees - regarding the activity carried out and management acts undertaken. On the basis of the information available, it may reasonably confirm that those activities and acts were implemented in compliance with the law and the Articles of Association.

The material events during the year that the Board of Statutory Auditors deems appropriate for mention in light of their importance include:

- the resilience of the 2022-2024 Strategic Plan, which - despite the turbulence and uncertainties of 2022-2023 - remained in line with the targets disclosed to the market on the 2022 Investor Day;
- the FINMA authorisation obtained by the subsidiary BG Suisse S.A., incorporated in 2021, to start the banking activity. Banca Generali subsequently carried out a further capital increase of CHF 40 million aimed at increasing the company's statutory share capital as required by the new Articles of Association. The bank started its operations on 1 December 2023 and changed its company name into BG (Suisse) Private Bank S.A.;
- the approval by Banca Generali's Board of Directors, on 8 February 2024, of the revision of the joint venture agreement with Saxo Bank that will entail, inter alia and following the Bank of Italy's prior authorisation, an increase in Banca Generali's equity investment (currently equal to 19.9%) to 49.9% of share capital and the sale en bloc, pursuant to Article 68 of TUB, of a portfolio of 1

securities account contracts with customers, considered autonomous in functional terms from other relationships between Banca Generali and its online trading customers.

It should also be noted that, at 31 December 2023, the consolidated CET1 ratio was 17.8% and Total Capital Ratio (TCR) was 19.0%, compared to the SREP minimum requirement of 8% and 12.3%, respectively. The main information on capital adequacy, risk exposure and the general characteristics of the systems implemented to identify, measure and manage said risks are illustrated in the Pillar 3 disclosures prepared pursuant to Part VIII of Regulation (EU) No. 575/2013.

With regard to the Russia-Ukraine conflict, it bears noting that Banca Generali is not exposed to the countries involved in the conflict, either with its own securities portfolio, or with the customer loans portfolio. In addition, the exposure of the Bank's clients is also quite limited.

With regard to relations with the supervisory authorities, the Board of Statutory Auditors was updated by the responsible company functions regarding the requests and inquiries made and the responses given. In turn, when requested, it provided responses to the above Authorities on specific topics relating to the reports received and the audits carried out by the Board of Statutory Auditors.

Supervisory activity concerning compliance with the principles of sound management

The Board of Statutory Auditors acknowledged and supervised the compliance with the principles of sound management by obtaining information from the Heads of the competent Control Functions and the Manager in Charge of preparing the Company's financial reports, as well as from meetings with the Independent Auditors as part of the mutual exchange of relevant data and information. In the year, it also met several times with the Chief Executive Officer, the Deputy General Managers and other top managers at the Board Committees' meetings or at other ad-hoc meetings, to obtain information regarding operating performance, the internal control system and main company risks. During such meetings, the Board of Statutory Auditors observed the regular, constant flow of information from the main corporate operating functions and, in the case of the Board of Directors, its constant updating.

The Board of Statutory Auditors may therefore reasonably state that the transactions carried out are inspired by the principles of sound management, and that management decisions were made on the basis of adequate flows of information and awareness of their risk level.

In particular, as regard the most significant economic, financial and equity transactions implemented by the Bank, subject to supervisory activity, the Board of Statutory Auditors may reasonably confirm that they were implemented in compliance with the law and the Articles of Association and were not manifestly imprudent, risky, in conflict with the resolutions passed by the Shareholders' Meeting or such as to compromise the integrity of the Company's assets. The transactions in which Directors had an interest were approved in accordance with the law, regulations and Articles of Association. As part of the information provided on the preparation of the annual and half-yearly financial statements, the information pursuant to Article 150 of TUF was provided by the Chief Executive Officer and also by the Manager in charge of preparing the Company's financial reports.

In addition, the Board of Statutory Auditors determined that there had been no atypical and/or unusual transactions with companies of Banca Generali Banking Group (the "Group"), third parties or related parties, i.e., transactions that, in view of their characteristics, may give rise to doubts as to the correctness/completeness of the information in the financial statements, conflict of interest, integrity of company assets and the protection of minority shareholders.

No critical issues came to light from the meetings held with the Chairman of the Board of Statutory Auditors of Generfid S.p.A. and the control bodies of BG Fund Management Luxembourg S.A. and BG Valeur S.A. or from the examination of the Directors' reports included in the financial statements. Likewise, at such meetings, no issues were reported relating to the activities carried out, where required, in our capacity as Supervisory Body pursuant to Legislative Decree No. 231/2001.

Supervisory activity concerning adequacy of the organisational structure

The Board of Statutory Auditors supervised the adequacy of the Bank's organisational structure by holding meetings with the Bank's operating functions, and in particular with the COO & Innovation Area and the Organisation Department, in order to verify the adequacy of the company structure, system of delegated powers, internal control and risk management system and information flows.

The Bank's organisational structure did not change substantially during the year, although the process of rationalising some of its internal structures continued. With regard to the operating structures, worth of mention are:

‒ the setting up of the new "second-line control function for the ICT and security risk", assigning the related responsibilities to the Risk Management Department, which established its new internal ICT and Security Risk Management Service;
‒ the setting up of the Strategic Transactions Legal Affairs Service tasked with providing legal support for the Bank's strategic transactions;

‒ the new organisation of the Financial Advisor Network, which will be inspired by three principles of change: (i) a single local structure within the network, entailing greater synergies and lesser competition; (ii) introduction of a mechanism whereby each local professional no longer has a single point of contact, but is part of a team in which transversal and strategic managers integrate the work of managers on specific topics (e.g., sustainability); (iii) creation of a closer relationship between the Headquarters and the network; and (iv) the establishment of the Investee Coordination OU, reporting directly to the Head of the CFO & Strategy Area, tasked with supervising the financial and income information flows of investees through specific reports;
‒ the rationalisation of the Wealth Management Area, with the establishment of the Wealth Advisory Department dedicated to advice regarding non-financial services, alongside the Financial Advisory Department, which is responsible for advice regarding financial services and products;
‒ the creation of the Strategy, Planning and Control Department, which combines the Planning and Control structures with the function dedicated to Strategic Planning and M&A activities.

With regard to the Products and Service Management Committee, Active Ownership competencies were expanded so as to support of the General Counsel & Sustainability Area in engaging issuers of financial instruments on ESG and CSR matters.

The Board of Statutory Auditors also supervised the proper performance of the management and coordination activities carried out by the Bank as Parent Company and has no observations to make in this regard.

In fact, the Parent Company performs its steering and governance tasks and provides support to its subsidiaries, in accordance with the Consolidated Law on Banking (TUB), supervisory regulations and Group regulations, adopting risk management procedures and internal control mechanisms that ensure coordinated, unified management of the various Group companies in order to:

‒ ensure satisfaction of the requirements imposed by supervisory regulations at Group level;
‒ safeguard the profitability and value of the equity investments of the Parent Company and all its subsidiaries;
‒ avoid any harm to the integrity of the assets of each Group entity by also providing instructions through specific instruments, such as Group regulations and policies on specific subjects.

The Board of Statutory Auditors supervised the adequacy of the instructions provided by the Company to its subsidiaries pursuant to Article 114, paragraph 2, of TUF.

4. Corporate governance

The Board of Statutory Auditors assessed the methods whereby the Borsa Italiana's Corporate Governance Code adopted by the Bank was implemented, according to the terms illustrated in the

"2023 Report on Corporate Governance and Ownership Structures" (the "Corporate Governance Report"). It bears noting that the company bodies also acknowledged the latest recommendations formulated in the letter from the Chair of the Corporate Governance Committee of 13 December 2023, as well as of the "Guidelines on the composition and functioning of the Board of Directors in the LSIs" published on 13 November 2023 by the Bank of Italy.

In line with the legislation of reference, Banca Generali's Board of Directors, with support from the external professional Egon Zehnder - appointed as independent expert for the entire three years of the term - launched the Board Review 2023, i.e., the annual self-assessment on the functioning of the Board and Board Committees, as well as of their size and composition. The Board Review involved the participation of all Directors in office and the Chairman of the Board of Statutory Auditors (who shared the self-assessment exercise with the two other Acting Auditors).

The Board of Statutory Auditors as well performed its 2023 annual self-assessment to evaluate its functioning, size and composition, also taking account of the process for appointing the next Board of Statutory Auditors. In fact, the Board of Statutory Auditors, in view of the end of its term of office, drafted the "Recommendations on the Optimal Qualitative and Quantitative Composition of the Board of Statutory Auditors" defining the individual and collective requirements that Statutory Auditors must meet in accordance with current laws and regulations. These Recommendations were made available to the Board of Directors and the Shareholders on the Bank's website.

The results of the two assessments are reported in detail in the Corporate Governance Report.

Furthermore, during the year the Board of Statutory Auditors verified that the Statutory Auditors met the relevant requirements in accordance with the MEF Decree No. 169 of 23 November 2020, as well as, in general, with the applicable legal, regulatory and self-regulatory provisions in force.

In detail, pursuant to Article 23 of the MEF Decree, the Board of Statutory Auditors conducted new specific assessments of the continuing satisfaction of eligibility requirements and criteria, including that of independence, by its members, where supervening events might have affected possession of such requisites.

Additionally, during the year the Board of Statutory Auditors verified the proper application of the assessment criteria and procedures adopted by the Board of Directors to assess possession of the fit and proper requirements of its members, pursuant to applicable legislation.

5. Supervisory activity concerning transactions with related and connected parties

The Board of Statutory Auditors supervised the compliance with applicable legislation of the Policy for Transactions with Related Parties, Connected Parties and Corporate Officers pursuant to Article 136 of TUB (the "Policy") adopted by the Bank on this matter (as most recently updated on 22 June 2023) and its proper application, participating in all the meetings of the Internal Audit and Risk Committee - which also functions as the Committee for the preliminary review of transactions with related and connected parties and is tasked with issuing the related opinions required by applicable legislation - set up in accordance with the relevant Policy, periodically receiving and analysing information regarding the transactions performed. The Board of Statutory Auditors has no record of related and connected party transactions undertaken in conflict with the Company's interest.

Approval of the new text of the Policy was necessary to adapt the text to the new format of the Bank's internal rules and to combine, in a single text, the two previous existing documents ("Procedure for Related Party and Connected Party Transactions" and "Internal Policies Governing Controls of Risk Assets and Conflicts of Interest in Relation to Connected Parties") so as to reinforce the control measures in this area at the level of the Banking Group.

One "transaction of greater importance" was undertaken with related parties during the year. The transaction involved the distribution of new insurance products as part of the existing distribution agreement between Banca Generali and Generali Italia S.p.A., joined also by Genertellife S.p.A., and, again as part of the above-mentioned distribution agreement, to the increase in the ceiling for retention initiatives concerning existing traditional life insurance products.

In addition, transactions qualifying as "transactions of lesser importance" were undertaken with related parties, as illustrated in detail in the Report on Operations, in addition to "ordinary or recurring transactions" effected at arm's length, the effects of which are analysed in the dedicated section of Notes and Comments.

The Board of Statutory Auditors verified that in the Report on Operations and the Notes and Comments the Board of Directors provided adequate disclosure of transactions with related and connected parties and intragroup transactions in light of applicable legislation.

Following a review of the activity carried out by the various functions involved in the Policy and discussions with the Internal Audit Function, the Board of Statutory Auditors believes that transactions with related and connected parties are adequately supervised and, to the best of its knowledge, that the Policy has been properly applied.

6. Supervisory activity concerning the internal control and risk management system

The Board of Statutory Auditors supervised the adequacy of the internal control and risk management system through:

- meetings with the Bank's top managers, the purpose of which included examining the internal control and risk management system;
- periodic meetings with the Heads of the Internal Audit, Compliance and Anti-Money Laundering, and Risk Management Functions (hereinafter the "Control Functions") in order to assess the methods of planning of the work, based on identifying and assessing the main risks present in processes and organisational units;
- examination of periodic reports (Tableaux de Bord) of the Control Functions and periodic information on the results of monitoring of the implementation of the corrective actions identified;
- acquisition of information from the Heads of other Company Functions;
- meetings with the control bodies of the main subsidiaries pursuant to paragraphs 1 and 2 of
Article 151 of TUF during which the Board of Statutory Auditors obtained information on the matters deemed material, affecting Group companies and the internal control system;
- discussion of the results of the Independent Auditors' work;
- participation in the proceedings of the Internal Audit and Risks Committee, acquiring information on the criticalities considered of particular interest to the Board of Statutory Auditors' activity.

Banca Generali has long adopted an internal control system policy that identifies the bodies and functions involved in the definition of the internal control system, the methods and tools for identifying and assessing risks, coordination between control functions, the Banking Group's internal control system and reports and flows of information. The system is structured on three levels: the first level performs line controls aimed at ensuring the proper performance of transactions; the second level concerns the monitoring of risks and compliance; and the third is aimed at identifying breaches of procedures and internal regulations.

With reference to the first-line controls, Banca Generali has operational procedures in place (process flows) that relate to all activities carried out and identify the activities, roles, tools and line controls according to the company process tree. These procedures are constantly updated by the Organisation Department to bring them into line with changes in external and internal rules and regulations, the organisational structure and operating methods and to incorporate the suggestions for improvement that emerge from the activities performed by the Control Functions.

With regard to the second- and third-line controls, the Board of Statutory Auditors engaged in constant dialogue with the Control Functions in carrying out its activities. In addition to the Business Functions and Control Functions, the functioning of the control system involves other corporate functions, such as the Head of the Security and BCP Service, who acts as the Chief Security Officer (CSO) and whose roles also include that of the Bank's Chief Information Security Officer (CISO), and the Supervisory Body ofthe Parent Company pursuant to Legislative Decree No. 231/2001; the latter's activity is described in a subsequent chapter.

The Control Functions submit periodic reports to the Board of Directors and the Board of Statutory Auditors on the activities performed and their main observations. Each quarter, Tableaux de Bord are presented; these are informational documents that provide an update on the risks and state of progress of the annual plan of each Function. At the end of the year, as required by the law, the Functions submit an annual Report, which in addition to underscoring the work done during the year, conclude with a concise assessment of the adequacy of the internal control system with regard to matters within their purview.

The year saw the conclusion of the project to harmonise Control Functions and the Remediation Integrated Report launched in 2022, also following the results of the inspection by the Bank of Italy. The project sought to further expand the activities of the internal control system functions with regard to the uniformity of assessment of remediations and the related remedial measures, monitoring and escalation in the event of identification of issues and delays in managing remediation measures, uniformity of the logic for identifying the organisational structures responsible for remediation measures and the amendment of the policies of the individual Control Functions. In 2023, a Control Function Integrated Report was prepared, drawn up on a quarterly basis, that provides an integrated overview of information regarding all types of remediations.

The Board of Statutory Auditors acknowledges that the annual reports of the Compliance, AML and Risk Management Control Functions, each for the aspects within their respective remit, conclude with a mostly adequate opinion of the structure of the Company's internal control system. With regard to the Internal Audit Function Report, the assessment of the internal control system takes account not only of the findings of the Function's activity, but also of the outcome of the of second-level Functions' activities. The Internal Audit Function Report thus concludes with a mostly adequate opinion in terms of the completeness, adequacy, functionality and reliability of the internal control system.

The Board of Statutory Auditors also acknowledged the Board of Director's assessment of the internal control system, which was deemed mostly adequate, also in light of the Internal Audit and Risk Committee's opinion.

The final report on the Internal Audit Function's activity during the year indicates that all activities planned had been concluded at the date of this report. No significant critical issues emerged from this activity. However, the control activities performed (including at Group level) identified a need for the competent Company Functions to implement remedial actions to mitigate the risks inherent in some processes and operating practices, typical of all banking business, without jeopardising the reliability of the internal control system as a whole, which is thus confirmed to be mostly adequate.

Interaction between the Board of Statutory Auditors and the Internal Audit Function was constant over the year, as the Function took part in most meetings of the Board of Statutory Auditors. In any case, the Function informs the Board of Statutory Auditors promptly of any issues or areas of concerns emerged from its activities.

With regard to external quality assurance activities, in 2023 Banca Generali's Internal Audit Function underwent an External Quality Assessment Review (EQAR) conducted by a major consultancy firm. Overall, Banca Generali's Internal Audit Function was found to be "generally conform" to the IIA Standards, the Core Principles, the definition of "Internal Audit" and the Code of Ethics in force at the time of the external assessment.

In addition, during the year there was a regular change of the person holding the position of Head of the Internal Audit Function.

In the ex-post audits conducted in the year, the Compliance Function found an overall medium-low exposure to non-compliance risk with regard to the overall design and effective operational development of company processes, reiterating the need to ensure constant oversight of processes deemed to be at greatest risk of non-compliance, such as investment advisory processes and the portfolio management, new product development and management of market placement services. The Function confirms the need for constantly and thoroughly monitoring the scheduling of remedial actions.

The Compliance Function also supported the Data Protection Officer with the activities set out in the GDPR and the external and internal data protection regulations in effect from time to time. The annual report was presented to the Board of Directors on 5 March 2024. It sets out the activities carried out in 2023, and in particular the updating and monitoring of regulatory developments, consultancy for the Data Controller and the Points of Contact, verification of the compliance of personal data processing with applicable regulations and the function responsible for liaising and cooperating with the Personal Data Protection Supervisory Authority and data subjects. In 2023, the Function reported a personal data breach relating to a fraudulent call to which four Financial Advisors fell victim, allowing the attackers to view and enter into possession of common personal data concerning the Bank's customers. The necessary notices were served to the Personal Data Protection Supervisory Authority and the Data Subjects within the terms set forth by law.

The Compliance Function prepared the "Annual Report on the Proper Functioning of the Whistleblowing System" for 2023, in which it is stated that the project to ensure compliance with Italian Legislative Decree No. 24/23 implementing the EU Whistleblowing Directive was completed through the adoption of Generali Group's dedicated IT platform, the release of the Whistleblowing Policy and the related dissemination, disclosure and information processes.

In 2023, no problems were detected with regard to the functioning of internal whistleblowing systems, including in the tests performed on the systems in question. However, one report received gave rise to the necessary inquiries, resulting in dismissal of the report in early February 2024.

With regard to control activity relating to the distribution network, there continues to be a need to keep high levels of supervision, in addition to further reinforcing them to pursue constant improvement in the efficient monitoring of various risk elements. Within this framework, attention should also be drawn to the constant efforts to raise the awareness of the distribution network of the implementation of the remediations requested by the Network Control Function.

With reference to complaints - relating to both investors and consumers - each quarter the Function presents a report stating the number of complaints, those that resulted in litigation and reimbursements paid by the Bank during the period. Overall, in 2023 the number of complaints received decreased compared to the previous period, which had also been characterised by extraordinary circumstances.

In light of the limited number of complaints and the absence of concentration regarding specific types, the Function does not detect any new compliance-related criticalities in the processes analysed.

With specific regard to the start of operations by BG (Suisse) Private Bank S.A. and to the conclusion of the authorisation process for freedom to provide services (FPS) in Italy, the Function highlights the particular importance of adopting all control measures needed and it reserves the right to conduct specific verification of the methods for implementing the FPS through the Financial Advisor Network.

In its year-end report, the Anti-Money Laundering Function underlines the increasing effort devoted to oversight and control activities, with an impact on the core processes of the Anti-Money Laundering Function. This is due to the combined effect of various factors: (i) a higher percentage of customers with higher risk profiles, due in part to the changes in external regulations (e.g., recent indications from the Bank of Italy concerning private banking); (ii) the significant growth of the Bank's operating volumes and thus of the ensuing controls; (iii) the intensification of exchanges of information regarding common customers and reporting with Assicurazioni Generali Group; (iv) the increase in the control measures and coordination activities of the Banking Group's foreign subsidiaries and the start of operations at BG Suisse Private Bank S.A.; (v) the completion of the so-called "AML Initiatives", i.e., areas of improvementdefined following the 2022 inspection by the Bank of Italy; (vi) support for the process of setting parameters, testing and launching the new AML first- and second-level control tools (Netech in replacement of Gianos, and Faraday); and (vii) support for the development of new project initiatives in the course of being activated, such as "Insure-banking" (an agreement with Generali Italia for the distribution of certain banking products and services).

Following ex-post verifications, due diligence, data storage controls, controls of the monitoring and reporting of suspicious transactions, controls of international sanctions and training controls, the Function concluded with an opinion of overall adequacy.

The self-assessment, conducted with the support of a methodological tool updated in 2023, confirmed that the risk of money laundering and financing of terrorism is MEDIUM. Said assessment is the result of various ongoing improvement actions, primarily attributable to the development of IT systems in support of anti-money laundering controls, and several new actions arising from the quality assurance process with Assicurazioni Generali, recently completed. In the coming year, particular attention will be devoted to monitoring the above initiatives and the planned developments in the relevant external regulations.

The Risk Management Function's activity is aimed at ensuring that Banca Generali Group's risk levels be maintained within the risk strategies and profile, and in line with the risk limits and tolerance thresholds established by the Board of Directors in the Risk Appetite Framework (RAF) and in the Recovery Plan. No significant issues worthy of attention were brought to light during the work done in the year.

Among the projects carried out and concluded during the year, attention should be drawn to those involving implementation of risk digital analytics tools, integration of the project relating to the Bank's trading of listed derivatives, consolidation of the IT risk regulatory component, contributing to formalising the process of analysing and managing ICT and IT security risk in close collaboration with the technical Functions. With the goal of further reinforcing IT risk governance, the Function reported that with effect from 1 January 2024 it had formed a new internal ICT and Security Risk Management Service, which defines the framework for managing such risks in terms of identifying, assessing and mitigating them in accordance with the Bank's risk appetite.

The Board of Statutory Auditors examined the Internal Capital Adequacy Assessment Process (ICAAP) documents, which quantify the current and prospective internal capital to be held for the risks to which the Group is exposed, as well as those for liquidity (ILAAP), which aim to assess the adequacy of the liquidity held by the Bank, both approved by the Board of Directors on 19 April 2023. The ICAAP and ILAAP confirm the adequacy of the Bank's capital and liquidity. The Board of Statutory Auditors formulated its observations also on the basis of the Report of the Internal Audit Function, which acknowledges compliance with regulations.

The Board of Statutory Auditors examined the new Risk Appetite Framework (RAF), which indicates the Bank's risk appetite, with effect from 2024, taking account of the recommendations of the Supervisory Authorities and regulatory indications. The structure of the primary and complementary indicators remained unchanged compared to the previous year, with the exception of the Capital Absorption Ratio, replaced by a significant RAF limit, calculated in relation to Tier 1 capital. Several thresholds were modified in accordance with the new plan projections. The RAF confirms the Bank's solidity, with capital and liquidity ratios above the minimum regulatory requirements.

Adequacy of Control Functions

In order to assess the internal control system, particular importance is attached to the analysis of the operational procedures and methods that the Control Functions adopt to pursue their objectives, as well as the adequacy of their staff. The Control Functions operate on the basis of procedures that are approvedby the Board of Directors and kept up to date that list in detail the activity to be carried out. With regard to resources, the Board of Statutory Auditors consulted all Control Functions and expressed its opinion on the appropriateness of resources at the end of 2023 in consideration of the Functions' activity plan for 2024, requesting constant updates on their adequacy.

The Board of Statutory Auditors oversaw the remuneration of the control functions, for purposes of the variable component payment. In concert with the Remuneration Committee, it analysed the assessment records of their qualitative performance in terms of the objectives set for 2023.

Business continuity and cyber risk

The Bank revised the control framework for oversight of ICT and IT security risk, formalised with an update of the related internal regulation (ICT and IT Security Risk Analysis and Management Policy), to complete the process of complying with the 40th update to Bank of Italy Circular No. 285.

A pilot assessment for testing the updated framework was performed in the period February-March 2024. Based on the pilot assessment's results, which are currently being analysed, no particular issues were identified in the area of ICT and IT security risk. However, improvement actions were identified for the ICT and IT security governance system and for several applications included in the analysis scope. The results are being shared with first-level structures. They will then be formalised in the Summary Report on the ICT and Security Risk Situation.

With regard to the implementation status of security initiatives, particular attention was paid to strengthening the activities carried out in the cyber and information security areas. No serious high or critical incidents within the meaning to Circular No. 285/2013 were detected in 2023. Only one incident, related to unauthorised access and involving several Financial Advisors, was classified as medium severity incident.

In addition, the Bank also launched a programme to comply with the DORA, involving specific requirements for further developing the ICT and IT security risk management framework.

At the level of business continuity, in 2023 and the first quarter of 2024 ten business continuity and disaster recovery test sessions were conducted to assess the ability to restore IT systems after catastrophic events. The positive results obtained confirmed the soundness of the strategies and procedures implemented by the Bank. These tests were also extended to the main providers and outsourcers, as well as to the organisation' internal processes. During the year, several users of a corporate office reported total absence of network connection (Intranet and Internet), resulting in the launch of the appropriate mitigation plans. The positive results obtained in terms of business continuity confirmed the soundness of the strategies and procedures implemented.

The three-year testing plan, which is currently being defined, will be revised in view of the new provisions introduced by the entry into force of the DORA, thus ensuring alignment with the latest regulatory developments.

As mentioned above, in 2022, the Bank had been subject to a comprehensive ordinary inspection by the Bank of Italy that had focused, inter alia, on the efficiency of the governance arrangement of the Bank and Group, as well as on their risk management and control systems, with particular reference to operational, reputational and legal risks. With regard to inspection activity, the Board of Statutory Auditors underlines that the remediation measures planned had been all concluded, with a sole exception concerning customer profiling methods, the planned solution for which had been replacement of the Gianos platform with the Netech platform. The originally scheduled deadline had been postponed to the end of 2024.

Based on the work carried out, the information acquired, the content of the half-yearly and annual reports of the Control Functions, and particularly the overall favourable opinion expressed by the Control Functions regarding the internal control system, the Board of Statutory Auditors considers that there are no significant critical elements such as to affect the structure of the internal control and risk management system.

7. Supervisory activities regarding the administrative accounting system and the financial reporting process

The Board of Statutory Auditors, in its capacity as Internal Audit and Risk Committee pursuant to Article 19, paragraph 2(c), of Legislative Decree No. 39/2010, monitored the process and checked the effectiveness of the internal control and risk management systems with regard to financial reporting, overseeing compliance with the general principles on financial reporting adopted by the Group, based on the provisions of the Group Policy on the subject.

The financial reporting is monitored by the Manager in charge of preparing the Company's financial reports (hereinafter the "Manager in charge"), adopting models that refer to best market practice and that provide reasonable security on the reliability of financial reporting, on the effectiveness and efficiency of operating activities and on compliance with laws and internal regulations. The processes and controls are reviewed and updated annually.

The year 2023 saw work continue on keeping the mapping of processes up to date in line with the projects carried out, the new operating methods and organisational changes.

Control of the proper functioning of the Bank's model is ensured by a series of checks carried out on a self-assessment basis by the individual process owners, supplemented by checks conducted by the Independent Auditors.

The Board of Statutory Auditors met the Manager in Charge at regular intervals to exchange information on the reliability of the administrative-accounting system for purposes of representing operating events correctly and verified the Attestation of the Annual Integrated Report pursuant to Article 154-bis of TUF, issued by the Chief Executive Officer and the Manager in Charge, which certifies the adequacy and effective application of the administrative and accounting procedures for preparing the Annual Integrated Report during the 2023 financial year.

With regard to the preparation of the financial statements and consolidated financial statements, it should be noted that they were prepared, in accordance with Legislative Decree No. 38/2005, according to the international IAS/IFRS standards issued by the IASB (International Accounting Standard Board) that have been endorsed by the European Commission, as established by Community Regulation No. 1606/2002, and following the indications of Circular No. 262/2005 issued by the Bank of Italy. The Board of Statutory Auditors reports the following:

- no new international accounting standards, amendments to existing standards or related interpretations with a material impact on the Banking Group's operations entered into effect in financial year 2023;
- the Bank holds in its UCITS portfolio the Forward Fund, an Italian AIF managed by Gardant SGR.
The fund was subscribed in 2021 as part of the restructuring of a portfolio of senior notes issued by several special-purpose vehicles in the securitisation of healthcare receivables (past-due or disputed), which Banca Generali purchased from its customers and concurrently transferred to the Fund. At the end of 2023, the value of the Fund was 483,500 thousand euros. A 4,998 thousand euro capital gain on the Fund was recorded in 2023;
- during the year, additional non-recurring provisions were made for an amount of 21.1 million euros.
These provisions are aimed to cover commercial activities aimed at restoring customers' potential losses resulting from investments made in illiquid products distributed by the Bank that were marked by investment repayment issues, for which civil and criminal litigation is currently ongoing

Attachments

Original Link
Original Document
Permalink

Disclaimer

Banca Generali S.p.A. published this content on 27 March 2024 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 27 March 2024 18:17:16 UTC.

Market Closed - Borsa Italiana Other stock markets 11:44:59 2024-04-26 am EDT			5-day change	1st Jan Change
36.32 ^EUR	+0.83%		+2.77%	+7.97%

Apr. 18	Generali reorganises business structure ahead of new strategic plan	RE
Apr. 18	Assicurazioni Generali approves new organizational structure	AN

Generali reorganises business structure ahead of new strategic plan	Apr. 18	RE
Assicurazioni Generali approves new organizational structure	Apr. 18	AN
Banca Generali renews board of directors and board of statutory auditors	Apr. 18	AN
Milan and Frankfurt pink jerseys; US data expected	Apr. 10	AN
Mib above 34,100 ahead of Italian retail sales	Apr. 10	AN
Futures await stock exchanges on U.S. pre-inflation	Apr. 10	AN
Stock markets down; gold still record high	Apr. 09	AN
Futures down; major order for Fincantieri	Apr. 09	AN
Indices up; Interpump tops on Mib.	Apr. 08	AN
Banca Generali net inflows in the quarter is EUR1.65 billion	Apr. 08	AN
Futures down; China services sector accelerates	Apr. 03	AN
Mib closes down, down luxury and banks	Apr. 02	AN
Futures up in central bank week	Mar. 18	AN
Ilaria Romagnoli resigns as director of Banca Generali	Mar. 15	AN
Milan up; Cucinelli and DiaSorin weigh on Mib.	Mar. 15	AN
Banca Generali, inflows up 64 percent year-on-year in February	Mar. 07	AN
Indices down except in Mib; Saipem on top	Mar. 05	AN
Futures down; China sets growth at 5 percent	Mar. 05	AN
Mib slightly down; still strength on Saipem	Mar. 04	AN
Mib bearish; spotlight on US PCE data	Feb. 28	AN
Mib bullish above 32,700; Saipem on top	Feb. 27	AN
Europeans above parity; accounts push Campari	Feb. 27	AN
Europeans heading for a slightly down opening	Feb. 26	AN
Milan maglia rosa; gas prices fall sharply	Feb. 23	AN
Stock exchanges cautious; Mib pushed by BPM and Banca Generali	Feb. 23	AN

	1st Jan change	Capi.
BANCA GENERALI S.P.A.	+7.97%	4.42B
JULIUS BÄR GRUPPE AG	+4.16%	11B
EFG INTERNATIONAL AG	-1.11%	3.52B
EDMOND DE ROTHSCHILD (SUISSE) S.A.	+3.33%	1.33B
TRUXTON CORPORATION	-1.90%	186M
BANCA PROFILO S.P.A.	+8.87%	156M
PROVEN GROUP LIMITED	-14.34%	103M

Banca Generali S.p.A.

Equities

BGN

IT0001031084

Banks

Banca Generali S p A : Report of the Board of Statutory Auditors to the General Shareholders' Meeting

Latest news about Banca Generali S.p.A.

Chart Banca Generali S.p.A.

Company Profile

Income Statement Evolution

Ratings for Banca Generali S.p.A.

Analysts' Consensus

EPS Revisions

Quarterly revenue - Rate of surprise

Sector Private Banks