Senior Specialist Compliance - AML/CFT – Business Unit centre of expertise for Compliance present and anti-money laundering ▪ Support to the Head of Central Compliance in the Compliance Function internal and external reporting; ▪ Liaison with infrastructure functions (e.g. Finance, Treasury, GTO, HR, etc.) in understanding and managing the related compliance risks and controls; ▪ Analysis of data and trends to identify and act to mitigate potential operational and strategic risks – process, information security, regulatory, commercial, financial risks, Cybersecurity, Blockchain, Cryptocurrency, Cloud process; ▪ Provision of assurance that the latest regulatory developments are incorporated and are effectively communicated to the business (e.g. PSD2, GDPR, the fifth EU Anti-Money Laundering Directive (AMLD 5; 6)), D.Lgs 90/2017, Objective communications, Whistleblowing, EBA 2019 - POG Bankit), Regulation n. 45/2020 (the "Regulation 45"), laying down provisions on the governance and control requirements (POG) of insurance investment products (IBIP), and the Provision no. 97/2020 (the "Provision 97"), which integrates and modifies certain existing IVASS Regulations, including IVASS Regulations no. 40 and n. 41 of 2 August 2018; ▪ Management and co-ordination of Compliance engagement across projects/initiatives as instructed by the Head of Central Compliance and act as a key Compliance contact for remediation projects as required; ▪ Compliance representative in multiple working groups/steering committees; development of compliance training materials working collaboratively with the Compliance Advisory; ▪ Collaboration and liaison with internal departments, regulators, third parties, authorities and external service providers including banks to resolve compliance issues; ▪ Definition of business requirements to define and implement requirements for secure online payment systems; ▪ Evaluation of the operating models, strategic impacts, application of the strategic objectives for Nexi Payments with a view to complying with the Compliance/AML regulations; ▪ Capitalization of best practice transaction monitoring; ▪ Anticipation and action on risk for smarter business decision-making to accelerate performance (Material Matrix 2021 Strategy; Annual Integrated Report); ▪ Learn about cryptocurrencies – regulation and supervision.

Public administration ▪ Identification, monitoring and reporting of key performance indicators for the function of Consip E-Procurement pursuant to Legislative Decree 50/2016 and the new Procurement Code, of the tools for the optimization of procurement processes (Consip Procurement Plan 2017- 2020, calls, tenders, procurement, support in managing the programme for the rationalization of purchases in the PA, SDAPA and MEPA); ▪ Document Preparation: contract bids for different product categories, management of national tenders (medicines, IT, foodstuffs, catering, aids, equipment maintenance etc.); ▪ Support to the various administrations to create and launch a Specific Contract, examination of offers and award of a Specific Contract. Industrial Sector ▪ Support to Innovation Strategy Advisory: support for the digital transformation of companies through “Innovate the business” solutions (Big Data/Analytics, Blockchain, Cyber Security, Customer Experience, Industry 4.0, Internet of Things, Robotics, Artificial Intelligence, Machine Learning,); ▪ Assessment of operating models, strategic Change impacts, application of the strategic objectives, monitoring of the 1 personaldata”. guidelines; ▪ Revision of complex organizational models, management and support in the organizational change processes; ▪ Identification, monitoring and reporting of KPIs for the Procurement function and tools for process optimization (Tableau de Bord, the Procurement Plan for the external supply planning); ▪ Trade Compliance: mapping of processes and reorganization of the organizational structure; ▪ Definition of the Compliance Model 262; ▪ Enterprise Risk Management (ERM): mapping and assessment of controls to safeguard against risks, based on industry bestpractices; ▪ Support to Internal Audit Quality Assurance; ▪ Risk assessment to define the audit plan: Redesign of the risk management process (ERM governance), in terms of: Management Process re-engineering, identification and development of related analytics, redefinition of reporting flows; ▪ Implementation of the Organizational, Management and Control Model in accordance with Italian Legislative Decree 231/01 and preparation of procedures (protocols 231), support to the Supervisory Board for the preparation of supervision plans.

Financial sector (banks and insurance groups) Compliance ▪ Banking Transparency: drawing up internal procedures, manuals and management of prescriptive requirements; ▪ Drafting of the Compliance/AML-CFT Tableau de Bord: monitoring at operational and regulatory level, process road map to monitor work progress on different Compliance/AML-CFT related themes at Group level (IV AML Directive, market abuse, anticorruption, anatocism, privacy, etc.); ▪ Set up of Compliance ICT activities; ▪ Whistleblowing: mapping of regulatory requirements, regulatory gap analysis definition and identification of oversight structures to be improved at organizational level, road map release of the initiatives to be undertaken; ▪ Change management activities within the Group (updating of procedures/manuals, internal and external training, etc.); ▪ Owner of the PSD2 project (Payment Services Directive) mapping the new processes to be launched in the structures involved; ▪ Development of a vertical market approach and a system to measure the full potential of actual and prospective customers. Anti-Money Laundering (AML) ▪ Interventions to adapt to Anti-Money Laundering legislation: mapping of business processes, definition of IT service strategy, transition planning, development of guidelines for a to-be solution, functional requirements, process management, writing user manuals and operational support for staff training. Interventions in the area of AML-CFT Regulations and FATCA legislation. Definition of indicators to strengthen first and second level controls and “Single Electronic Archive" (Archivio Unico Informatico AUI) related verification tools; ▪ Monitoring of the action plan to oversee the fight against terrorism financing (Directive (EU) 2015/849 IV AMLD) and the identification of high-risk third countries with strategic deficiencies at the client. Oversee continuously the critical points (e.g. the beneficial owner, central registry, high-risk third countries, electronic money and virtual currency); ▪ FATCA/CRS: monitoring work progress with the structures involved on tax-related matters and based on the Circular updates. Construction of the QAV questionnaire (adequate verification of clients) and creation at operational/IT level of the modalities for information gathering about clients to fulfill the various regulatory obligations; ▪ Definition of business model and support processes, with particular reference to the legislative requirements in the field of payment systems for the introduction of new products/advanced services; ▪ Definition of business requirements to define and implement requirements for secure online payment systems.

Compliance oversight of regulations, laws and guidelines including the Bank Bribery Act, the Bank Secrecy Act

MiFID-related Compliance checks on: personal transactions, advisory, best execution, offer of investment off- site, remuneration systems/sales network; operational limits; ▪ Monitoring possible conflicts of interest and preparation of reports on a regular basis; ▪ Market abuse controls: maintenance of the "registry of persons with access to privileged information"; market manipulation; ▪ Second level controls on sensitive processes (for Compliance) of the different business functions (e.g. privacy, banking and financial information); ▪ Analysis of corporate and financial information communication processes; ▪ Preparation and submission of periodic reports and communications to Consob and Bank of Italy; ▪ Preparation of documents required by the new discipline of Banking Transparency (Bank of Italy) including the predisposition of Information Sheets and Synthesis Documents, Reporting and main rights of the client, etc; ▪ AML: KYC controls/approval process for Politically Exposed Persons (PEPs); ▪ Compliance support to MIFID2, BASEL III, EMIR, Solvency II, FACTA, PRIPs regulations.

AICOM (Italian Compliance Association), Rome (Italy) ▪ Organization of Compliance seminars and conferences in collaboration with international organizations ECOA, BNL BNPPARIBAS, KPMG, DEXIA Crediop, Banca Intesa Sanpaolo, CONSOB, ABI, Catholic University of Milan, Bocconi University of Milan; Luiss Guido Carli University of Rome, La Sapienza University of Rome, etc; ▪ Organization of Compliance training courses; ▪ Monitoring/updating of Compliance directives and regulations issued by the European Union and Italian government authorities. 01/2011-10/2011 Roma Tre University (Universita degli Studi Roma Tre) ▪ Assistant to Professor of Economics and enterprise management, business entrepreneurship, business strategy

Advanced Training Course: “The Role of the Compliance Officer in Banks and Insurance Companies” - Universita Cattolica del Sacro Cuore di Milano (Catholic University of Milan)