Agreement No. 002-2023: Adding Article 3-A and Modifying Articles 13 and 27 of Agreement No. 005-2011 on Corporate Governance

Republic of Panama Banking Superintendence AGREEMENT No. 002-2023 (of March 28, 2023) “By which Article 3-A is added and Articles 13 and 27 are modified to Agreement No. 005-2011 on Corporate Governance”

THE BOARD OF DIRECTORS

In exercise of its legal powers, and

CONSIDERING:

That as a result of the issuance of Decree-Law No. 2 of February 22, 2008, the Executive Branch prepared a systematic ordering in the form of a Single Text of Decree-Law No. 9 of 1998 and all its modifications, which was approved by Executive Decree No. 52 of April 30, 2008, hereinafter the Banking Law;

That in accordance with numerals 1 and 3 of Article 5 of the Banking Law, it is the objective of the Banking Superintendence to ensure the solidity and efficiency of the banking system; as well as to promote public confidence in it;

That in accordance with numeral 1 of Article 11 of the Banking Law, it is an attribute of a technical nature of the Board of Directors to approve general norms for the identification, regulation, and consolidated supervision of banks and banking groups;

That in accordance with numeral 5 of Article 11 of the Banking Law, it corresponds to this Superintendence to establish, within the administrative scope, the interpretation and scope of legal or regulatory provisions in banking matters;

That in accordance with numeral 9 of Article 16 of the Banking Law, it is an attribute of a technical nature of the Superintendent to instruct banks to remove their directors, dignitaries, or executives if, in his judgment, there is merit for doing so;

That numeral 1 of Article 48 of the Banking Law establishes that, for the granting of the banking license, the main shareholders and the administrative body of the entity must have adequate suitability based on their experience, integrity, and personal history;

That Article 55 of the Banking Law establishes that banks will be obliged to comply with the corporate governance norms issued by the Superintendence;

That Articles 107 and 108 of the Banking Law establish that, without prejudice to what is provided in the Code of Commerce and other current laws, any person who holds the position of director or dignitary or who performs managerial duties in a bank, will cease in their functions, becoming ineligible to hold such position or function in any bank, when declared bankrupt or in creditors' agreement, convicted of any crime against property or public faith, for serious offenses in the management of the bank, as determined by the Board of Directors of the Banking Superintendence, and when responsible for acts that have led to the forced liquidation of a bank;

That Article 112 of the Banking Law establishes that banks and other supervised entities by the Superintendence will have the obligation to establish policies and procedures and internal control structures, to prevent their services from being used improperly for the crime of money laundering, terrorist financing, and other related or similar nature or origin crimes;

That Agreement No. 008-2010 of December 1, 2010 establishes provisions on integrated risk management;

That in accordance with numeral 6 of Article 4 of Agreement No. 008-2010, reputational risk is part of the different types of risk to which banking entities are exposed, which comprises the possibility that, due to the impact on the bank's prestige, economic losses are incurred;

That through Agreement No. 005-2011 of September 20, 2011, the provisions on Corporate Governance were updated;

That literal a of Article 2 of Agreement No. 005-2011 defines corporate governance as the set of rules that guide the relationships between the entity's management, its shareholders and/or, if applicable, the owner of banking shares, and other stakeholder groups in order to provide the structure through which objectives are set and the means to achieve those objectives are determined, and to determine the monitoring system;

That in accordance with literals a and b of Article 3 of Agreement No. 005-2011, good corporate governance includes as minimum documents that clearly establish corporate values, strategic objectives, codes of conduct, and other appropriate behavioral standards; as well as documents that evidence compliance with these;

That it is a good banking practice for banking entities to ensure that their shareholders, members of the board of directors, senior management, and key bank personnel always have recognized suitability, reputation, moral and economic solvency, regardless of the nature, complexity, and risk profile of the bank, in order to mitigate the entity's reputational risk;

That in accordance with the basic principles for effective banking supervision issued by the Basel Committee on Banking Supervision, a fundamental component of good governance is a corporate culture that reinforces appropriate norms for responsible and ethical behavior, which includes policies that define acceptable and unacceptable behaviors; as well as the importance of timely and open debate of issues and their referral to higher hierarchical levels of the organization;

That the basic principles for effective banking supervision of the Basel Banking Supervision Committee states that supervisors must take appropriate and effective supervisory measures when necessary; therefore, it is required that the supervisor has the capacity to establish and enforce adequacy and integrity standards for shareholders, board members, senior management, and key personnel of entities;

That in working sessions of this Board of Directors, the need and convenience of modifying Agreement No. 005-2011 on Corporate Governance has been highlighted, in order to establish basic guidelines that allow entities to adopt measures or mechanisms regarding the integrity of their shareholders, members of the Board of Directors, senior management, and key bank personnel.

AGREES:

ARTICLE 1. ADDITION. Article 3-A is added to Agreement No. 005-2011 of September 20, 2011, as follows:

“ARTICLE 3-A. INTEGRITY OF SHAREHOLDERS, MEMBERS OF THE BOARD OF DIRECTORS, SENIOR MANAGEMENT, AND KEY PERSONNEL. Banking entities and the owner of banking shares of banks whose origin supervisor is this Superintendence, must ensure that their shareholders, members of the board of directors, senior management, and key personnel of the entity always have recognized suitability, reputation, moral and economic solvency, regardless of the nature, complexity, and risk profile of the entity.

For these purposes, banking entities and the owner of banking shares of banks whose origin supervisor is this Superintendence, must adopt integrity policies, procedures, and control mechanisms approved by the board of directors that, on a continuous basis, allow them to identify, evaluate, and monitor the reputation, moral and economic solvency of their shareholders, members of the board of directors, senior management, and key personnel, as well as any natural or legal person legally linked to any of these. The foregoing with the purpose of mitigating risks that may affect the continuity of the bank's operation or put at risk the funds of its depositors, and that may affect the stability, sustainability, reputation, and security of the bank, the banking group, or the banking system.

In the event that their shareholders, members of the board of directors, senior management, and key bank personnel do not meet the integrity criteria defined in their policies, as applicable, the bank must take the measures established therein and immediately inform this Superintendence of the reasons that supported the measure taken.”

ARTICLE 2. MODIFICATION. Article 13 of Agreement No. 005-2011 of September 20, 2011, is as follows:

“ARTICLE 13. RESPONSIBILITIES OF THE BOARD OF DIRECTORS. The board of directors will have the following responsibilities and tasks:

a. Promote the safety and solidity of the bank.

b. Understand the regulatory environment and ensure that the bank maintains an effective relationship with its regulators.

c. Establish an effective corporate governance structure, including an internal control system, which contributes to effective internal supervision of the bank and its subsidiaries.

d. Ensure that adequate general working conditions exist for the performance of tasks assigned to each level of personnel participating in the corporate governance structure.

e. Promote, together with senior management, high ethical and integrity standards.

f. Establish an organizational culture that demonstrates and emphasizes to all officials the importance of the internal control process, the role of each one within the bank, and being fully integrated into it.

g. Approve and periodically review business strategies and other transcendent policies of the bank.

h. Know and understand the main risks to which the bank is exposed, establishing reasonable limits and procedures for such risks and ensuring that senior management adopts the necessary measures for the identification, measurement, monitoring, and control of them.

i. Keep the Superintendence informed about situations, events, or problems that affect or could significantly affect the bank and the concrete actions to face and/or remedy identified deficiencies.

j. Properly document themselves and seek access to all necessary information regarding conditions and administrative policies to make decisions, in the exercise of their executive and oversight functions.

k. Approve the organizational and functional structure of the internal control system and ensure that senior management verifies its effectiveness.

l. Select and evaluate the general manager and those responsible for external audit functions, unless the shareholders' assembly attributes this responsibility.

m. Select and evaluate the manager or person responsible for internal audit functions.

n. Approve and review at least once (1) a year the objectives and procedures of the internal control system, as well as the organization and functions manuals, policies and procedures manuals, risk control manuals, and other manuals of the bank where they are reflected, as well as incentives, sanctions, and corrective measures that promote the proper functioning of the internal control system and verify their systematic compliance.

o. Approve internal and external audit programs, and review the bank's unaudited financial statements at least once (1) every three months.

p. Monitor compliance with what is established in the Agreements issued by this Superintendence regarding the truthfulness, reliability, and integrity of the information contained in the financial statements.

q. Ensure that systems exist that facilitate compliance with the Agreements issued by the Superintendence in matters of transparency of information on the bank's products and services.

r. Adopt policies and procedures with the objective of mitigating any risks that may affect the continuity of the bank's operation or put at risk the funds of its depositors; generated by its shareholders, senior management or high direction, its directors or its dignitaries.”

ARTICLE 3. MODIFICATION. Article 27 of Agreement No. 005-2011 of September 20, 2011, is as follows:

“ARTICLE 27. CORPORATE GOVERNANCE REQUIREMENTS FOR OWNERS OF BANKING SHARES. Owners of banking shares of banks whose origin supervisor is this Superintendence, must maintain a corporate governance structure that guarantees the strategic orientation of the banking group, effective control by the board of directors, and the responsibility of the latter towards the group and shareholders. For these purposes, the board of directors of these owners must ensure that adequate and sound corporate governance practices are established at the group level and, consequently, will have the following responsibilities:

a. Establish the policies, principles, norms, and internal control procedures that guarantee adequate risk management at the group level.

b. Ensure due transparency regarding the truthfulness, reliability, and integrity of the financial information and operations of the group.

c. Ensure the financial health of the group.

d. Make available to this Superintendence, when so required, information regarding its operations or activities.

e. Develop and implement appropriate policies for the treatment of conflicts of interest at the group level.

f. Adopt appropriate procedures for carrying out transactions with related parties to the group.

g. Ensure that group companies always have corporate governance structures that comply with what is established in the law and applicable regulations.

h. Adopt policies and procedures with the objective of mitigating any risks that may affect the continuity of the operation of the group's companies or put at risk the funds of their depositors; generated by their shareholders, senior management or high direction, their directors or their dignitaries.”

ARTICLE 4. COMPLIANCE DEADLINE. Banking entities and the owner of banking shares of banks whose origin supervisor is the Banking Superintendence of Panama, will have a compliance period of nine (9) months to comply with this Agreement, counted from its promulgation.

ARTICLE 5. VALIDITY. The provisions of this Agreement will begin to govern from its promulgation.

Given in the city of Panama, on the twenty-eighth (28) day of March of two thousand twenty-three (2023).

LET IT BE COMMUNICATED, PUBLISHED, AND COMPLIED WITH.

THE PRESIDENT THE SECRETARY Felipe Echandi Lacayo David Alberto Davarro