Deutsche Bank Governance and operations Non-Financial Report 2022 Anti-financial crime Money laundering and terrorist financing Money laundering and terrorist financing are significant risks to Deutsche Bank, e.g., in the Corporate Bank which provides banking facilities to correspondent banks and their customers. To control these risks, minimum control standards are defined including, among others, risk-based client due diligence, the monitoring of transactions, name list screening, investigation of alerts and the filing of suspicious activity reports to authorities. These Suspicious Activity Reports can be triggered by alerts from Transaction Monitoring, internal referrals from employees, enquiries of law enforcement or referrals from other banks. Further measures include assessing the risk exposure in the client population and reducing the exposure through, for example, terminating relevant client relationships and liquidating or reducing risk in relevant and associated positions. The Anti-Money Laundering Policy contains the minimum control requirements and is updated regularly in line with regulatory developments and supplemented with internal safeguarding measures. Sanctions and embargos Deutsche Bank is committed to complying with sanctions imposed by the United Nations, European Union, and Germany globally as well as sanctions applicable in the jurisdictions in which it operates, especially the United States and United Kingdom. To control this risk, transactions are filtered, client and counterparty data is screened, trade in sanctioned financial instruments is restricted, and further measures such as rejecting or freezing a transaction, restricting client activities, or exiting a client relationship are taken. The Sanctions Policy – Deutsche Bank Group sets out the requirements and standards that apply globally within the bank. Anti-fraud, bribery and corruption Deutsche Bank has no tolerance for its employees, or third parties acting on its behalf, to engage in bribery or corruption and is committed to compliance with anti-bribery and corruption laws in the jurisdictions in which it operates. On an annual basis the Bank undertakes an assessment of inherent bribery and corruption risks and corresponding controls across all of its businesses. All Bank employees, including board members, are required to complete mandatory online anti-bribery and corruption training. Employees who do not complete their training are subject to potential disciplinary action. The bank has policies, procedures, and controls to mitigate the risk of bribery and corruption across key risk areas such as gifts and entertainment, hiring practices, use of third-party intermediaries, and participation in joint ventures as well as in strategic investments. These controls include the escalation of approvals, enhanced due diligence, contractual limitations, and ongoing monitoring to identify behaviors that could be indicative of bribery and corruption. As with all AFC policies, changes to the anti- corruption policies are communicated to all employees. The Bank has continued to reduce its exposure to areas that present a higher inherent risk of bribery and corruption, such as use of Business Development Consultants. Finally, potential instances of bribery or corruption would be investigated, and any employee determined to be engaged in such behavior would be subject to disciplinary action up to and including termination of employment. The Bank has implemented a holistic Fraud Risk Management Framework across all Lines of Defense, defining governance and minimum standards, and establishing key controls to mitigate the risk of fraud, such as Mandatory Time Away and Fraud Transaction Monitoring. Targets and measures GRI 2-24/26, 3-3, 205-2, 404-2, FS4 At Deutsche Bank, AFC defines the uniform strategy for the prevention of financial crime, including the preparation of group- wide policies and overseeing the implementation. The accountability for the definition and regular review of the risks controlled by AFC lies with the Group Anti-Money Laundering Officer. In order to be able to understand the required measures, it is important to capture, identify and weigh the financial crime risk Deutsche Bank is faced with. AFC regularly conducts an analysis of the financial crime risks and prepares a risk assessment for Deutsche Bank Group, as well as relevant subsidiaries to the extent required by applicable legal requirements. The risk analysis is reviewed annually and approved by the responsible Management Board member. Changes within the organization, but also the offering of new products can have an impact on the bank’s risk exposure. AFC is involved in structural divisional changes such as new products, new lines of business, expansions to new countries or new client categories to ensure the changes are within the Bank’s risk appetite and that effective risk assessment, monitoring and controls are defined before their launch. In order to adjust the strategy in a timely way to an ever-changing legal environment, AFC monitors requirements and advises and supports the Management Board and employees in the business divisions on changed requirements and their implementation into relevant policies. 87