Danske Bank A/S : Code of Conduct policy

Code of Conduct Policy

2 May 2024

1. Objective

The Code of Conduct Policy (the "Code") outlines a set of principles that govern our behaviour and way of doing business in the Group.

Building on the Purpose and Culture Commitments of the Group, our Code serves our ambition to maintain trust and confidence in the products and services we deliver and in the way we deliver them. We hold ourselves to a high ethical standard, act with integrity, and ensure that our business practices are aligned with a sound business culture and responsible behaviour.

The objective of the Code is to promote a sound business culture in the Group that requires employees to take responsibility for their actions and helps them to ensure that we deliver a positive impact on customers, investors, employees and wider society.

The Code is a framework that describes how to act with integrity and how to do the right thing across the Group and in our business relationships. It applies to the way we act, solve problems, conduct our activities, and make decisions in day-to-day business as well as in complex situations where the right thing to do is not always obvious. It reminds us of our legal obligations and lays down the standards and principles of the conduct that we expect, including examples of good and bad behaviour.

The Code is designed to ensure compliance with applicable requirements relating to risk culture and business conduct in the EBA Guidelines on Internal Governance1 and with Section 70a in the Danish Financial Business Act2.

Lack of adherence to the Code may have severe consequences for the Group and its employees including fines, criminal liability, regulatory and/or market scrutiny and may also lead to disciplinary actions.

2. Definitions

The below definitions apply to the terms used throughout the Code.

Conduct Breach	a breach that is wilful or negligent, or both, that results in violation of internal and
	external requirements, where:
	 internal requirements are considered as all policies, instructions and
	business procedures in the Group,
	 external requirements are considered as the laws and regulations that apply
	to the Group's activities.
Employee	covers:
	 an individual who is employed by the Group on a permanent or temporary basis,
	 an individual who is working for but is not directly employed by the Group
	(consultants, contractors, agency workers, etc.)

Governing Documents policies, guidelines, instructions and business procedures required for the proper

	operation of the Group.
Group	Danske Bank A/S including its branches and Subsidiaries.

• EBA/GL/2021/05 from 2 July 2021. Final Report on Guidelines on internal governance under Directive 2013/36/EU, Sections 9-10.

2 As specified in the Danish Executive Order on Policy on a Sound Business Culture in Financial Institutions and the provided Guideline.

MAY 2024

Subsidiary	any undertaking over which Danske Bank A/S exercises control. For the purpose
	of this definition "control" means any of the following: (i) direct or indirect ownership
	of more than fifty per cent (50%) of the share capital or other ownership interest in
	any other person; (ii) the direct or indirect right to exercise more than fifty per cent
	(50%) of the votes in any other person; (iii) the direct or indirect contractual right to
	designate more than half of the members of such person's board of directors or
	similar executive body, (iv) direct or indirect ownership of fifty per cent (50%) or less
	of the share capital or other ownership interest in any other person, where such
	minority ownership according to local law is considered controlling interest.

3. Scope

The Code is a cornerstone for conduct in the Group, however, it is not an exhaustive list of the external and internal rules and standards applicable for the Group's employees. Employees must adhere to external rules and standards described in laws and regulations within each jurisdiction where we operate, financial industry codes of conduct applicable to the Group's activities, and internal rules and standards covered in the Group's Governing Documents. To support consistency and integrity in our conduct, all Governing Documents must comply and align with the Code.

3.1. Target group

The Code applies to all functions and units in the Group. In more detail, the Code applies to:

• Employees, including persons belonging to the Management Body,
• Volunteers and those undertaking work experience,

 Persons whose work-based relationship is yet to begin in cases where information has been acquired by the Group during the recruitment process or other pre-contractual negotiation.

The Management Body of a subsidiary may approve the Code with deviations to ensure the Code is fit for purpose for the subsidiary. The policy administrator in the subsidiary should discuss the rationale behind the deviation and ensure that the administrator of the Code is consulted on any deviation. The administrator of the Code must document and report any deviations from the Code to the owner of the Code.

4. How we behave

4.1. Our Culture Commitments and sound business culture

Principle 1: We do the right thing and maintain a sound business culture

We do the right thing by following the rules and standards for our business, internally and externally, and by applying our Culture Commitments consistently across the Group in everything we do. This principle reminds us to continuously evaluate our actions and their impact. This is crucial to maintain a sound business culture where ethical action permeates all our business processes and decisions. The principle is about safeguarding our integrity, ensuring that we are doing the right thing for our customers, employees, shareholders and society.

To do the right thing means that the way in which we achieve our results is just as important as the actual results themselves.

Subprinciple 1.1: We act in accordance with the Danske Bank Purpose and Culture Commitments

Our Purpose and Culture Commitments are fundamental to establish trust and nurture confidence in us as a financial institution.

Purpose:

• Release the potential in people and businesses by using the power of finance to create sustainable progress today and for generations to come.

Culture Commitments:

• Team up - we create value for our customers by being one bank,
• Own it - we aim high and take ownership for better results,

MAY 2024

• Be open - we seek potential and make transparency and inclusion a priority.

The principles in the Code align with and support the Purpose and Culture Commitments to which we hold ourselves accountable.

Subprinciple 1.2: We communicate openly and share our concerns

To be open, we must always communicate openly both internally and with external stakeholders to reduce uncertainty, avoid misrepresentations and increase trust, we must be honest, accurate, and transparent and inform all relevant parties of relevant information as soon as we can, be that our customers, shareholders, employees, managers, senior management or supervisory authorities.

It is especially important to speak up and share our concerns internally where we see risk, for example if we suspect financial crime or that customers are being treated unfairly; however, our concerns could as well relate to other issues such as normalisation of behaviour not compliant with our Culture Commitments.

Sometimes we may identify something unusual, troubling, or sensitive: a situation that you have not come across before, a concern about the way your team is doing something or about the processes and technology that support you. It could be a concern about another member of your team or about a team that you work with. It may even by a concern that your colleagues have dismissed or that they advise you to ignore - but all the same, something still does not feel right.

There are three primary ways in which you can share concerns in Danske Bank:

• You can discuss your concerns with your immediate manager or a trusted colleague,
• Contact your local compliance officer or HR Legal,
• Use our Whistleblower system.

There is no fixed rule, but you may consider the following as useful examples for when to share your concerns:

• If you are unsure about what to do,
• If you see something that does not seem right,
• If you suspect any wrongdoing,
• If no conventional alerts or escalation channel seem appropriate.

The Whistleblowing Scheme gives you a safe and simple channel when you do not feel comfortable or feel it is inappropriate to speak up and share our concerns with our colleagues or manager - you can choose to report breaches or concerns anonymously. We do not accept any retaliation or unfair treatment for speaking up or raising concerns in good faith.

When communicating and disclosing information to the public, we must consider and be able to answer affirmatively that the information is:

• correct, accurate and up to date,
• clear and unambiguous,
• relevant and does not omit or hide material information,
• balanced and not overstated,
• clearly worded and easy to understand,
• substantiated.

Subprinciple 1.3: We always seek to improve our conduct

When mistakes happen, we learn from them. We prevent harm caused in the short term and investigate the root cause of the problem to identify and resolve the underlying issues. We create a culture and an atmosphere of trust and openness in our teams and entities, where mistakes are discussed, so that everyone can act and learn from them. Only by understanding incidents and mistakes can we improve the way we work. This impacts our customers positively and improves our ways of working. If the lessons learned are relevant for other parts of the Group, they will be anonymised and shared.

Subprinciple 1.4: Material breaches will have consequences

We proactively escalate and report non-compliance with our Governing Documents. Any apparent breach of any element of our Governing Documents must be escalated, investigated, managed and reported in accordance with the process described in the relevant Governing Documents. Such consideration will include the assessment of the

MAY 2024

materiality of any misconduct, for example not acting in line with Culture Commitments.

The Group will investigate any credible allegation of criminality, dishonest management of customers, funds or operations and deliberate theft or leakage of data. The Group will also investigate credible allegations of wilful and negligent conduct. Such breaches of the Code conducted by an employee will be reported to Group HR Legal and may result in disciplinary actions depending on the materiality of the breach.

The detailed process for how to handle breaches of the Code, materiality levels and the associated consequence levels are described in the Group's Code of Conduct Instruction. The employee disciplinary process is further described in the Employee Disciplinary Guideline.

4.2. Our importance in society and the financial market

Principle 2: We take responsibility for our role in society and the financial market

As a Group, we play a fundamental role in society by providing financial services and solutions that support individuals and businesses. As one of the largest financial institutions in the Nordics, our actions and behaviour affect society. Through our products and services, we can contribute to sustainable development. As part of our responsibility towards society, we strive to operate sustainably, fairly and transparently. We actively minimise and avoid adverse or harmful impact from our business activities.

Subprinciple 2.1: We strive to run our business in a sustainable way

We have an ambition to run a sustainable business driving positive societal impact through our operations and the business relationships we have. To be a sustainable business means:

• We achieve a strong and solid business in the long term, so we can continue to create value for our stakeholders and the societies that we are part of. We support financial stability and economic growth by being a solid, balanced and predictable bank.
• We integrate Environmental, Social and Governance (ESG) considerations into our general business practices and decision-making processes regarding the companies, we lend to, invest in, and procure from. We do this to mitigate risks, to develop new and innovative services and products as well as to strengthen our advisory services to our customers.
• We support our customers in their transition to more sustainable business models. If ESG issues are identified among the companies we do business with, we engage with them and ensure robust management of the issues
  - however, in cases where progress and mitigation of the ESG issues are insufficient, we may have to reduce or end the business relationship. For sectors with elevated ESG risks, we set specific expectations, requirements and limits for our business activities.

We aim to align our direct environmental impact with the goals of the Paris Agreement and other widely recognised societal goals regarding nature and the environment. We reduce the carbon footprint of our operations by working systematically to reduce our carbon emissions through energy and environmental management, as well as by minimising business travels and limiting the negative environmental impact through the products and services we use in our daily operations. We also strive towards aligning our lending and investment portfolios with the goals of the Paris Agreement and net zero by 2025 or sooner. We aim to achieve this through strong collaboration and engagement with our customers and investee companies, supporting them in their transition journeys.

Subprinciple 2.2: We approach the financial market with integrity

We support a fair and effective financial market, by actively preventing, detecting and reporting market abuse, comprising unlawful disclosure of inside information, insider dealing and market manipulation. These activities are criminal offences that undermine the transparency and integrity of the financial market.

We are mindful of the potential impact on the financial market. We compete fairly, by avoiding any illegal restriction to competition arising from our activities - be that cooperation with others or through the handling of information. We act carefully regarding the products we develop and are always mindful of the implications of their potential failure.

Subprinciple 2.3: We actively seek to prevent financial crime

We are committed to the fight against financial crime.

We employ robust financial crime controls to identify, manage and mitigate illegal offences such as money laundering, terrorist financing, sanctions breaches, tax evasion and tax evasion facilitation, internal and external fraud, bribery

MAY 2024

and corruption. We ensure compliance with all relevant legislation for the jurisdictions we operate in. If employees or customers evade our controls, we have established mechanisms to investigate and take action, including dismissal and reporting to the authorities. We strongly dissociate ourselves from financial crime and do everything

in our power to prevent and avoid such activities.

Subprinciple 2.4: We protect personal data and handle it ethically

The Group processes personal data ethically by ensuring we respect the confidentiality and privacy of our customers and employees. We protect personal data in line with the principles defined in data protection law.

Subprinciple 2.5: We respect and promote human rights and labour rights

We promote equal opportunities and equal treatment for all. The Group is committed to respecting human rights and labour rights. We do not accept any form of discrimination, disrespectful behaviour, bullying or harassment towards employees, customers, business partners or any other persons connected to the Group. Examples of what discriminatory behaviour might be directed at are a person's race, colour of skin, ethnicity, political view, religion or belief, disability, health status, gender, age or sexual orientation. We do not tolerate human trafficking, child labour or any type of forced labour instituted against a person's will or choice.

4.3. Our customers' trust

Principle 3: We treat our customers fairly

We always have our customers' interests at heart and treat them fairly while complying with relevant rules and standards. We want our customers to appreciate our services and have trust in us. We seek to obtain this by treating our customers fairly - for example by:

• Acting with expertise, delivering value-adding advice and solutions,
• Being honest, open and transparent,
• Being professional,
• Acting with integrity,
• Acting competently and conscientiously,
• safeguarding our customers' best interest, considering any impact towards customers,
• Observing proper standards of market conduct always ensuring compliant behaviour.

Subprinciple 3.1: We aim to ensure a good customer experience and have the customer at the centre of our business

We design our products and services with our customer at the centre.

• We strive to understand our customers' specific needs.
• Our customer journeys must be simple, straightforward and intuitive - as far as possible enabled by innovative digital solutions.
• During all interactions with our customers, we provide service of a high standard and in accordance with the expectations of the customer.
• We ensure our fees and charges are reasonable.
• We measure customer satisfaction continuously to improve.

We take responsibility for investigating and resolving complaints thoroughly, fairly and quickly. We ensure a complaints-handling setup that secures easy access for customers to complain about products and/or services as well as the handling of their case. There shall be no barriers for customers to express their requests, concerns or complaints, and we consistently seek to improve the interaction with customers by learning from their feedback.

Subprinciple 3.2: We communicate clearly and transparently to our customers

The information we provide to customers during their interaction with the Group, including pre- and post- sale, must be appropriate, fair, transparent and clear - and must not mislead. We take appropriate consideration of the need to disclose information to customers and ensure that disclosures are timely, understandable and consistent.

We conduct sales, advertising and marketing of our products and services with integrity and do not issue false or misleading information.

Written agreements related to products should clearly describe rights and obligations. The Group's product

MAY 2024

information and material should ensure that customers can understand their obligations.

Subprinciple 3.3: We manage conflicts of interest

To protect our integrity as a financial institution, our reputation and the trust of our customers, we seek to prevent where possible or manage, any potential or actual conflicts of interests. This is described further in our Conflicts of Interest Policy, which lays the foundation on how we manage conflicts of interest.

4.4. Our people

Principle 4: We promote respect, diversity and sound performance in the workplace

The Group aims to be a great place to work, and we take pride in deep expertise and dedication to make a positive difference. We want to keep it that way by nurturing a sound, inclusive business culture where everyone can grow and contribute to our success in an appealing and trustful environment. We promote respect for each other and value our differences in perspective, knowledge and experiences as that enables us to be an organization that meets our customers' needs. We will not make negative judgements or treat colleagues and customers unfavourably, based on gender, a person's race, colour of skin, ethnicity, political view, religion or belief, disability, health status, age or sexual orientation/identification. We promote people and performance that make a positive difference for the Group, our employees, customers, society and investors. We promote integrity in relation to ethical and responsible behaviour.

Subprinciple 4.1: We always treat each other fairly and respectfully

We are committed to maintaining a sustainable work environment with responsible employment practices - as a foundation for great performance and customer outcomes. We must act with integrity, always treating each other fairly and respectfully to achieve this. Any case of harassment, discrimination or improper use of authority is not tolerated.

Subprinciple 4.2: We seek to ensure diversity and inclusion

We promote diversity and an inclusive culture in Danske Bank. Not only is it the right thing to do, but it is also business critical if we want to stay relevant to our customers, employees, shareholders and society in the future. A diverse culture is about inviting, welcoming and embracing multiple competencies and mindsets into our company to help us become more open and informed, and reflect the diversity of the societies we are part of. Essentially, an inclusive culture is about nurturing a sense of belonging in the workplace. When people belong, they are comfortable with expressing themselves openly, freely and in their own voice and feel empowered to make a difference. A diverse and inclusive culture will create equal opportunities for our employees and value for us as a workplace and a business. It will unlock the full potential of our employees, provide us with a competitive edge and help us become a sustainable corporate citizen for all our stakeholders.

Subprinciple 4.3: We have appropriate compensation and do not reward unethical behaviour

Remuneration is an essential part of the Group's focus on attracting, developing and retaining high-performing and motivated employees. Our remuneration is aligned with our business strategy, risk appetite, key priorities and long- term goals. Our approach to Remuneration must comply and align with the Code to ensure it rewards and drives the right employee behaviour and performance and unethical behaviour is not rewarded. We ensure that no discriminating factors have any bearing on our remuneration structure, and that positive behaviour is acknowledged and recognised as part of continuous check-ins.

4.5. Our robust risk culture

Principle 5: We maintain strong risk management, governance and controls

In conducting our business, identifying, managing, and mitigating risks are core. We have strong risk management, governance, and controls in place to ensure we consider and actively manage all the different types of risk the Group faces. The purpose of this is to protect our business, employees and reputation. Managing risks actively helps us earn the trust of our stakeholders and maintain our integrity as a sound and responsible business. The Enterprise Risk Management Policy governs how we identify and manage risks. It establishes risk definitions, roles and responsibilities to ensure clarity and effective risk management.

In the Group, we are all, regardless of position, role, function or location, responsible for identifying and managing risks within our area. We can only take risks that comply with the Group's risk appetite, and we must collaborate with each other to avoid and reduce risks outside our risk appetite. We manage our risks in accordance with the

MAY 2024

Governing Documents.

We support a strong risk culture by being aware, alert and proactive towards risk.

5. How the Code works

This section states how the Code is implemented, governed, reviewed and reported across the Group.

5.1. How we communicate and train employees in the Code

Maintaining our desired behaviours and a sound business culture requires constant focus on what good conduct is. We continuously promote, challenge, and develop what constitutes a sound business culture in the Group.

Senior management communicate their commitment to maintain our Culture Commitments and, set the 'tone from the top' of what good conduct looks like. This communication is delivered at employee meetings and/or through other channels such as our intranet.

All employees receive training in the Code at least once annually. All employees are required to certify that they have read and understood and adhere to the Code. Moreover, the Code should be visited and discussed on a regular basis in team meetings. When a difficult situation occurs, the team should consider seeing it as an opportunity to practice and discuss the Code. In that way, we all challenge and help develop what constitutes our desired business culture in the Group as well as more locally in our units by the way we decide to behave in everyday situations.

All new colleagues must be trained in the Code within their first month of employment. When we interview and evaluate candidates for jobs, we take candidates' values into account.

The Code is an important statement of what society, customers and investors can expect when interacting with us. Therefore, the Code is communicated externally.

5.2. How we follow up on the effectiveness of the Code

Reporting on the effectiveness of the Code is crucial to implement and develop the Code in the Group. Effective oversight must ensure that we take remedial action where relevant. An example of metrics to report on is the volume and drivers of breaches leading to disciplinary consequences. The metrics should be reported periodically and at least annually to the Board of Directors, and there must be clear visibility and accountability of that process.

The Chief Executive Officer reports to the Board of Directors on implementation and compliance of the Code at least annually. The report is based on the annual review of the Code and the assessment of supporting metrics.

The Chairman of the Board of Directors delivers an update on the implementation and effectiveness of the Code at the Annual General Meeting. The Chairman reports on the activities and measures supporting a sound business culture, including the bank's change of culture and focus areas and actions taken to address challenges that influence our conduct and culture in a negative manner.

6. Escalation

The administrator of the Code must escalate material breaches of the Code to the Chief Executive Officer. Material breaches include, but are not limited to:

• Dishonest or deliberate actions to mislead the Group,
• Unacceptable behaviour or threatening behaviour,
• Conduct resulting in unfair treatment of customers,
• Conduct Breaches which compromise the Group's role in society and financial market.

7. Review

We develop and update the Code regularly based on the characteristics and our aspirations for the Group to make sure we continue to do the right thing in all circumstances.

We consider a range of factors including our business model, approach to remuneration, our business culture, and our role in markets and in society, when deciding on the aspirations we have for our business culture. We actively seek to understand what misconduct looks like and to identify any "gaps" or risks in our way of organising our business activities.

The Code is reviewed annually to make sure that it is functioning as intended and is up to date with legislation,

MAY 2024

regulations, and industry best practices. This assessment is achieved through an annual assessment, deep dive interviews, review of controls, observations, and data analysis.

The assessment considers our business model, our organisational structure and the financial services and products we offer. This includes mapping of behaviours across the various organisational units and a review across values and norms, leadership behaviour, openness in communication, how we make decisions and if we are learning from our mistakes. As part of the assessment, we look for normalisation of inappropriate behaviours and if any unsound patterns have been identified - for example if we are recruiting only specific profiles, if there is an inappropriate tone from the top and senior managers or if we are talking disrespectfully about each other.