Message FNV: TSX | NYSE from our CEO Governance ESG Ratings Information Security Franco-Nevada We have an Information Security Policy that sets out our principles for the protection of information assets and our proper controls needed to ensure compliance with our standards and external regulations. The policy is intended to define the principles and requirements of acceptable use of information assets for our personnel and describe how these will be implemented across our global operations. It also informs Making Responsible our personnel of our expectations and requirements for acceptable use of information assets and the role Investments of our personnel in protecting the security and integrity of our information. The Information Security Policy is comprised of a number of policies, including our: Guiding Principles • Password Policy • Acceptable Computer Use Policy • Removable Media Policy Operators • Email Policy • Remote Access Policy Our Chair, David Harquail, in a media briefing, Beijing, China • Incident Logging Policy Approach to Our Audit and Risk Committee oversees the Information Security Policy and has designated our Chief Financial Officer as the executive responsible for: establishing Climate Change and maintaining the practices and procedures necessary to implement the Information Security Policy, providing training to our personnel on the substance of the Information Security Policy at least once annually, and reporting to the Audit and Risk Committee on the operation of and compliance with the Policy. Contributions Given the increased global threat of cyberattacks, we endeavour to improve our information security whenever possible. In 2021, we made the following improvements “The policy is intended to to our cyber and information security: define the principles and Employees requirements of acceptable • Management enhanced its cybersecurity risk management processes to provide bi-annual cyber and information security updates to the Audit and Risk Committee use of information assets for Governance on a go-forward basis our personnel and describe • We enhanced password security • We updated our disaster recovery plan how these will be implemented • We engaged third party companies to test our security and access across our global operations.” About this ESG Report Appendices 60