Information and cybersecurity onmental Envir Wells Fargo’s Information and Cyber Security organization is dedicated to protecting Wells Fargo systems, networks, and data, including customer and employee data, through the design, execution, and oversight of the Information Security Program. The Social Information and Cyber Security organization is led by the Chief Information Security O昀케cer, who reports to the head of Wells Fargo Technology. The Board's Risk Committee annually approves the Information Security Program. Wells Fargo’s Information Security Program is designed to comply with applicable laws and ernance regulations that are evolving and increasingly v complex, and is based on industry standards and Go best practices from the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the International Organization for Standardization (ISO) 27001/27002 Standards on Information Security Management, and Federal Financial Institutions Examination Council (FFIEC) IT Handbook. Wells Fargo businesses and employees, as well as vendors, non-employees, and third parties with access to systems or sensitive information, are required to adhere to the Information Security Program’s policies, procedures, and requirements. 48 Environmental, Social, and Governance Report 2022