theWolfsberg

Group

Financlal lnstitution Name:

Locatlon (Country) :

Wolfsberg Group Financial Crimo Compllance Questionnalre (FCCQ) vl.0

Banca Popolare di Puglia e Basilicata S.c.p.a.

ALTAMURA (BA) - ITALIA

:ull Legal NameBanca Popolare di Puglia e Basilicata S.c.p.a.

\ppend a list of branches which are covered bt:his questionnaire

Full Legal (Registered) AddressVia Ottavio Serena, 13 - 70022 ALTAMURA (BA)

FUil tsnmary busrness Aooress (tI orTrerenl TrofT

above)

Date of Entity incorporation / establishment22t1211995

select type of ownership and append anownership chart if available

ia Publicly Traded (25% of shares publiclv traded' No

ia1 lf Y, indicate the exchange faded on and tickersymbol

tb Nilember Owned / Mutual Yes)c Government or state owned bv 2570 0r more Noid Privately ()wned No

ldr lf Y, provide details of shareholders or ultimatebeneficial owners with a holding of 1070 or mon

% of the Entitys total shares composed ofbearer shares

No bearer shares

Does the Entity, or any of its branches, operateunder an Offshore Banking License (OBL) ? No

ta lf Y, provide the name of the relevant branch/e!which operate under an OBL

@ The Wolfsberg Group 201 8 Pagé I FCCO Vt.0

Does the Entity have a programme that setsminimum AML, CTF and Sanctions standardsregardinq the followino com oonents:

,a Appointed Officer with sufficient experience /exDertise Yes

9b uash Reporting Yes9C UUU Yes9d =UU Yes,e ,eneltcral ownersnrp Yes

noepenoenl I estrng Yes,g )eriodic Review Yesth rolicies and Procedures Yes

<isk Assessment YesSanctions YesrEP Screening Yes\dverse lnîormation Screeninq Yes

,m iUsprcrous Activity Reporting Yes,n rarnrng and Education Yesto ransactron Monrtonng Yes10 ls the Entity's AML, CTF & Sanctions policy

approved at least annually by the Board orequivalent Senior Manaoement Committee?

Yes

Uoes me Enttty use third parties to Carry out an)components of its AML, CTF & Sanctionsproqramme?

Yes

1a lf Y, provide further details World-Check, Cedacri

il,.t ANI:,!-:ó..K1 ts EKf iif,i#9llKU P.:::.|-1l{1,, N ii12 Has the Entity documented policies and

procedures consistent with applicable ABCregulations and requirements to [reasonably]prevent, detect and report bribery andcorruotion?

Yes

13 Does the Entity's internal audit function or othetindependent third party cover ABC Policies andProcedures?

Yes

l4 uoes the Entity provide mandatoryABc trainin(to: Yes

l4a Joard and Senior Committee Management Yest4b I st Line Ol Deience Yes14c hd Line ol Deîence Yes14d Jrd Line oÎ DeÎence Yes14e 3rd parties to which specific compliance

activities subject to ABC risk have beenorfsorrrced

Not Applicable

14f \on-employed workers as appropriate'contractors / consultants) Yes

Wolfsberg Group Financial Crtme Compltance euesdonnaire (FCCe) vl.O

@TheWolfsberg Group 2018 Page 2 FCCQ V1.0

4i P.OUIOIES &:PROGEDURES :

15 Has the Entity documented policies andprocedures consistent with applicable AML,CTF & Sanctions regulations and requirementsto reasonablv prevent, detect and reoort:

15a \4onev launderinq Yest5b I erronst lrnancrnq Yest5c ianctons vrolalrons Yes

t6 Does the Entity have policies and proceduresthat:

tb a Prohibit the opening and l(eeping of anonymourand fìctitious named accounts Yes

t6b Prohibit the opening and keeping of accountsfor unlicensed banks and / or NBFIS Yes

l6 c Prohibit dealing with other entities that providebanking services to unlicensed banks Yes

t6d Prohibit accounts / relationships wrtn snellbanks Yes

Itt e Prohibit dealing with another Entity thatprovides services to shell banks

Yes

6f Prohibit opening and keeping of accounts lorSection 311 designated entities Yes

169 Prohibit opening and keeping of accounts forany of unlicensed / unregulated remittanceagents, exchanges houses, casa de cambio,bureaux de change or money transfer agents

Yes

6h Assess the risks of relationships with PEPS,including their family and close associates Yes

16i Defìne escalation processes for financial crimerisk issues Yes

6j Specity how potentially suspicious activityidentifìed by employees is to be escalated and Yes

6k oufltne tne processes regardrng screenrng lorsanctions, PEPS and negative media Yes

7 Has the Entity detined a rask tolerancestatement or similar document which defines arisk boundary around their business?

Yes

18 Does the Entity have a record retentionprocedures that comply with applicable laws? Yes

Ea I, Wf rat rs ure f e 5 Vears or more

Wolfsberg Group Financial Crime Compliance Questionnaire (FCCQ) vl.0

@The Wolfsberg Group 2018 Page 3 FCCQ V1.0

Wolfsberg Group Flnancial Crlme Compliance Questionnaire (FCCQ) vl.0

li tf{,'4!.rq-,,llP llg'rppjiiLL LLI:=, ';iigr ..,,.==ii:.i;iiif,ìÈ!i1i,

:

t9 foes the Entity verify the identity of the:ustomer? Yes

20 Do the Entity's policies and procedures set outwhen CDD must be completed, e.g. atthe timeof onboarding or within 30 days

Yes

1 /vhich of the following does the Entity gatherrnd retain when conducting CDD? Selectrll that aoolv:

a1 e Jwnersnrp structure Yes21 b lustomer identiflcation Yes

a1 c Expected activity Yesld Nature oÎ business / employment

îe Product usage Yes

1Í Purpose and nature ot relationship

.1 g Source of funds Yes

11 h Source of wealth Yes12 Are each of the following identified:

,2a Ultimate beneficial ownership Yes

l2 d'l Are ultimate beneficial owners verified? Yest2b Authorised signatories (where applicable) Yes

azc Key controllers Yes

22d Other relevant partiesKYC on Trust identifìcation and verifìcation of all parties connected to the legal arrangement (such astrustee, settlor, guardian, benefìciary(ies) and additional ultimate controllers)

23 loes the due diligence process result in:ustomers receiving a risk classífication? Yes

24 Does the Entity have a risk based approach toscreening customers and connected parties todetermine whether they are PEPS, or controlledby PEPs?

Yes

25 Does the Entity have policies, procedures andprocesses to review and escalate potentialmatches from screening customers andconnected parties to determine whether theyare PEPS, or controlled by PEPs?

Yes

26 )oes the Entity have a process to review andJpdate customer information based on:

26a (YC renewal Yes

26b frigger evenl Yes

27 .rom the list below, which categories ofrustomers or industries are subject to EDD and'or are restricted, or prohibited by the Entity's:CC orooremme?

IA \on-account customers Pronr0lle0fb lllshore customers

Prohibited

OThe Wolfsberg Group 2018 Page 4 FCCQ V1.0

Wolfsberg Group Financial Crime Compliance Questionnaíre (FCCQ) v1.0

ltc Shell banks Prohibited

17d MWS/ MSB customers

l7e PEPs EDD on a risk based approach

t7Í PEP Related EDD on a risk based approach

]g )EP Close Associate EDD on a risk based approach

t7h lorrespondent Banks EDD on a risk based approach

17 h1 lf EDD or EDD & Restricted, does the EDDassessment contain the elements as set out inthe Wolfsberg Correspondent BankingPrincioles 2014?

Yes

t!7 i {rms, defense, military EDD on a risk based approach

t7i \tomtc power None of the abovet7k :xtractive industries None of the abovet-7 I )recious metals and stones EDD on a risk based approach,-7 m Unregulated charities None of the above

l7n legulated charities None of the above

170 ìed light business / Adult entertainment None of the above

]p Non-Government Organisations None of the above

t7q y'irtual currencies Prohibited

l7t \4arijuana Prohibited

17s Embassies / Consulates None of the above

t7t 3ambling EDD on a risk based approach

17u )ayment Service Provider None of the above

f,ther (specify)

t8 lf restricted, provide details ot therestriction

We do not deal with virtual currencies "exchanges". We prohibit funding activity for corporate clientand retail registred in high-risk jurisdiction as selected by the bank.

@Thewolfsberg Group 2018 Page 5 FCCO V1.0

t9 Does the Entity have risk based policies,procedures and monitoring processes for theidentification and reporting of suspiciousactivity?

Yes

30 /Vhat is the method used by the Entity toîonitor transactions for suspicious activities?

30a \utomatedYes

10b ManualNo

,0c iombination ot automated and manualNo

Il Does the Entity have regulatory requirements t(report currency transactions? No

,ta lî Y, does tne Entity have policies, proceduresand processes to comply with currencyreporting requirements?

t2 Does the Entity have policies, procedures andprocesses to review and escalate mattersarising from the monitoring of customertransactions and activity?

Yes

t3 Does lhe Entity adhere to lhe Wolfsberg GroupPayment Transparency Standards? Yes

ì4 Does the Entity have policies, procedures andprocesses to [reasonably] comply with and havecontrols in place to ensure compliance with:

t4a FATF Recommendation 16 Yes

ì4b Local Regulations Yes

t4 b1 Speciry the regulation

34c f N, explain

Wolfsberg Group Flnanclal Crlme Compllance Quesuonnatre (FCCQ) vl.0

@The Wolfsberg Group 201 I Page 6 FCCO Vl.o

Wolfsberg Group Flnanclal Crime Compliance Ou€ùonnairè (FCCQ) v.l.O

l, the undersigned, hereby confirm that I am authorized to complete this questionnaire and to the best ofmy knowledge, the information set out above is complete andaccurate.

/) **tlé,,7,./

,/.-/ Name: Alessandro Maria Piozzi

Position: CEO

Date: 1810712019

@TheWolfsbsrg Group 201 8 Page 8