our systems and databases, and we continuously improve our capabilities to meet the challenge of an evolving threat environment. In the event of a potential breach, we have a robust process to ensure appropriate reporting and notification, which includes: • Reviewing the breach to determine whether it meets any regulatory or legal reporting requirements in the country(ies) where the breach occurred or in the country(ies) impacted by the breach. If deemed necessary, a legal assessment is conducted. • Notifying the impacted customers as required by the laws or regulations of the impacted country(ies) and as directed in the legal assessment, if it results in a requirement to perform customer n otifications. We understand that simply defending ourselves is not enough. We must also influence the broader cybersecurity landscape within which Citi operates. As such, we collaborate with our clients, peer financial institutions, governments, law enforcement and intelligence agencies on a global scale to share best practices, exchange tactical information about specific cybersecurity threats, conduct joint cyber resilience exercises and work to drive adoption of industry-wide standards and approaches that will best enable the collective defense of the financial services sector a gainst c ybersecurity c hallenges. Our security teams receive and share threat data with our partners in near real time, leveraging that information to strengthen our internal controls and prac - tices and to protect Citi from attacks being perpetrated against other firms. Citi takes a leadership role in fostering a culture of sharing amongst our competitors on secu - rity issues, putting competitive instincts aside for the sake of strong information security practices. Privacy The fair, ethical and lawful collection, use and processing of customers’ personal information is essential to build trust, provide best-in-class services and achieve our corporate objectives. To help meet this goal, Citi has established a dedicated Chief Privacy Office team, led by a global Chief Privacy Officer. The Chief Privacy Office, part of our Independent Compliance Risk Management team, manages the Citi Global Privacy Program, which is overseen by Citi’s Privacy Advisory Body. The program provides a framework for managing privacy and confidentiality risks for the company. Citi has also established the Global Chief Privacy Counsel under the General Counsel’s Office. The Global Chief Privacy C ounsel p rovides gu idance an d strategic direction regarding privacy and data protection laws to the Chief Privacy Office and to businesses and functions across the enterprise. Citi’s Privacy and Bank Customer Confidentiality Policy articulates principles relating to the collection and processing of personal information, requiring, in part, that personal information only be collected and used as necessary for the perfor - mance of the services offered and for the purposes disclosed in a privacy notice. Citi is transparent in our collection and use practices and offers customers choices about how their personal information may be collected or otherwise used (as required by law), including opting out of marketing or other communications or reviewing and correcting information. Citi employees are required to take privacy and information compliance training that covers these privacy concepts. Protecting Digital Identity For fi nancial i nstitutions su ch a s C iti, verifying o ur c ustomers’ i dentity i s fu nda - mental t o s afeguarding t heir fi nancial assets a nd p rotecting t heir p rivacy. O ur aim i s t o d eliver s olutions t hat p rovide seamless, i ntuitive i nteractions w ith d igital tools t hat w on’t c ompromise p ersonal data. T o p rovide o ngoing t raining f or our e mployees, w e h ave c reated d igital identity l earning p acks t hat h elp b uild awareness o f — a nd s kills r elated t o — n ew digital id entity t echnologies. I n a ddition, we e ngage w ith c lients, p artners a nd industry e xperts t o d iscuss t he t rends, challenges a nd o pportunities r elated t o digital id entity a nd t o e xplore c utting-edge technologies t hat h ave t he p otential t o meet o ur c ustomers’ need s. We also provide our customers with timely resources and information related to safety and security. Our U.S. online Security Center enables customers to learn about what Citi does to protect them and what they can do to protect them - selves against identify theft and other security risks. Contents ESGatCiti SustainableFinance SustainableProgress Equitable&ResilientCommunities Talent&DEI RiskManagement&ResponsibleBusiness Appendices CITI 2021 ESG REPORT 114