ESG at Citi Sustainable Finance Climate Risk & Net Zero Sustainable Operations Building Equitable & Resilient Communities Talent & DEI Responsible Business Appendices Transforming Our Risk and Controls Environment Ethics and Culture at Citi Risk Management Human Rights Serving Our Customers and Clients Responsibly Responsible Sourcing Public Policy Safeguarding Data Our Global Privacy Program is overseen by a Protecting Digital Identity dedicated global Chief Privacy Officer. The Verifying our customers’ identity is funda- The potential impact of public policy on and Protecting program provides a framework for managing mental to safeguarding their financial assets our business, employees, communities and privacy and confidentiality risks for the and protecting their privacy. Our aim is to customers is why Citi works to advance and Customer company. Our privacy management efforts deliver solutions that provide seamless, protect the global business interests of our Information receive additional oversight from the Citi intuitive interactions with digital tools that will company directly and indirectly, through Privacy Advisory Council, which consists of not compromise personal data. We provide engagement with trade associations, govern- As digital solutions expand and become executive privacy officers and privacy and risk ongoing training for our employees through ments and elected officials around the world. more integrated into our daily lives, we see management leaders from across the firm. The digital identity learning packs that help build Citi advocates for public policies that support increasing concerns related to privacy and Council provides direction, addresses escalated awareness of, and skills related to, new digital the interests of our company, clients, share- security breaches. Data security and customer concerns and helps drive progress in this area. identity technologies. In addition, we engage holders and employees, such as trade and privacy are top priorities for Citi and for our Citi has also appointed a Global Chief Privacy with clients, partners and industry experts to investment proposals involving sanctions stakeholders. Counsel within the General Counsel’s Office. discuss the trends, challenges and opportu- and cybersecurity. Guided by our Political The Global Chief Privacy Counsel leads a global nities related to digital identity and to explore Engagement Statement, company political Cybersecurity team that provides legal guidance and strategic technologies that have the potential to meet our activities are performed in compliance with Our Chief Information Security Office ensures direction regarding privacy and data protection customers’ needs. applicable laws and regulations. that an appropriate level of cybersecurity gover- laws to the Chief Privacy Office and to nance, capabilities and controls are in place to businesses and functions across the enterprise. We also provide customers with resources and Under U.S. Federal Election Commission rules, protect Citi’s and our clients’ assets and infor- information related to safety and security. Our Citi’s Political Action Committee (Citi PAC) mation, with end-to-end accountability across Our Privacy and Bank Customer Confidentiality U.S. online Security Center enables customers pools the voluntary contributions of eligible the firm. Our strategy incorporates architecture, Policy articulates principles relating to the to learn about what Citi does to protect them employees to support U.S. political candidates technology, tools, policies and processes to collection and processing of personal infor- and what they can do to protect themselves and campaigns that support the financial prevent, detect, respond to and recover from mation, requiring, in part, that personal against identity theft and other security risks. industry and complementary pro-business cyber threats quickly. Learn more about the information only be collected and used as policies. Our bipartisan Government Affairs elements of our cybersecurity program on the necessary for the performance of the services Emerging Financial Technologies team and the Citi PAC Board consider whether following page. offered and for the purposes disclosed. Citi We monitor developments and innovations contributions meet our criteria. is transparent about personal information related to financial technology and digital Privacy collection and use practices, and offers assets amid sustained interest from clients and The fair, ethical and lawful collection, use and customers choices about how their personal investors. We carefully evaluate the evolving processing of customers’ personal information information may be collected or used (as regulatory landscape and associated financial is essential to build trust, provide best-in-class required by law), including choices relating to and non-financial risks to ensure we meet services and achieve our corporate objectives. marketing or reviewing and correcting infor- both our own regulatory frameworks and super- mation. Citi employees are required to take visory expectations. annual privacy compliance training that covers these privacy concepts. Citi 2022 ESG Report Page 69