45 Responsible marketing supports informed decisions We aim to provide current and prospective customers with products and services in a transparent, consistent, and responsible manner, and have processes and procedures in place designed to provide customers with information that allows them to make informed decisions . We believe that information should be provided in a manner that is accurate and understandable . Our marketing activity is subject to legal and compliance policies designed to help make sure we’re accurately portraying our products and services, evaluating content for biases or other discriminatory practices, and not misleading our customers . Wells Fargo Marketing strives to provide current and potential customers, including diverse populations and those with disabilities, with equal access to our content . That includes our websites, television ads, digital videos, emails, social posts, multimedia, and other content channels . We offer communications in English and other languages to support those with limited English proficiency . We also have accessibility experts who engage with our marketing teams and partners to help consider accessibility in every phase of the marketing campaign development process . And we have an enterprise digital accessibility policy that is designed to adhere to the industry standard for digital (web) accessibility, the W3C’s Web Content Accessibility Guidelines (WCAG 2 .0 AA), and the Americans with Disabilities Act (ADA) Title III . Information and cybersecurity Wells Fargo manages billions of customer interactions each year and we take a proactive approach to information security and cybersecurity . We’re continuously investing in emerging technologies and leveraging our digital channels and assets with the goal of making digital banking faster, easier, smarter, and safer for our customers . Information and cybersecurity governance and oversight Wells Fargo’s Information and Cyber Security (ICS) organization aims to protect Wells Fargo systems, networks, and customer data through the design, execution, and oversight of our Information Security Program (ISP) . ICS is led by our chief information security officer, who reports to the head of Wells Fargo Technology . The Wells Fargo Board of Directors annually approves the ISP and is kept informed of the ongoing status of the program . Wells Fargo organizations and employees, as well as vendors, nonemployees, and third parties with access to our systems or sensitive information, must adhere to the ISP’s policies, procedures, and requirements . Those requirements are designed to help make certain that information security risks are effectively identified, assessed, mitigated, and reported throughout Wells Fargo . The Wells Fargo ISP is designed to comply with applicable laws and regulations and is informed by industry standards, including from the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the International Organization for Standardization (ISO) 27002 standard, and COBIT 5 . Managing information and cybersecurity risk Information security risk (including cybersecurity) is a key risk type at Wells Fargo . That’s why information security risk management is guided by a set of foundational principles that direct how our company operates, including a functional framework, risk coverage statements, and risk appetites .
Wells Fargo ESG Report Page 44 Page 46