2021 ESG Report GOVERNANCE Third-Party Management Fifth Third has a robust third- party management program for the acquisition of goods and services. It is expected that Fifth Third suppliers demonstrate the same level of commitment to ethical business practices. Our Supplier Code of Conduct sets forth Fifth Third’s expectations for ethical, human rights, labor and environmental standards throughout our supplier network. Third-Party Risk Management Third-party management’s goal is to meet the strategic objectives of the Bank and maintain our commitment to providing equal opportunities to all capable suppliers. To achieve this goal, we seek strategic partnerships with highly qualifed sources who provide solutions that improve our processes, increase the quality of our products and services and drive efciencies. We execute our third-party selection process in accordance with the highest standards of integrity, fairness and objectivity. Our Supplier Diversity team reviews every procurement opportunity to ensure diverse providers are included in the portfolio of potential third parties (for additional details on our Supplier Diversity eforts, refer to pages 58-59 ). Thorough assessment and due diligence is performed on all third-parties prior to onboarding, with focused attention on protection and security of Bank and customer data. The Bank focuses on fostering a strong risk and compliance culture, meaning all employees are responsible and accountable for managing risks associated with third-party relationships. In 2022, Fifth Third began partnering with EcoVadis, a leading evidence-based sustainability ratings provider, to engage with and monitor the ESG strategies and performance of our largest third-party relationships. For additional details, refer to page 43 . DUE INITIATION & 2 DILIGENCE 3 CONTRACT SELECTION REVIEW Contents Introduction Economic Environment Social Governance The methodology and process for third-party risk management is as follows: • Governance of our third-party activities begins with the Third Party Management Council, which assesses the portfolio of third-party service providers as well as the management of risks, issues and performance on the third-party population and oversees adherence to the Third Party Risk Management Policy and Program. • The Third Party Management Council reports to the Operational Risk Committee, which in turn is accountable to the Enterprise Risk Management Committee and the Risk and Compliance Committee. 5 ONGOING 6 TERMINATION ONBOARDING MONITORING (IF NEEDED) 1 4 93
Fifth Third ESG Report Page 92 Page 94