Operations in accordance with the appropriate laws and regulations

Íslandsbanki is a financial company and operates in accordance with relevant regulations in the field of financial markets, which frame its governance. The main laws that apply to the bank's operations are the Act on Financial Undertakings no. 161/2002, the Act on Recovery and Resolution of Credit Institutions and Investment Firms no. 70/2020, the Act on Markets for Financial Instruments no. 115/2021, the Act on Payment Services no. 120/2011, the Act on Measures against Money Laundering and the Financing of Terrorist Activities no. 140/2018, the Act on Mortgage Credit to Consumers no. 118/2016, the Act on Consumer Credit no. 33/2013, the Act on Competition no. 44/2005 and the Act on Public Limited Companies no. 2/1995, which along with the Íslandsbanki's Articles of Association lay the foundation for the Bank's existence and activities.

Compliance

The Compliance function monitors the Bank’s compliance risk and performs its duties on the basis of a risk assessment that underpins a risk‑based and effective monitoring and training plan. Compliance provides advice and training, conducts testing and reviews in addition to ongoing monitoring, including through the use of monitoring systems. Compliance also regularly reports to the Board of Directors and the Bank’s relevant committees on its assessment of the status of compliance risk.

All of the above is aimed at promoting sound and proper business practices, preventing misconduct, market abuse and insider dealing, as well as combating other financial crime, including money laundering, terrorist financing and breaches of data protection.

The Compliance function of Íslandsbanki is an independent control function forming part of the second line of defence and reports directly to the CEO.

Internal audit

The Chief Audit Executive is appointed by the Board, reports directly to the Board and directs Group Internal Audit with a mandate from the Board. Group Internal Audit operates independently from other departments in accordance with article 16 of the Act on Financial Undertakings no. 161/2002. The department provides the Board with independent and objective assurance over the effectiveness of risk management, control and governance processes. The responsibilities and authorisations of the Chief Audit Executive and Group Internal Audit are further outlined in the Group Internal Audit Charter.

KPME ehf. was re-elected as the Bank's external audit firm at the Bank's Annual General Meeting 2026.