FNV: TSX | NYSE 60 Information Security We have an Information Security Policy that sets out our principles for the protection of information assets and our proper controls needed to ensure compliance with our standards and external regulations. The policy is intended to define the principles and requirements of acceptable use of information assets for our personnel and describe how these will be implemented across our global operations. It also informs our personnel of our expectations and requirements for acceptable use of information assets and the role of our personnel in protecting the security and integrity of our information. The Information Security Policy is comprised of a number of policies, including our: • Password Policy • Acceptable Computer Use Policy • Removable Media Policy • Email Policy • Remote Access Policy • Incident Logging Policy Our Audit and Risk Committee oversees the Information Security Policy and has designated our Chief Financial Officer as the executive responsible for: establishing and maintaining the practices and procedures necessary to implement the Information Security Policy, providing training to our personnel on the substance of the Information Security Policy at least once annually, and reporting to the Audit and Risk Committee on the operation of and compliance with the Policy. Given the increased global threat of cyberattacks, we endeavour to improve our information security whenever possible. In 2021, we made the following improvements to our cyber and information security: • Management enhanced its cybersecurity risk management processes to provide bi-annual cyber and information security updates to the Audit and Risk Committee on a go-forward basis • We enhanced password security • We updated our disaster recovery plan • We engaged third party companies to test our security and access Our Chair, David Harquail, in a media briefing, Beijing, China “The policy is intended to define the principles and requirements of acceptable use of information assets for our personnel and describe how these will be implemented across our global operations.” Governance