Unicaja Banco, S.A. has a Policy that sets out the principles and safeguards of the Internal Information System of the entities which comprise Grupo Unicaja Banco with a view to uniformly preserving and protecting within all such entities the rights of informants and, where appropriate, any affected persons pursuant to the provisions laid down in Act 2/2023 of 20 February governing the protection of persons who report regulatory and anti-corruption breaches (hereinafter Act 2/2023).

Though Unicaja Banco, S.A. had already implemented a whistleblowing channel in 2015 within the framework of its Criminal Risk Prevention Programme, this Policy updates, where necessary, the procedures set by the Institution in order to implement the Group's Internal Information System, thereby fulfilling the provisions set forth by Act 2/2023 without detriment to continuity of the sectorial regulation's application under the terms provided by Article 2(6) of said Act.

The Whistleblowing Channel is envisaged as the preferred channel for reporting the circumstances set out in point 7 of this Policy. Any report that may be submitted through a channel other than the Whistleblowing Channel shall likewise be processed and managed with the same degree of diligence and in accordance with the terms set forth in this procedure.

In any event, the Whistleblowing Channel allows information to be submitted anonymously. It has been designed and is managed securely, therefore ensuring the informant's confidentiality and that of any third parties mentioned in a report, as well as the rest of the actions' confidentiality and data protection, by impeding access by unauthorised persons and ensuring that any reports submitted are dealt with effectively.

This channel should not be used for commercial complaints. The Customer Service Department is available for such purpose.

• Grupo Unicaja Banco Corporate Internal Information System Policy
• Whistleblowing Channel Procedure