Regulation 63/2012 on Core Management Principles for Banks and Foreign Bank Branches

REPUBLIC OF ALBANIA BANK OF ALBANIA SUPERVISORY COUNCIL D E C I S I O N No. 63, dated 14.11.2012 ON THE APPROVAL OF THE REGULATION “ON CORE MANAGEMENT PRINCIPLES OF BANKS AND BRANCHES OF FOREIGN BANKS AND CRITERIA ON THE APPROVAL OF THEIR ADMINISTRATORS” Pursuant to Article 12, letter “a” and Article 43, letter “c”, of the Law No 8269, dated 23.12.1997 “On the Bank of Albania”, as amended; of Article 24, paragraph 1, letters “c“ and “ë” and paragraph 2, letter “b”; of Article 40 letter “c” and of Article 42 of the Law No. 9662, dated 18.12.2006 “On banks in the Republic of Albania”, as amended, the Supervisory Council of the Bank of Albania, upon the proposal from Supervision Departament, D E C I D E D:

1. To adopt the Regulation “On core management principles of banks and branches of foreign banks and criteria on the approval of their administrators”, as provided in the attached text therein.
2. The Supervision Department is commissioned with the implementation of this Decision.
3. Foreign Relations, European Integration and Communication Department is responsible for the publication of this Decision in the Official Journal of the Republic of Albania and in the Official Bulletin of the Bank of Albania.
4. The Regulation “On core management principles of banks and branches of foreign banks and criteria on the approval of their administrators” adopted with the Decision of Supervisory Council No. 40, dated 27.05.2009 shall be abrogated upon entry into force of this Decision. This Regulation shall enter into force in the 15th day after its publication in the Official Journal of the Republic of Albania. SECRETARY CHAIRMAN Ylli Memisha Ardian Fullani

2 REGULATION “ON CORE MANAGEMENT PRINCIPLES OF BANKS AND BRANCHES OF FOREIGN BANKS AND CRITERIA ON THE APPROVAL OF THEIR ADMINISTRATORS” (Adopted with decision No. 63, dated 14.11.2012 and amended by decision No. 73 dated 6.12.2017 and by decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania.) CHAPTER I General provisions Article 1 Scope The scope of this Regulation is to: a. set out the core principles and regulations for a responsible and efficient management of banks and branches of foreign banks; b. set out the requirements for an effective system of risk management, including the management of the compliance risk; c. set out the minimum requirements for drafting, implementing, and publishing the remuneration policy and scheme; d. set out the criteria for the administrators of banks and branches of foreign banks, and the relevant documentation for their approval by the Bank of Albania; and e. set out the criteria for concluding agreements with third parties on the discharge of duties and responsibilities for the administration and management of the bank. Article 2 Subjects This Regulation shall apply on banks and branches of foreign banks, which carry out banking and financial activity in the Republic of Albania, in compliance with the license granted to them by the Bank of Albania (hereinafter “banks”). Article 3 Legal grounds This Regulation is issued pursuant to Article 12, letter “a”, and Article 43, letter “c” of the Law No. 8269, dated 23.12.1997 “On the Bank of Albania”, as

3 amended; of Article 24, paragraph 1, letters “c” and “ë”, and paragraph 2, letter “b”; Article 40 letter “c” and Article 42 of the Law No 9662, dated 18.12.2006 “On banks in the Republic of Albania”, as amended. Article 4 Definitions

1. The terms used throughout this Regulation shall have the same meaning as the terms defined in the Law No. 9662, dated 18.12.2006 “On Banks in the Republic of Albania”, as amended.
2. In addition to provisions of paragraph 1 of this Article, for the purpose of implementing this Regulation, the following terms shall mean: a) “contingency planning of the bank” – shall imply all the measures compiled by the bank or the branch of a foreign bank to provide, in accordance with the scenarios in case of various crises situations, for the continuation of the bank‘s main activity, notwithstanding the interruption of services provided by third parties; b) “compliance risk” – shall imply the risk of a bank facing financial losses or reputational damage as a result of breaching, or failure to implement or comply with laws, bylaws and regulations, established practices, internal policies and procedures, as well as business ethic standards; c) 1 “risk appetite/tolerance” - is the aggregate level and types of risk that the bank is willing/able to undertake within the capacity of risk to achieve its strategic objectives of its activity and business plan; d) “non-executive director” – shall imply a member of the Steering Council, who is not a part of the executive management of the bank; e) 2 “risk capacity” - is the maximum level of risk that the bank is able to undertake, considering the support on the capital, liquidity, borrowing capacity and on the regulatory limits; f) 3 “systemically important banks” are the banks licensed and exercising their activity in the Republic of Albania, defined as such according to the decision making of the Bank of Albania; g) 4 “risk appetite/tolerance framework” is the overall approach, including policies, processes, controls and systems, through which risk appetite/tolerance is established, communicated and monitored. This framework includes, but is not limited to, a risk apetite/tolerance statement, risk limits and a description of the roles and responsibilities of those overseeing its (the framework’s) implementation and monitoring.

1 Amended by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 2 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 3 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 4 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania.

4 The framework should consider material risks to which the bank is exposed, as well as the bank’s reputational risk”; h) 5 “risk appetite/tolerance statement” is the articulation in written form of the agregate level and types of risk that a bank is willing to accept or to avoid, in order to achieve its business objectives. It includes qualitative statements and quantitative measures expressed relative to earnings, capital, size of risk, liquidity and other relevant measures as appropriate, and should also address the difficulties to quantify risks such as reputation and conduct risks, money laundering risk and unethical practices, etc; i) 6 “risk limits” are quantitative measures, based on forward looking assumptions that allocate the bank’s agregate risk apetite/tolerance statement (e.gl. measure of loss or negative events) to business lines, legal entities as relevant (part of the banking/financial group), specific risk categories, concentrations, and as appropriate, other levels; j) 7 “risk profile” is the point in time assessment of the bank’s gross and, as appropriate, net risk exposures (after taking into account mitigants), aggregated within and across each risk category, based on forward looking assumptions. CHAPTER II Core principles and regulations of a responsible and effective management Article 5 Steering bodies and general management culture

1. The Steering Council and the directorate, for the purpose of implementing the duties and responsibilities related to the management and control of the bank, shall get full and clear acquaintance with the risk profile of the bank, through determining/approving in advance, the approach and risk appetite/tolerance8 , and ongoing monitoring for compliance with the latter, and shall ensure that capital levels are adequate to cover this risk.
2. The Steering Council and the directorate, through the management approach, shall encourage (stimulate) an adequate management culture that promotes honesty and establishment of correct relationships among the employees, based on high professional and ethical standards and values.
3. The Steering Council, in collaboration with the directorate, shall take the measures for achieving high ethical and professional standards related to the bank management.

5 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 6 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 7 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 8 Amended by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

5 4. The bank shall ensure that, conform to the nature, size, and complexity of its operations, when combined together the expertise, experience and qualifications of the Steering Council members establish a collective and adequate qualification of the Steering Council. 5. 9The bank shall draft a special policy for the appointment of members of the Steering Council, specifying the requirements on diversifying the composition of the Steering Council in view of ensuring its collective knowledge, qualifications and experiences (of the Steering Council) in different areas of management and control. Article 6 Steering Council

1. The Steering Council, for the purpose of managing the bank in compliance with the adopted objectives, strategies and policies, as well as in the bank’s best interest, shall review and assess the following: a. developing and keeping sufficient professional expertise in line with the growth and complexity of the bank’s operations; b. financial security and stability of the bank; c. acquaintance with legal acts and by laws in force; d. preventing and forestalling potential conflicts of interests in the decision￾making activity of the bank; and parandalimin dhe shmangien e konflikteve të mundshme të interesit në veprimtarinë dhe vendimmarrjen e bankës; and e. upholding interests of the customers, investors and of the public at large.
2. The Steering Council shall be presided by the chair, who is a responsible for its effective functioning including maintaining ongoing trust relations with its members so as to: a. ensure that decisions are made on sound and well-informed grounds; b. encourage and promote critical review and discussions; and c. allow for opposing views and discussion in the framework of the decision-making process. Article 7 Directorate
3. The directorate shall organise and manage continuously the activity of the bank.
4. The directorate shall set out and may delegate the duties to the personnel, and shall supervise the enforcement of delegated responsibilities, in compliance with the adopted policies and procedures.

9 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

6 3. The directorate shall take the necessary measures to monitor and manage all the risks the bank is exposed to, in line with the adopted strategies. 4. The directorate shall implement the adopted policies and strategies, and provide that the process on risk management be continuously in compliance with the risk profile of the subject and with the approved business plan. Article 8 Effectiveness of the Steering Council and cooperation of the steering bodies

1. The directorate shall regularly inform the Steering Council of the bank, in a timely and comprehensive manner, on important issues related to bank operations, especially regarding risk management, implementation of strategies and policies, as well as on any deviation from the adopted objectives.
2. The Steering Council, in cooperation/consultation with the directorate, shall take decisions in the best interest of the bank, which should contribute to the prudent management and control of the bank, regarding the following issues: a. objectives of the activity; b. policies and guidelines to achieve these objectives; c. strategies to take the risks and their management; and d. risk-profile analyses.
3. Based on the reports, analyses and information received by the directorate, the Steering Council shall revise, on a regular basis, the approved policies and assess, on ongoing basis, their conformity with both market and bank’s developments.
4. The Steering Council and directorate shall effectively make use of the information and conclusions provided by the internal audit unit or system, the statutory auditor and other legal structures of the bank’s control. Article 9 Autonomy of administrators
5. Administrators, within the attributions set out by the law, bylaws and the steering bodies, shall assess and take, independently and objectively, decisions related to the activity of the bank.
6. For the purpose of implementing the provisions set out in paragraph 1 of this Article, the Administrator shall consider all the valid, adequate and complete information, and other relevant factors that may affect these decisions.

7 Article 10 Committees established by the Steering Council

1. The Steering Council, in accordance with the nature, size, complexity of operations and risk profile of the bank, may establish specialised committees at Steering Council level, such as the risk management committee, remuneration committee, nominations committee to advise/assist the Council on special issues.
2. Such committees shall be established upon a special act of the Steering Council, which shall determine clearly their establishment scope, mandate, composition and working procedures.
3. A committee established by the Steering Council as stipulated in this Article shall be composed of one Chairperson and at least two members.
4. In their annual reports, the banks shall publish the names of the committees established under the responsibility of the Steering Council, their mandates and composition. CHAPTER III Risk management systems, compliance and remuneration policy Article 11 General provisions
5. Banks shall create and develop risk management systems, conform to the nature, scope and complexity of their activities.
6. A risk management system is a set of policies, procedures, rules and bank structures that serve to manage the risk
7. “A risk management system” shall imply: a) identifying, measuring, monitoring, controlling and reporting all risks within a bank across all its activities (the entire balance, portfolios and business lines); b) determining the functions of risk management structures that: i) Identify all risks in the bank; ii) assess the risks and measure exposure to them; iii) monitor exposure to risks and determine capital needs on a continuous basis;

8 iv) monitor and evaluate the decision to accept certain risks, measures to mitigate risk and compliance of decisions with Steering Council decisions on risk policies and risk tolerance; v) report directly and independently to the Steering Council, as well as to the executive management on all the above issues. Article 12 Policies, rules and internal procedures of banks

1. When drafting risk management policies, banks ensure that these policies are applicable, understandable, and well defined for each organisational unit of the bank.
2. Risk management policies shall include at least the following: a) organisational structure and scope of risk management function; b) risk measuring method; c) duties and responsibilities of the risk management structures; d) structure and frequency of the risk committee meetings; e) method of placement/limits/risk rates and procedures in cases of violation of these limits/rates; f) information methodology and reporting procedures; g) approval and/or confirmations in special circumstances.
3. Banks ensure that risk management policies adequately fit the structure of the bank, ensuring in particular that: a) risk management systems, both on individual and consolidated basis, are understood by the senior management and bank staff; b) risk management strategies take into consideration the balance/ratio of various risks and the bank capital; c) rreziqet në veprimtarinë kryesore/bazë të bankës janë të diversifikuara; dhe d) janë ndërmarrë masat e nevojshme për monitorimin e efekteve negative të rreziqeve sistemike, që rrjedhin nga sistemet e pagesave (të cilat mund të shkaktohen nga banka të veçanta që operojnë në treg) dhe ndikojnë në stabilitetin e sistemit.
4. Bankat, në funksion të zbatimit të politikave për administrimin e rrezikut, hartojnë rregulla dhe procedura të brendshme. Article 13 Risk-management structures
5. Banks, depending on their operations and risk profile, shall have a specific risk-management structure/unit and shall appoint an independent executive

9 director for the management of risk. 10 This structure/unit has sufficient authority, reputation, knowledge and resources to ensure the implementation of risk policies and risk management framework, as well as effective risk management processes. 1/1. 11The structure/unit of risk management is independent from the business lines and the internal units it controls, and also has a special reporting line and dependency. In each case, this structure interacts with business lines/internal units, in order to achieve the objectives. Interaction between operational functions and the risk management structure/unit should help to achieve the objectives of the entire bank staff that is responsible for managing the risks. 2. Banks, depending on the nature, size and complexity of their operations, shall separate the role of the executive director for the management of risk from that of managers covering other functions in the bank 3. Employees of the risk management unit shall have adequate experience and qualifications on market products and risk measurement techniques for all bank business lines and all the risks that a bank may encounter during its operations, 12 and perform regular trainings. 4. The risk-management structure/unit shall undertake quantitative and qualitative analyses of risk elements in order to identify potential risk exposure, providing also the appropriate considerations for the bank, 13and also shall provide the necessary recommendations for improvement of the risk management framework and for the corrective measures to remedy breaches in risk policies, procedures and limits. 5. The role of the risk-management structure/unit shall be clear and transparent in terms of staff responsibilities relative to the risks. 6. The banks shall document periodic interaction between the risk management structure/unit and the Steering Council. 7. 14 The risk management structure/unit is involved at an early stage in drafting the risk strategy and ensures that the bank has established effective risk management processes. This structure/unit provides the Steering Council with all the information needed for risk related issues, in order to determine the level of risk appetite/tolerance by the council 8. 15The risk management structure/unit shall assess sustainability of the risk strategy and appetite/tolerance and shall make sure that risk appetite/tolerance is appropriately adjusted to the specific risk limits.

10 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 11 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 12 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 13 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 14 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 15 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

10 9. 16The risk management structure/unit shall assess the risk strategies of the business units (considering the objectives proposed by these units) and shall present this assessment to the Steering Council before taking decisions on these strategies. The business unit's objectives must be reliable and consistent with the bank's risk strategy. 10. 17The risk management structure/unit is involved in the assessment of the impact of significant (material) changes and exceptional transactions on the overall risk of the bank and the banking/financial group, and it reports the findings directly to the Steering Council, before taking decisions on these changes or transactions. 11. 18 The risk management structure/unit shall assess the impact of the identified risks, on the ability of the bank or the banking/financial group to manage its risk profile, as well as its liquidity and sound capital base under normal and adverse circumstances. 12. 19 The risk management structure/unit shall ensure that the risks are identified, assessed, measured, monitored, managed, mitigated and reported by and to the relevant bank units. 13. 20 The risk management structure/unit shall ensure that transactions with related persons are analysed, and the risks that they pose for the bank are appropriately identified and assessed. 14. 21 The risk management structure/unit shall ensure that all identified risks can be effectively monitored by the business units . 15. 22The risk management structure/unit shall regularly monitor the actual risk profile of the bank and review it within the bank's strategic objectives and risk appetite/tolerance, informing the Steering Council in a complete, comprehensive and sufficient manner. 16. 23 The risk management structure/unit shall assess the possible ways to mitigate the risks, and shall propose to the Steering Council the appropriate action plan for mitigating risk.

16 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 17 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 18 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 19 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 20 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 21 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 22 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 23 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

11 24Article 13/1 Head of the risk management structure/unit

1. The head of the risk management structure/unit should be responsible for providing comprehensive and understandable information on risks, as well as for advising the Steering Council, in order for this body to understand the bank’s overall risk profile.
2. The head of the risk management structure/unit should have sufficient expertise, independence of mind and experience to discuss/challenge decisions that affect the bank’s risk exposure.
3. The head of the risk management structure/unit should argue and document, in each case, his/her opposing approaches regarding proposed decisions to be taken by the Directorate. If a bank grants the head of the risk management structure/unit the right to veto a certain decision making (e.g. the approval of a credit or investment exposure, or the setting of a limit), below the decision making made at the Steering Council level, the bank should specify in its internal regulations the extension of this veto right and the scope, escalation or appeal procedures regarding this decision making and how the Steering Council shall be involved.
4. The banks should establish in their internal procedures strengthened and clearly specified processes for the approval of the decisions, on which the head of the risk management structure/unit has expressed a negative view. The Steering Council should communicate directly with the head of this structure/unit on key risk issues, including developments that may be inconsistent with the bank’s risk appetite/tolerance and risk strategy
5. The head of the risk management structure/unit should report periodically to the Steering Council, to the risk committee and to the bank’s Chief Executive Officer. Article 14 Compliance function
6. The banks shall have an executive director with the overall responsibility for the identification, coordination and management of the bank’s compliance risk. 1/1. 25 The compliance structure/unit is independent from, the business lines and the internal units that controls and has the authority, reputation and sufficient resources.

24 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 25 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

12 2. The main responsibility of the bank’s compliance structure/unit is to assist the senior management for effectively managing compliance risks 3. The compliance structure/unit shall advise the senior management on compliance with laws, rules and standards, informing regularly on developments in the field. More specifically, it shall: a) educate and train staff on compliance issues and act as a focal point within the bank for compliance-related queries from staff members; b) establish written guidelines for the staff on the appropriate implementation of laws, regulations and standards through policies and procedures and other documents such as compliance manuals, internal codes of conduct and practical guidelines; c) 26 the verification, in close cooperation with the risk management structure/unit and the legal unit or other structures of the bank, that new products and procedures comply with the legal framework in force; c/1) 27 the assessment of the possible impact of any legal and regulatory change on the bank's activity and on the compliance framework; d) measure the compliance risk by using performance indicators (e.g. increased number of customer complaints, irregularities in payments) to enhance compliance risk assessment; e) assess the appropriateness of the bank’s compliance procedures and guidelines, and identified deficiencies by formulating proposals for amendments; f) monitor, test and report results of the compliance testing in accordance with the bank’s internal risk management procedures, identifying any changes in the compliance risk profile based on relevant performance indicators, identified breaches and/or deficiencies and corrective measures that have been taken; g) creating an encouraging and suitable climate for the employees of the bank to communicate/signal noncompliance with the rules, procedures, operations, etc., ensuring the confidentiality and protection for the employees. 4. The compliance structure/unit may discharge other specific statutory functions in the framework of fulfilling legal obligations of the bank (such as anti-money laundering), as well as liaise with the Bank of Albania and/or other financial supervision authorities, external statutory accountants, etc 5. The compliance structure/unit performs the duties specified in this Regulation and in bank regulatory acts under a compliance programme that sets out its planned activities, such as implementation and review of specific policies and procedures, special procedures on compliance risk, compliance testing and assessment as well as staff training and education on compliance matters

26 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 27 Added by the Decision No 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

13 6. The programme of the compliance structure/unit shall be risk-centred and subject to ongoing review to ensure appropriate coverage across bank operations and coordination among risk management functions. Article 15 Remuneration policies

1. The Steering Council, in line with the strategy, long-term objectives of the bank activity and its performance and development, shall clearly determine and approve remuneration policies of the bank.
2. The Steering Council shall determine the remuneration scheme and amount in conformity with its risk profile. Thereto, the Steering Council may be assisted by a committee established by it (the Remuneration Committee).
3. The Steering Council ensures that remuneration committee members are non-executive directors knowledgeable about remuneration policies and incentives stipulated in the work contracts as well as risks that may arise from these contracts.
4. The remuneration committee shall work closely with the risk- management committee to assess the indicators that may be used as incentives in determining the bonuses and to ensure the annual review of the bonuses, based on the long-term objectives, risk strategy and performance of the bank.
5. The Steering Council’s remuneration policies aim at promoting effective risk management and discouraging risk-taking beyond the risk 28 appetite/tolerance determined by the banks..
6. 29Remuneration policies shall be drafted for all bank staff and shall cover all forms and elements of remuneration, including the salary, bonuses, other financial and material benefits, as well as participation in voluntary pension schemes (if applicable), etc.: a) Bank identifies the persons, whose activity has a material impact on the bank’s risk profile (identified staff); b) The category “identified staff” shall include: i. bank executive directors; ii. internal audit employees; iii. employees performing risk-taking duties (e.g. traders of securities); iv. all employees, whose activity is deemed to affect the bank’s risk profile.

28 Amended by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 29 Amended by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania.

14 7. 30 The remuneration policies should contain the following elements: a) the performance objectives for the bank, by the areas of activity and business, as well as for the staff; b) the methods of measurement/evaluation of performance, including the performance evaluation criteria; c) the variable elements of remuneration, and the rules for the change of these elements, before the award is made (ex-ante) and after the award is made (ex-post). 8. 31The staff, exercising the control functions, should be independent from the business units it controls and is remunerated on the basis of the achievement of objectives related to their functions, independently from the performance of the business areas that they control. 9. 32The remuneration policy and practices should be clear, well documented and transparent for the staff, regarding their components (variable and fixed) and the criteria on which they rely. The remuneration policies for the “identified staff” are well defined concerning the variable component. 10.The Steering Council shall determine the remuneration based on variable and fixed components. The share of the fixed and variable components in the total remuneration shall vary according to the staff categories in the bank. 11. 33 The fixed component of the remuneration shall represent the highest share in the total remuneration, in order to allow for flexible policies on the variable component, including the possibility for non-payment of the variable component. The variable component shall be permanent, predetermined, non - revocable; as well as shall not provide incentives for risk assumption and does not depend on performance. 12.The variable component is determined according to the financial situation of the bank, its overall as well as individual business units' performance. This element may be applied to a determined staff category, identified by the bank. 13. 34 The variable component may be in several forms (bonuses, shares, etc), and shall be diminished when the bank has a negative financial performance or eliminated when the bank incurs substantial losses. Some of the payments or payment arrangements for the staff, included in the concept of “distribution payment”, according to the Article 23 of the Regulation “On macroprudential capital buffers”. 14. 35 The variable element can be payed in advance or deferred. The deferred payments are a deal, on the basis of which part of the variable

30 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 31 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 32 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 33 Amended by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 34 Amended by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 35 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania.

15 remuneration, either in cash or in instruments, is awarded to the employee during a multi-year period or at the end of such period. 15. 36The adjustment of the (variable) elements of the remuneration, before the payment of the remuneration (ex-ante), should be based on risk indicators and ensures that these elements (variable) are aligned with the risk taken and, at the same time, fulfil the following conditions: a) are clearly specified and granular, adequately reflect all risks, and their level of application is defined (e.g. business units, organizational sub-units, or individual level); b) are of a quantitative nature, which are used for risk management in banks; c) are of a qualitative nature, which also represent risk and control elements, such as compliance breaches, risk limits breaches and internal control indicators (based on internal audit findings) or similar methods. 16. 37The (variable) elements adjustment, after the remuneration is awarded (ex-post), ensures that all staf members are rewarded based on a sustainable performance for the long-term period, as a result of the past decisions. 17. 38The bank, in the cases when the ex-post adjustment of the variable element is applied, has in place well-defined criteria on how this adjustment of the variable element shall be performed. 18. 39The total (variable) remuneration, awarded by the bank, must not limit the ability of the bank to maintain or restore its capital base, in the long term. Banks should consider this requirement, the results from the internal capital adequacy assessment process (ICAAP) and its multi-year capital planning, when determining the overall pool of (variable) remuneration, to be awarded for that year. 19. 40The Steering Council, or if applicable, the remuneration committee, shall periodically review the remuneration policies and practices, in order to reflect the changes in the financial situation of the bank and shall be responsible for their implementation. This review shall be performed at least annually. 20. 41The internal audit function of the superordinate bank (in the case of a banking/financial group) ensures a comprehensive reassessment of the compliance of the remuneration policies with the group’s regulation, policies, procedures and internal rules.

36 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 37 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 38 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 39 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 40 Amended by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 41 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania.

16 21. 42 The periodic independent review of remuneration policies may be, partially or totally, externally outsourced by small and less complex banks. Larger and more complex banks should have sufficient resources to conduct the review with the internal staff, while qualified and independent external consultants may complement and support the bank in carrying out such tasks. 22. 43Banks should assess whether the overall remuneration policies, practices and processes: a) are implemented as intended in the internal documents of the bank, with a particular focus on complying with the internal procedures and rules, that the remuneration pay outs are appropriate and in line with the business strategy, and that the risk profile, long-term objectives and other goals of the bank are adequately reflected; b) are compliant with national and international regulations, principles and standards; and c) are continually implemented across the group and do not limit the bank’s ability to take into consideration the risk, and to fulfil the capital and liquidity requirements, in compliance with point 28.1, letter “g” of the guideline “On internal and effective governance of banks”. 23. 44Banks’ other internal functions (e.g. human resources, legal department and strategic planning, etc.), as well as other main committees of the Steering Council (e.g. control, risk/risks and nominations committee) are closely involved in the review of the bank’s remuneration policies, in order to ensure the harmonisation with the banks’ strategy and risk management framework. 24. 45 The Steering Council or the remuneration committee, where periodic reviews reveal that the remuneration policies does not operate as intended or according to previous recommendations, should ensure that a remendial action plan is proposed and approved. The results of the internal review and actions taken to remedy any findings should be documented, either through written reports or through the minutes of the meetings of the Steering Council or relevant committees. 25. Banks shall publish in their annual reports the remuneration policies, aggregated annual amounts of compensations and bonuses of the Steering Council members and of the directorate/executive directors as well as their remuneration forms, by explaining and supporting with arguments the compliance of these remunerations with the risk-management policies, the risk profile determined by the long-term objectives of the bank, and the principles set out in this Article.

42 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 43 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 44 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 45 Added by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania.

17 CHAPTER IV Criteria on the qualification, experience and requirements related to the documentation for the approval of the administrators Article 16 Qualification and experience criteria

1. Any individual with a high ethical and professional reputation, with professional qualification and experience in management may be an administrator of a bank. 1/1. 46The bank's administrator has a high ethical reputation if: a) is not under a criminal proceeding, under a court proceeding for criminal offences and has not been convicted; b) has acted with competence when exercising the functions and in accordance with the nature, extent and complexity of the bank's activity (if applicable); c) has shown rectitude and, in particular, transparency and cooperation regarding the relationship with the supervisory authority and in the attitude towards its (supervisory authority) supervisory and penalizing measures; d) has achieved high results and has shown professional integrity when exercising previous functions or experiences; e) there is no data on the financial condition that may affect his reputation or other data that create reasonable doubts about the reputation of that individual; and f) there are not taken disciplinary measures of dismissal or any other disciplinary measure, which is still in force, under the legislation in force at the time of application/assessment, unless the disciplinary measure is considered contrary to the law, by a court decision final form.
2. The qualification and professional experience in management shall be adequate and suitable to the nature, size and complexity of the bank's operations, as stipulated in paragraphs 3 and 4 of this Article.
3. The proposed administrators shall be deemed to have adequate and suitable qualification and professional experience, when meeting the following criteria: a. hold a university degree or at least a second cycle degree of studies at higher education institutions (in the case of administrators, Albanian citizens) in law or economics, and have experience (have worked) for at least 5 (five) years in one of the following sectors: i) banking/financial system, ii) risk management in the financial markets, iii) financial management, iv) auditing, v) banking/financial supervision,

46 Added by the Decision No 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

18 vi) legal or academic experience related to financial markets; or b. hold a university degree in a field different from law or economics, and have experience in banking sector, for at least 5 years. 4. The administrators proposed for members of the Steering Council or of the directorate, in addition to the criteria set out in paragraph 3 of this Article, shall be considered to own adequate and suitable managing experience when meeting at least one of the following criteria: a. have held a managing position for at least 3 (three) years in financial institutions operating in the domestic or international financial markets; b. have held a managing position for at least 3 (three) years in one of the supervision authorities of the banking/financial market in Albania or abroad; c. have held a managing position for at least 5 (five) years in legal entities different from those mentioned in “a” and “b” of this paragraph. d. 47have held the positions defined in letters “a”, “b” and “c” of this Article, (accumulated through the years) for at least 5 (five) years. 48The managing experience criteria, stipulated in this point, is applied for the proposed administrators for the positions: member of Directorate (Chief Executive Officer, Deputy Chief Executive Officer), member of the Steering Council, member of the Audit Committee. This criterion does not apply for the executive directors that are responsible for the functions stipulated in Article 16, point 5, letter “c”. 5. The category of administrators – members of the directorate and executive directors - includes, but is not limited to: a) General director; b) deputy general director/s; and c) executive directors responsible for the following functions: i) origination (sale) of credit, ii) investments and trading of instruments on behalf of the bank, iii) aggregate assessment and control of risks, iv) compliance, v) anti-money laundering, vi) operations management, vii) supervision of branches network, viii) planning, budgeting, follow – up and financial reporting, ix) financial control, x) ICT electronic systems management. 6. Conform the nature, size and complexity of its operations, an executive director may be responsible for more than one of the above-listed functions. When one of these functions is shared between several directors, the Bank shall determine the leading director for that function.

47 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 48 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania.

19 Article 17 Requirements related to documentation for the approval of administrators

1. The bank shall submit a written application to the Bank of Albania to acquire the prior approval of the respective administrator, accompanied by the documentation as stipulated in paragraph 2 or 3 of this Article, 49 within 30 working days starting from the date the decision was made from the decision-making authority.
2. The following documents and the filled-in forms as provided in annexes 1 and 2 of this Regulation shall be attached to the application: a. decision of the competent authority with the proposal for the assignment of the respective administrator; b. identification document; c. higher education diploma; d. documents that certify other qualifications of the proposed administrator; e. detailed data on the commercial activity and businesses conducted for the last 5 (five) years, including the information for qualifying holding; f. at least one recommendation on the professional quality, issued by the supervisor, previous employers or academics; g. a detailed description of the job position that the proposed administrator shall hold; h. personal statement certifying the payment of all tax duties; i. personal statement of the proposed administrator declaring that, throughout the previous employment, has not carried out any action as per stipulations of Article 41 of the Law No 9662, dated 18.12.2006 “On banks in the Republic of Albania”; the statement shall be filled in compliance with form provided in Annex 2 of this Regulation; j. for the administrators proposed for Steering Council members, a personal statement on private interests, as stipulated in Article 44 of the Law No 9662, dated 18.12.2006 “On banks in the Republic of Albania” (according to Annex 3 of this Regulation); k. the following certificates issued by the competent authorities attesting that the proposed candidate: i) is not under a criminal proceeding, ii) is not under a court proceeding for criminal offences, iii) has not been convicted (criminal records issued by the Ministry of Justice), iv)has no outstanding property collateral duties (issued by the Bailiff Office). l. 50 the borrower’s certificate or report from the credit registry or an equivalent document issued by the competent authorities of the foreign state.

49 Added by the Decision No 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 50 Added by the Decision No 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

20 m. 51 the declaration with the information regarding working or business relationships in accordance with legal stipulations, with persons with criminal convictions by a final court decision (in compliance with form provided in Annex 5 of this Regulation). The above-mentioned documents must be issued no earlier than 3 (three) months from the date of submitting the application. 3. When the proposed administrator is a foreign citizen, in addition to the documentation stipulated in paragraph 2 of this Article, when applicable, the bank shall submit to the Bank of Albania the work and residence permit of the candidates, in compliance with Law No 9959, dated 17.7.2008 “On foreign citizens“. 4. For the foreign administrator, when applicable, the certificates stipulated in letter “k” of paragraph 2 of this Article shall be submitted as issued by the competent authorities of the country of origin. 5. The documentation set out in paragraphs 2 and 3 of this Article should be submitted in the Albanian language, in original or a copy certified by a public notary. The documentation issued by the respective official authorities of the foreign countries must be legalised by the responsible authorities. 6. The documentation shall be submitted in a closed envelope or sent via registered mail to the Bank of Albania. Article 18 Approval of administrators

1. Bank of Albania shall grant prior approval for the assignment of the proposed administrator upon assessing the reputation and qualification of the proposed candidate based on: a. documents submitted in compliance with paragraph 2 of Article 17, of this Regulation; a/1. 52an analysis prepared by the bank that suggests the administrator on the appropriateness of his / her professional knowledge (administrator) regarding the proposed position, which is mainly based on: i) 53 the time-frame, nature and complexity of the previous experience of the proposed administrator including his/her position in the business organizational structure; ii) competences, decisions and responsibilities exercised in previous positions of job; iii) 54 knowledge gained from these job positions, on financial institutions and the risks management (identification, assessment,

51 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 52 Added by the Decision No 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 53 Amended by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 54 Amended by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania.

21 monitoring, control and mitigation of main risks) faced by these institutions; iv) the number of employees he/she has had under control/management; v) arguments and reasons for the suitability of the proposed administrator, with the activity, functions and duties to be performed; and vi) bank's assessment for the achieved results and professional integrity displayed during the previous functions or experiences; a/2. 55an assessment prepared by the bank over the available necessary time, that the proposed administrator will devote to the fulfilment of his/her function and responsibilities, which (the assessment) should be based primarily on his/her commitment as a result of the number of positions he/she can keep in other management structures of affiliates of the same banking group or in entities where the bank has significant influence; b. documents or other information that the Bank of Albania has; c. findings (conclusions, deductions) of the Bank of Albania; d. an interview, if deemed necessary, between the Bank of Albania and the proposed administrator. 2. The assessment of documentation for prior approval for the assignment of the foreign administrator shall consist in the following two phases: a. In the first phase, the Bank of Albania shall state its no-objection on the assignment of the foreign administrator, when, following the evaluation of the documentation submitted in compliance with the requirements of paragraph 2 of Article 17 of this Regulation, it concludes that the criteria laid down in Article 16 of this Regulation are met. b. In the second phase, the Bank of Albania shall grant prior approval for the assignment of the foreign administrator, following the submission of the complete documentation in compliance with paragraph 3 of Article 17, of this Regulation. 3. Bank of Albania shall refuse prior approval for the assignment of the proposed administrator, when, based on its assessments, the proposed administrator does not meet the criteria and conditions set out in the Law No 9662, dated 18.12.2006 “On banks in the Republic of Albania” and in this Regulation. 4. In case of refusal of the application for the assignment of the proposed administrator, the Bank of Albania shall describe the reasons for such refusal in writing. 5. 56If the administrator has several positions in other management structures of affiliates of the same banking group or in entities where the bank has significant influence, the Bank of Albania requires the bank to discharge the

55 Added by the Decision No 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 56 Added by the Decision No 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

22 administrator from one or more functions that prevent the administrator to work full-time. 6. 57The Bank of Albania interrupts the procedures for reviewing the request for approval of the administrator if the data and/or documentation required for approval are not met by the bank within 6 (six) months after the date of the initial application for approval. In case of termination of the procedure for reviewing the application for approval, the Bank of Albania shall notify the bank in written form. Article 19 Approval in case of the change in the position of administrators or their re-assignment58

1. When administrators are 59 assigned to a position different from the existing one, but continue to preserve the attribute of an administrator as provided in paragraph 19 of Article 4, of the Law No 9662, dated 18.12.2006 “On banks in the Republic of Albania”, the banks shall submit an application in writing to the Bank of Albania for the approval of this 60assignment. The application should be accompanied with the following documentation: a. document of assignment, as stipulated in letter “a”, of paragraph 2, Article 17 of this regulation; b. CV conform to Annex 1 attached to this regulation; c. detailed job description of the new position that the proposed administrator shall hold. 1/1. 61In the event of a re-assignment of the administrator in the same position, the bank submits to the Bank of Albania a written request for approval of this re- assignment. This request is accompanied by the following documentation: a) document of re-assignment, as stipulated in letter “a”, of paragraph 2, Article 17 of this regulation; b) updated CV, completed according to Annex No 1 attached to this regulation; c) a detailed information/report on the assessment and contribution of the administrator, for the effective management of the bank (for example, an assessment of the executive director’s performance, of the contribution of a member of the Steering Council at the meetings of this authority, etc.); d) additional information that may be deemed necessary.
2. 62The Bank of Albania may refuse to grant prior approval to assign an administrator in a position other than the existing one and/or to re-assign

57 Added by the Decision No 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 58 Amended by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 59 Amended by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 60 Amended by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 61 Added by the Decision No 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 62 Amended by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

23 him/her, when by assessing him/her, considers that his/her qualifications and experience are not appropriate for the proposed position as an administrator or his/her contribution is not considered significant. 63Article 19/1 The process of re-assessment of the administrators

1. Banks carry out re-assessment of the suitability of approved administrators during the exercise of their functions, at least once a year, and whenever deemed necessary, based on special circumstances or facts.
2. 64 Banks, through the process of re-assessment of the suitability of approved administrators, ensure the complementarity of the criteria set out in this regulation, as well as report to the Bank of Albania the results of the re-assessment process, on annual basis and before the end of the first quarter of the following year.
3. Banks document the re-assessment process of suitability for all categories of administrators, respectively, of the members of the Steering Council, members of the audit committee, and executive directors.
4. 65Banks oblige all administrators to notify the bank for any circumstance or fact that has a significant impact on their suitability for carrying out the functions for which they are approved, or to confirm at least once a year, that the data on which the Bank of Albania has given prior approval, have not changed. Where banks notice the lack of fulfilment of the conditions by the administrators, for whom the prior approval has been granted, they shall immediately notify Bank of Albania, not later than 5 working days after the notice.
5. 66Bank of Albania, after the notification according to point 4 of this Article, but even if it notices this fact during the exercise of its supervisory process, assesses whether it can apply the article 43 of Law on Banks. Article 20 Administrators leaving the post The banks shall inform the Bank of Albania within 30 (thirty) days on administrators leaving their post providing in writing the respective reasons for leaving.

63 Added by the Decision No 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 64 Amended by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 65 Amended by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 66 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania.

24 CHAPTER V Agreements with third parties for the administration and management of the bank Article 21 Criteria to conclude agreements with third parties

1. The bank, upon prior approval by the Bank of Albania, may conclude agreements with third parties for on the exercise of duties and responsibilities for its administration and management.
2. For the exercise of duties and responsibilities by third parties, the bank shall: a. compile and approve a policy on appropriate control of duties and responsibilities discharged by third parties; b. ensure that the contingency of its business operations, services quality and reputation are not affected or compromised by the transfer of these duties and responsibilities; c. guarantee that the service provider enjoys the required reputation and experience as well as a stable financial position; d. ensure that the internal audit system applies on the duties and responsibilities delegated to third parties; e. set out the criteria and compile the methods and procedures to observe management of risk arising from the transfer of duties and responsibilities; f. ensure that the service provider shall preserve the confidentiality/secrecy of the bank and of customers professional information against the risk of access by unauthorised persons; g. ensure that the agreements with the third parties do not reduce its ability to meet its obligations towards customers or hamper the effective supervision from the Bank of Albania.
3. The bank may not conclude agreements with third parties to transfer the internal audit function and/or the conduct of banking and financial activities set out in Article 54, paragraphs 1 and 2 of the Law No 9662, dated 18.12.2006 “On banks in the Republic of Albania”.
4. The Bank may, without the approval of the Bank of Albania, contract and conclude agreements with third parties for the following services: a. telephony ; b. market information services such as Bloomberg, Moody’s, and Standard & Poors; c. common infrastructure network such as VISA and Mastercard;

25 d. other functions it may not carry out itself such as: advisory services, legal review, and independent assessments; e. services that are generally considered as low risk such as: mail service, printing, and purchase of goods and equipment. Article 22 Required documentation for prior approval to conclude agreements with third parties

1. To receive prior approval from the Bank of Albania to conclude agreements with the third parties on the transfer of duties and responsibilities for its management, the bank shall submit a written application form to the Bank of Albania, accompanied with the following documentation: a. Draft-agreement as approved by the parties containing, amongst other things, the following: i. scope of agreement, ii. duties and responsibilities that will be transferred, iii. relationships between the bank and the service provider (mutual rights and obligations of the parties), iv. conditions and/or procedures for the termination of the agreement, v. reporting methodology and frequency by the service provider to the bank, regarding the performance of services, etc.; b. an assessment on the expectations for the implementation of the agreement related to: i. effects of this agreement on the financial stability, reputation and activity of the bank, ii. expected performance of the service provider, iii. costs and benefits that will derive from the implementation of the agreement; c. internal regulations on the way and procedures for carrying out the transferred duties and responsibilities; d. business operations contingency planning; e. documentation containing identification data for the service provider, as follows: i. statute of the company, ii. registration certificate as a legal person at the National Registration Centre (for non-resident legal entities – legally equivalent acts in compliance with the foreign legislation/jurisdiction), iii. extract from the Commercial Registry issued by the National Registration Centre setting out the activity/activities for which the agreement is concluded (for non-resident legal entities - legally equivalent acts in compliance with the foreign legislation/jurisdiction), iv. for the proposed administrator, the documentation as stipulated in the requirements of paragraph 2 Article 17 of this Regulation;

26 f. certificate issued by the competent authorities evidencing the payment of fiscal duties for the last financial year for the service provider; g. accounting balance and financial statements of the service provider for the last year, certified by the statutory auditor. 2. The documentation according to paragraph 1 of this Article shall be submitted in the Albanian language, in original or a copy certified by a public notary. The documentation issued by the respective official authorities of foreign countries shall be legalised by the competent authorities. 3. The documentation shall be submitted in a closed envelope or via registered mail to the Bank of Albania. 4. 67The Bank of Albania interrupts the procedures for reviewing the request for approval to conclude the agreements with third parties on the transfer of duties and responsibilities for its management, if the data and/or documentation required for approval are not met by the bank within 6 (six) months after the date of the initial application for approval. In case of termination of the procedure for reviewing the application for approval, the Bank of Albania shall notify the bank in written form. CHAPTER VI Final provisions Article 23 Other

1. As part of their annual reports, banks shall also publish an overall consistent and descriptive statement of all the main rules and procedures that the banks implement in regards to the core principles of the responsible and efficient management, in conformity with the nature, size and complexity of their activity, 68 and in particular the organizational structure that provides a clear separation of duties, responsibilities and reporting, according to the model of the three lines of defence.
2. 69 Banks, as part of their annual report, publish a separate risk appetite/tolerance statement, in pursuit of their strategic objectives. The statement is reviewed by the Steering Council on an annual basis and in each case there are significant (material) changes in their activity, which may change the approach/decision of the Steering Council for the risk appetite/tolerance.
3. 70 Banks ensure that risk appetite/tolerance statement addresses issues of risk culture and appetite/tolerance and bank’s risk capacities, while exercising banking and financial activities

67 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 68 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 69 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania. 70 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

27 4. 71Banks, as part of their annual report, should also publish the information on periodicity of meetings of the Steering Council and its committees, as well as the information regarding the participation rates, holdings and level of influence in other companies. Article 24 Final 72Annex 1, 2, 3, 4 and 5 herein are an integral part of this Regulation. 73Supervision Department publishes on the Bank of Albania’s website the guideline “On internal and effective governance of banks”, compiled in accordance with the best standards and practices for their effective governance. CHAIRMAN OF SUPERVISORY COUNCIL ARDIAN FULLANI

71 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 72 Amended by the Decision No.21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania. 73 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania.

28 Annex 1 INFORMATION ABOUT THE CANDIDATE PROPOSED FOR THE POSITION OF THE ADMINISTRATOR OF A BANK (The provided information shall be considered as confidential by the Bank of Albania)

1. BANK NAME AND LEGAL SEAT
2. PERSONAL INFORMATION First name and last name Residence address Date and place of birth Citizenship Telephone number, office Telephone number, home E-mail address
3. EDUCATION (please list chronologically all education institutions you have attended, duration of studies, graduation date and academic titles)
4. FOREIGN LANGUAGES (please list the foreign languages and the level of mastering them)
5. ADVANCED TRAINING (please list chronologically all the training courses, duration, topics and organisers)
6. WORK EXPERIENCE (please list chronologically the previous employments Job title, duration of employment and main duties) 74PARTICIPATION IN STEERING COUNCILS/ PROFESSIONAL ASSOCIATION (please list the associations /organisations where you are or have been a member of steering councils, the dates of participation, etc.)

74 Added by the Decision No 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

29 75Name and address of the employer Employment period (month/year – month/year) Job position (name of your job position) Duties and responsibilities (detailed) Reasons of departure a) Resignation !! b) Restructuring !! c) Retirement !! d) Termination of the contract !! e) Dismissal from job !! f) Other reasons !! Please provide details 7. NAME, POSITION, ADDRESS OF TWO PERSONS ENGAGED IN BANKING OR FINANCIAL SECTOR WHO MAY PROVIDE THEIR COMPETENT PROFESSIONAL OPINIONS ON THE CANDIDATE’S PROFFESSIONAL COMPETENCE AS WELL AS ON THE PERSONAL INTEGRITY. (if these persons do not hold so far the positions referred to this Regulation, please provide the time and job position they have held these positions) 1. 2. 8. Do you or related persons, set out in accordance with the law “On banks in the Republic of Albania”, have any financial relationship with the bank (credit, guarantee)? If “yes”, please note them. 9. Do you or related persons, set out in accordance with the law "On banks in the Republic of Albania", have any participation or other financial interest with the bank? If “yes”, please note them. 10. Do you or related persons have a qualifying holding as stipulated in the Law "On banks in the Republic of Albania", in any other bank or company? If “yes”, please note them.

75 Added by the Decision No.73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

30 11. Are you a chairperson or member of an executive board, a legal representative, or do you participate in any other way in the creation and implementation of business policies in a different bank, a non -bank financial institution or a savings and loans association or other financial institution or commercial company? If “yes”, please note them. 12. While participating as a manager of a bank, company or financial intuition to compile and implement business policies, have you encountered financial difficulties that have resulted in the initiation of rehabilitation or bankruptcy procedures against these companies or institutions? If “yes”, please list them. 13. Have you ever been found guilty of conducting one or several criminal offences referring to the requirements of this Regulation? If you are a foreigner or if you live abroad, have you ever been convicted by a final court decision for criminal offences? If “yes”, please list them. 14. Has any bank or financial institution, where you have hold a managing position and involved in the compilation and implementation of business policies, been the subject of sanctions or whose license is revoked by the responsible supervision authority for banks, insurance companies and other financial institutions of the market? If “yes”, please provide a comprehensive explanation. 15. Have you ever been the subject of a refusal or revocation of the approval to hold a managing position or carry out activities in a certain field?

31 If “yes”, please provide a comprehensive explanation. 16. According to your judgement, is there any other fact or circumstance that may (be deemed reasonable) be considered as important regarding the estimation of your assignment as administrator of a bank (for example facts and circumstances related to your professional qualifications, financial difficulties or conflict of interest)? If “yes”, please list them. 17. Has any bankruptcy procedure initiated on your property? If “yes”, please provide a comprehensive explanation. I declare that all the above answers are true and complete and are provided based to my knowledge, and I have not concealed any information that may affect the decision of the Bank Albania. Moreover, I shall inform the Bank of Albania immediately on any possible changes that may impact the granting of approval for my assignment as an administrator. Place and date: Signature of candidate

32 Annex 2 DECLARATION In accordance with Article 41 of the Law No.9662, dated 18.12.2006 “On banks in the Republic Albania”, I declare in my full responsibility as follows: Personal statement Yes No a) is an administrator of another company in the Republic of Albania, except for when such a commercial company is a connected person to him; b) is a direct or indirect shareholder of more than 5 per cent of the voting rights or of the shares in another bank or a person connected with him; c) acts or has acted, at any given time for the past 5 years, as an administrator of a bank, which has been subject to compulsory liquidation pursuant to the provisions of this Law; d) acts or has acted at any given time during the past 12 months, as a member of the Supervisory Council of the Bank of Albania; e) is an employee of the Bank of Albania; f) is under criminal investigation or has been found guilty by the court of an offence punishable in law by imprisonment; g) has been subject to bankruptcy (insolvency) procedures and has not yet been relieved of past obligations; h) has been penalized by the Bank of Albania in the past 5 years for a serious breach of the Law or for carrying out activities without a license issued by the Bank of Albania; i) is an employee or partner of a commercial company which acts as statutory auditor or financial adviser of a bank or branch of a foreign bank operating in the territory of the Republic of Albania; j) his liabilities exceed his claims and investments in the bank, or where he is connected with legal persons whose liabilities towards the bank exceed their claims and investments in the bank; k) is a creditor of the bank and the value of his overall credit to the bank is larger than one quarter of the bank’s assets. Place and date: Signature of candidate

33 Annex 3 DECLARATION* In accordance with paragraph 2 of Article 44 of the Law No. 9662, dated 18.12.2006 “On banks in the Republic of Albania”, as amended, I declare in my full reponsibility as follows**: Bank Shareholders that have control on the bank Executive directors a) Do you have interests arising from property or trade relations, direct or indirect of any kind of nature, with: b) Do you have interest arising from other judicial – civil relations with: c) Have you received gifts, favours, promises, or preferential treatment related to: d) Have you entered into negotiations for employment or any other form or private interest bearing relation in the future, with: e) Are you engaged in other for-profit activities, or any type of income bearing activities, joint with: f) Do you have any interests arising from family relationship, or cohabitation with: *This declaration shall be completed only by the administrators proposed by the bank for the position of the Steering Council member. **Please fill in with “yes” or “no”. Place and date: Signature of candidate

34 76 Annex 4 The composition of the Steering Council of the bank and the private interests of its members, in accordance with the provisions of Article 44, paragraph 2 of Law no. 9662, dated 18.12.2006 "On Banks in the Republic of Albania", as amended ** (This form is filled out by the bank at the time of application of one or several members of the Steering Council to assess the current structure of the Steering Council of the bank) No. Name of the member of the Steering Council The current employment position of the Steering Council member and the name of the employer Relations of private interestsof the member of the Steering Council with: Term of appointment in the Steering Council of the bank (date, month, year

• date, month, year) Bank Shareholders exercising control over the bank Executive Directors

• The private interests of a member of the Steering Council with the bank and / or the shareholder who exercises control over the bank and / or the executive directors of the bank, as defined in Article 44, paragraph 2 of the Law on Banks are:

• direct or indirect wealth or trade relationships of any kind,
• any other juridical – civil relationship,
• gifts, promises, favours, preferential treatments,
• potential employment negotiations or any other form of private interest relationship for the administrator in the future after being discharged as an administrator, carried out by him during his work as the bank administrator,
• engagements in other private activities with the view to profit or any income-generating activity,
• family or cohabitation relationship. ** Please answer by filling the boxes with "yes" or "no". In case of answering with a "yes” explain the type of relationship of private interests of the member of the Steering Council according to (*) above.

76 Added by the Decision No. 73, dated 6.12.2017 of the Supervisory Council of the Bank of Albania.

35 77Annex 5 DECLARATION Through which I declare that I have/do not have family relation or close personal, working or business relationship in accordance with legal stipulations, with persons with criminal convictions by a final court decision. Note: Where the proposed administrator declares that he/she has family relation or close personal, working or business relationships in accordance with legal stipulations, with persons with criminal convictions by a final court decision, shall list the names of the persons. No. Name of the person related to the proposed administrator Specifying the type of the relationship (family or close personal, working or business relationship, in accordance with legal stipulations) Criminal convictions by a final court decision exists (explain the type of conviction) 1 2 3 ... I hereby declare that the information provided, is voluntarily presented to the Bank of Albania by me. Any wrong doing or exclusion of the facts in this report may be a motivation for the Bank of Albania to refuse my approval as the administrator of the Bank _______, upon the claim and to the extent that this misrepresentation or exclusion of the facts reflecting my integrity and personality may act as a motivation for the refusal of the entire application. Shall further or more detailed information be required by the Bank of Albania, I remain at disposal to provide it.

---

(Name/Surname of the proposed administrator) _____// (Date)

---

(signature)

77 Added by the Decision No. 21, dated 6.4.2022 of the Supervisory Council of the Bank of Albania.