24 Updated Speak Up and Nonretaliation Policy Speaking up about ethical concerns — including suspected allegations, policy violations, workplace concerns, process improvements, or other concerns — is an expectation of all Wells Fargo employees worldwide as part of doing what’s right and is outlined in the Speak Up and Nonretaliation Policy . The policy was revised in December 2020 to: • Provide employees updated and expanded guidance on how to report a variety of types of concerns . • Provide improved clarity on roles and responsibilities, including those of managers, as they relate to speaking up and nonretaliation . • Provide new and enhanced definitions for terms such as retaliation and misconduct . • Provide additional requirements for international employees including links to country-specific policies for Australia; India; the Philippines; and Europe, Middle East, and Africa . Wells Fargo does not tolerate retaliation or other negative actions such as harassment or unprofessionalism as a result of an employee speaking up in good faith . Risk management Every employee has a role in managing risk at Wells Fargo . The Risk Management Framework sets forth our core principles for managing and governing its risk . Senior management sets the tone at the top by supporting a strong culture defined by the company’s expectations ¹ that guides how employees conduct themselves and make decisions . The Board holds senior management accountable for establishing and maintaining the company’s culture, including its risk management component and effectively managing risk . Wells Fargo views climate change as a global challenge that presents significant impacts for businesses and communities around the world, and is committed to finding solutions to help mitigate the impacts of climate change related to its activities and to partner with key stakeholders, including communities and customers, to do the same . We expect climate change to increasingly impact the risk types we manage, and will continue to integrate climate considerations into the Risk Management Framework as understanding of climate change and risks driven by it evolve . Wells Fargo’s Environmental and Social Risk Management (ESRM) Framework provides information and transparency about our approach to managing environmental and social risks, including those related to climate change . Our ESRM Framework is generally aligned to our Risk Management Framework . Environmental and social issues, including climate change, can manifest across risk types . Risk operating model – roles and responsibilities Wells Fargo has three lines of defense to manage risk: the Frontline, Independent Risk Management, and Internal Audit . Our risk operating model creates necessary interaction, interdependencies, and ongoing engagement among the lines of defense: • Frontline – The Frontline, which is composed of our principal lines of business and certain enterprise function activities, is the first line of defense . In the course of its business activities, the Frontline identifies, measures, assesses, controls, monitors, and reports on risk generated by or associated with its business activities and balances risk and reward in decision-making while operating within our risk appetite . 1 . Please see the Investing in our employees section for more on the company’s expectations .