Corporate Governance

> ETHICS AND CONDUCT

Fidelidade upholds high standards of ethics and professional conduct, supported by clear policies that guide the behaviour of all employees and partners. The Group’s Code of Conduct establishes values such as Respect, Integrity, Transparency, and Responsibility, and requires all employees to act in compliance with legal, regulatory, and ethical norms. Key practices include:

• A duty for all employees to avoid conflicts of interest, misuse of resources, or any form of undue personal benefit;

• Standards for interactions with all relevant stakeholders— clients, suppliers, or intermediaries — requiring professional, fair, and loyal conduct;

• A specific Supplier Code of Conduct, which ensures that external partners comply with social, ethical and environmental factors, particularly anticorruption, integrity and fair employment practices.

ANTI BRIBERY AND ANTICORRUPTION

Fidelidade has implemented a comprehensive Anti-Bribery and Anti-Corruption Policy, which defines mandatory standards for preventing bribery, corruption, and related offenses. This is part of the Group’s broader Plan for the Prevention of Corruption and Related Offenses. Core elements include:

• A systematic risk assessment of corruption and related practices, along with proactive mitigation measures;

• Clear guidance for employees to report suspicions of bribery or corruption and a zero-tolerance approach to illicit conduct;

• Direct involvement of senior management in governance, ensuring oversight, responsibility, and continuous monitoring.

MONEY LAUNDERING

Fidelidade is strongly committed to preventing money laundering, the financing of terrorism, tax evasion facilitation, and any other financial crime, as part of its broader governance and ethical conduct framework and in alignment with its ESG commitments. These efforts aim to safeguard shareholders, clients, employees, and all stakeholders, while contributing to the integrity and stability of the financial system.

GOVERNANCE AND MANAGERIAL RESPONSIBILITY

GOVERNANCE AND MANAGERIAL RESPONSIBILITY The Board of Directors and Senior Management hold ultimate responsibility for ensuring compliance with applicable Anti-Money Laundering and Counter-Terrorist Financing (AML/CTF) regulations. The Compliance Function is responsible for defining policies, monitoring implementation, and providing independent oversight, under a three-lines-of-defense model that ensures accountability and clear separation of duties across business, control and audit functions.

RISK-BASED CUSTOMER DUE DILIGENCE

Before establishing any business relationship, Fidelidade applies Customer Due Diligence (CDD) procedures designed to identify and verify the identity of customers, beneficiaries, and relevant third parties. Enhanced due diligence (EDD) measures are applied to clients, intermediaries or transactions involving high-risk countries, politically exposed persons (PEPs), or complex ownership structures, following a risk-based approach consistent with European and Portuguese regulations.

ONGOING MONITORING AND SUSPICIOUS ACTIVITY REPORTING

All business relationships are subject to continuous monitoring to detect unusual or suspicious activities. Clear operating guidelines for the identification, escalation and reporting of suspicious transactions are defined in Fidelidade’s AML/CTF Manual, ensuring that all relevant alerts are promptly communicated to the Compliance Function and, where appropriate, to competent authorities.

TRAINING AND AWARENESS

Fidelidade promotes a strong culture of compliance through mandatory and periodic training programs for all employees and intermediaries. These programs cover:

• Prevention of money laundering and terrorist financing;
• Compliance with international financial sanctions;
• Procedures for identifying reporting and escalating irregularities.

Tailored sessions are provided for employees in sensitive functions such as underwriting, claims, and distribution, and reinforcing awareness of risks and obligations.

INCIDENT MANAGEMENT AND CORRECTIVE ACTION

Whenever irregularities or confirmed breaches are detected, incident investigations are conducted by Compliance Function in coordination with Internal Audit and Human Resources. Corrective and disciplinary measures are implemented as required, and lessons learned are incorporated into process improvements.

REPORTING AND TRANSPARENCY

Fidelidade Group maintains confidential reporting channels (whistleblowing) to enable employees and partners to report concerns related to financial crime or compliance breaches in a protected and anonymous manner. The Company cooperates fully with supervisory and judicial authorities, providing timely and transparent reporting in accordance with regulatory obligations.

INTEGRATION WITH ESG AND CORPORATE GOVERNANCE

The AML/CTF and Financial Crime Prevention framework is integrated within Fidelidade’s ESG and Corporate Governance structures, reinforcing ethical conduct, transparency, and accountability across all Group entities and geographies. Through this approach, Fidelidade promotes responsible business conduct and contributes to sustainable financial.

> TAX TRANSPARENCY

TAXES BORNE BY FIDELIDADE

Fidelidade primarily generates taxable profits from our insurance, real estate, and health care segments. In the insurance business, Fidelidade provides policyholders with coverage in exchange for premium payments, with the principal lines of business being life and non-life insurance. Taxes borne represent a direct cost to the Group. Profits derived from its insurance, real estate, and health care operations are subject to corporate income tax in the jurisdictions in which such profits are realized. Further costs arise from other taxes, including value-added tax (VAT) on purchased services, employer contributions to wage taxes and social security, financial transaction taxes, stamp duties, and other taxes.

TAXES COLLECTED AND REMITTED BY FIDELIDADE

Taxes collected and remitted are those which the Group is required to withhold or collect from third parties and subsequently remit to the tax authorities. The most material of these obligations relate to insurance premium taxes on policies purchased by policyholders, as well as payroll taxes and social security contributions withheld in respect of employees.

> COMPLAINTS MANAGEMENT AND PERFORMANCE

Fidelidade is committed to promoting trust and transparency in its relationship with customers. An effective complaints management system is in place to ensure that all concerns are handled with fairness, speed, and accountability.

LISTENING TO COSTUMERS

Fidelidade values customer feedback as a key driver for improvement. Regular satisfaction surveys are carried out to measure service quality and identify opportunities to enhance the customer experience. Customer insights are analysed and integrated into decision-making processes, helping to shape products, services, and communication practices that better respond to evolving needs.

HANDLING COMPLAINTS

Fidelidade ensures a transparent and fair process for complaint management:

• All complaints are recorded, monitored, and reported to the responsible authorities;
• The Customer Ombudsman provides an independent channel to ensure that customer rights are safeguarded;
• Corrective measures are implemented whenever necessary, including communication with distributors and clients.

COMMITMENTS

Through its Complaints Management Policy and Customer Treatment Policy, Fidelidade ensures:

• Equal and fair treatment for all customers;
• Clear, accessible, and timely information;
• Continuous improvement of processes and services.

SUMMARY OF THE NATURE OF COMPLAINTS

SUMMARY OF THE NATURE OF COMPLAINTS Fidelidade has always prioritized the analysis of complaints, particularly as an indicator of customer satisfaction. Fidelidade sees the complaints that receives as an opportunity - which it doesn't want to waste - in the continuous process of improving its products, procedures and service to customers and other parties who contact Fidelidade in the context of the responsibilities inherent in insurance contracts. As the market leader, Fidelidade is concerned with rigorously analysing complaints and the underlying causes and sub-causes.

In 2024, of the total number of closed complaints, 21,3% correspond to the health insurance, 19,9% to the automobile insurance and 15,5% to the multi-risk housing insurance.

It should be highlighted that the claims filed under the multi-risk home insurance policy are, as in the previous year, closely linked — though not exclusively — to the large number of cases opened, particularly due to the succession of severe weather and extreme events (such as storms and major fires) that have been affecting the country with increasing frequency and intensity.

Regarding the automobile insurance, which accounts for 19.9% of the complaints closed by Fidelidade, the greatest dissatisfaction is also related to procedural issues (analysis and regularization of the process and response time), as well as disagreement with the decision communicated (with the attribution of responsibility or the compensation proposed). Regarding regularization times, it should be noted that the average times are well below the legal limits, according to the information available here.

It should also be noted that travel assistance cases accounted for 6.1% of the complaints closed in 2024. Main causes were dissatisfaction with the providers, delays in providing the service or delays in vehicle delivery, among others, and Fidelidade continues to take appropriate measures to improve the respective service levels.

2024 Performance

• 21,3% of closed complaints correspond to health insurance
• 19.9% of closed complaints correspond to automobile insurance
• 15.5% of closed complaints correspond to multi-risk house insurance

> CIBERSECURITY AND DATA PRIVACY

At Fidelidade, safeguarding information is a cornerstone of its commitment to clients. The Company recognises that effective management of cybersecurity and data privacy is essential to maintaining trust and confidence. Reason why it adopts a proactive, layered approach to information protection, built on the principle of defence in depth.

INFORMATION SECURITY PROGRAMME

Fidelidade has a defined risk-based Information Security Management System (ISMS) aligned with ISO 27001 – design to protect information aligned with the following principles:

• confidentiality
• integrity; and
• availability.

The ISMS specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system, as well as requirements for security controls to be implemented according to the individual needs of Fidelidade.

Fidelidade maintains a robust infrastructure to detect and respond to threats:

• Global Security Operations Centre (SOC): Monitors, investigates and responds to incidents.
• Intrusion Prevention Systems (IPS): Prevents unauthorised access.
• Technology Event Management:Automated tools identify and report anomalies.
• Regular vulnerability testing across systems and networks.

TRAINING AND AWARENESS

To ensure that all employees understand and apply best practices in cybersecurity and data privacy, Fidelidade promotes a range of training and awareness initiatives. These actions are designed to strengthen Company’s security culture and support the consistent implementation of defined procedures across the organisation, comprising:

Regular training and awareness campaigns, including:

• Data protection and privacy training – including mandatory sessions as part of the onboarding journey for new employees;
• Simulated phishing campaigns;
• Targeted awareness initiatives – such as awareness communications via intranet, which include updates on data privacy topics and publication of new policies.

GOVERNANCE AND OVERSIGHT

Security and privacy are embedded in Fidelidade’s governance model:

• Board: Holds responsibility for overall security posture and receives regular performance reports on cybersecurity and data privacy topics
• Group Risk Committee: Provides additional oversight of all Group Risks including security and privacy and related policies and programs
• Information Security Manager (CISO): Leads the global strategy and implementation of the information security programme
• Security Teams: Leads specific functions within Fidelidade’s global information security program
• Employees: Ensure security of information

> PRIVACY AND DATA PROTECTION

Fidelidade is strongly committed to protecting personal data and upholding the highest standards of privacy, ethics, and digital responsibility across its operations. Its Privacy and Data Protection Commitment defines the Group’s principles, governance, and procedures to ensure compliance, accountability, and respect for data subjects’ rights.

PRIVACY ANALYSIS, AUDITS, AND IMPACT ASSESSMENTS

The Group conducts privacy and ethics impact assessments and records of processing activities to identify and manage risks, particularly in the context of emerging technologies such as AI. These assessments follow a human-centred approach, ensuring transparency, fairness, and non-discrimination.

TRAINING AND AWARENESS

Privacy and data protection are embedded in Fidelidade’s training framework. Employees receive mandatory privacy training, and those involved in developing or using AI solutions receive specific training on responsible practices. Regular awareness actions and practical tips are also shared to strengthen employees’ privacy literacy.

BREACH NOTIFICATION AND RESPONSE

A formal incident detection and response process is in place to manage any personal data breaches swiftly and effectively, ensuring transparency and compliance with legal notification requirements.

GOVERNANCE AND OVERSIGHT

The Group has a robust privacy governance structure. Each company designates its’ Data Protection Officer (DPO), supported by dedicated Cybersecurity and Compliance teams, as well as privacy representatives in each business area. These structures promote a culture of accountability and ensure regular communication with management bodies.

BOARD REPORTING AND CONTINUOUS IMPROVEMENT

The DPO ensures structured privacy oversight, and formal privacy reporting is integrated into the Group’s compliance and internal control processes, which are periodically reviewed. The Group maintains a continuous improvement approach, updating practices in line with evolving regulations and best practices.