Union Bank of Israel Ltd. Detailed Report on Risks

Union Bank of Israel Ltd.

Detailed Report on Risks - Pillar 3 Disclosure and Additional Information Regarding Risks

December 31, 2019

TRANSLATION FROM HEBREW - IN THE EVENT OF ANY DISCREPANCY THE HEBREW SHALL PREVAIL

-1- Contents

Background………………………………………………………………………………...... 7 Disclosure Principle………………………………………………………………………...... 8 Forward looking information………………………………………………………………… 9 Applicability of Implementation………………………………………………………………. 10 Main supervisory relations and a review of risk management and risk assets……………… 11 Principal supervisory ratios (KM1) …………………………………………………………... 11 Framework of Regulatory Directives………………………………………………………… 13 The banking corporation's approach to risk management (OVA) ……………………………. 14 Top and Emerging significant Risks………………………………………………………….. 24 Review of Weighted Risk Assets (OV1) …………………………………………………….. 34 Composition of capital………………………………………………………………………….. 38 Composition of supervisory capital (CC1) …………………………………………………… 38 Capital Adequacy………………………………………………………….………………….. 48 Capital Planning and Capital Objectives……………………………………………………… 52 Leverage Ratio…………………………………………………………………………………... 54 Comparison of the assets in the balance sheet and the measurement of exposure for the purpose of the leverage ratio (LR1) ………………………………………..……...………………… 55 Leverage Ratio (LR2) ………………………………………………………………………… 56 Credit risk……………………………………………………………………………………….. 58 General Information on Credit Risk Quality (CRA) ………………………….….…………… 58 Credit Quality of Credit Exposures (CR1) ……………………………………….…………… 68 Changes in impaired debt stock (CR2) ………………………………………..……………… 69 Further disclosure regarding credit quality of credit exposures (CRB) ……………….……… 70 Credit Risk Mitigation Methods (CRC) ……………………………………………………… 86 Credit Risk Mitigation Methods - Review (CR3) ………………………………….………… 88 Credit Risk According to the Standardized Approach…….…………………………...……… 89

-2- Contents Counterparty Credit Risk………….………………………………………………...………… 94 Qualitative Disclosure of Counterparty Credit Risk (CCRA) ……………………..………… 94 Analysis of Exposure to Counterparty Credit Risk (CCR) by Supervisory Approach (CCR1).. 96 Capital Allocation in respect of Revaluation Adjustment to Credit Risk (CVA) (CCR2) ……. 97 Exposures to Counterparty Credit Risk (CCR) by Risk Portfolio and Risk Weights (CCR3, CCR8) …………………………………………….………………………………………….. 97 Composition of Collateral in respect of Exposure to Counterparty Credit Risk (CCR) (CCR5). 97 Exposure to Credit Derivatives (CCR6) ……………………………………………….….… 97 Market Risk……………………………………………………………………………………… 98 Market Risk Management (MRA)…………………………………………………….….…… 98 Market Risk in the Standardized Approach (MR1) ……………………………………...…… 102 Market Risk Assessment and Control……..………...………………………………………… 103 Interest Rate Risk in the Banking Book (IRRBB) and in the Trading Portfolio……...……... 108 Objectives and Targets in the Management of Interest Rate Risk in the Banking Book…….… 108 Quantitative Information on Interest Risk in the Banking Book and in the Trading Portfolio.... 111 Shares Risk………………………………………………………………………………………. 117 Liquidity Risk……………………………………………………………………………………. 119 Liquidity Coverage Ratio (LIQ1) …………………………………………………………..… 119 Additional Disclosures in respect of Liquidity Coverage Ratio (LIQA) ……………………… 121 Liquidity Risk Management…….……………………………………………………………. 124 Operational Risk………………………………………………………………………………… 131 Management of the Operational Risks………………………………………………...……… 131 Information Systems and Information Technology at the Bank………………………….…… 133 Cyber Risk Management and Information Security……………………………………...…… 137 Business Continuity - Emergency Preparedness……………………………………………… 139 Other Risks……..………………………………………………………………………………... 141 Compliance Risk…………………………………………………………………….……… 141 Legal Risk…………………………………………….………………………………...…… 143 Goodwill Risk………………………………………….……………………………….…… 144 Strategic Risk…………………………………………….……………………………..…… 145 Environmental Risk…………………………………………………………………….…… 146 Remuneration……………………………………………………………………………………. 148 Qualitative Disclosure of Remuneration (REMA) …………………………………..……… 150

-3- Contents

Addendum A - Relations between financial statements and regulatory amounts……...…….. 162

Differences between the Accounting Consolidation Basis and the Supervisory Consolidation Basis and the Mapping of the Financial Statements according to the Supervisory Risk Categories (LI1) ………..……………………..………………………………….……...… 162

The Relationship between the Balance Sheet and Regulatory Capital Components (CC2)……... 164

Main Sources of Differences between Supervisory Exposure Amounts and Balance Sheet Balances in the Financial Statements (LI2) ……………………………………………..……. 166

-4-

List of Tables Table 1: Principal supervisory ratios (KM1)………………………………...………..………… 11 Table 2: Review of Weighted Risk Assets (OV1)………………………………….…………… 34 Table 3: Movement in risk assets ……………………………………………...………..……… 36 Table 4: Composition of supervisory capital for the purpose of calculating the capital ratio (CC1)…………………………………………………………………………...…….. 40 Table 5: Movement Report on the Composition of the Supervisory Capital………...……..…… 46 Table 6: A comparison of the assets in the balance sheet and the measurement of exposure for the purpose of the leverage ratio (LR1)….…………………………………………….. 55 Table 7: Leverage Ratio (LR2)…..……………………………………………….……………… 56 Table 8: Credit quality of credit exposures (CR1)...……………………………………………… 68 Table 9: Credit risk by industry - consolidated …………………………………………….…… 76 Table 10: Credit exposures by maturity …………………………………………….…………… 80 Table 11: Exposure to foreign countries – consolidated ……………………………..………… 81 Table 12: Movement in balance of provision for credit losses …………………………...……… 85 Table 13: Methods for reducing credit risk (CR3)..……………………………………………… 88 Table 14: The Mapping Table for the Rankings of the Ranking Company S&P (CRD).....……… 89 Table 15: The standard approach - exposure to credit risk and the effects of credit risk mitigation (CR4).………..………………………………………………..……………………..… 90 Table 16: The Standard Approach - Exposures by asset types and risk weights (CR5).……….… 92 Table 17: Analysis of exposure to credit risk of a counterparty (CCR) according to a supervisory approach (CCR1)…………….…………………………………………..…………… 96 Table 18: Capital allocation in respect of revaluation adjustment to credit risk (CVA) (CCR2)..... 97 Table 19: Market risk in a standardized approach (MR1)..……………………………………… 102 Table 20: Concentration of overall market risk limitations and the actual exposure in NIS millions…………………………………………………………………….………… 106 Table 21: Adjusted net fair value of the financial instruments of the Bank and its subsidiaries…. 111 Table 22: The effect of scenarios of changes in interest rates on the adjusted net fair value of the Bank and its subsidiaries……………………………………………..………….…… 112 Table 23: The effect of scenarios of changes in interest rates on net interest income and non- interest financing income …………………………………………….………..……… 113 Table 24: Total exposure of the Bank and its subsidiaries to changes in interest rates…………… 114 Table 25: Capital requirements for groups of shares ……..……………………………………… 117 Table 26: Liquidity Coverage Ratio (LIQ1)………………………………..……………………. 120

-5- List of Tables Table 27: Liquidity Coverage Ratio - additional disclosures (LIQA)…...….……….…………… 121 Table 28: High quality liquid assets composition..……………………………….……………… 123 Table 29: Summary of Pledged and Non-Pledged Assets ……………………………………… 128 Table 30: Concentration of the Key Employees of the Bank …………………………………… 152 Table 31: Additional Details of the Remuneration Amount in Respect of the Reporting Year for Senior Officers and the Other Key Employees (REM1)...………………...…………… 159 Table 32: Special payments (REM2)…………………………………………………………….. 160 Table 33: Deferred remuneration (REM3)……………………………………………………….. 161 Table 34: Differences between the accounting consolidation basis and the supervisory consolidation basis and the mapping of the financial statements according to the supervisory risk categories (LI1)………………………………………….…………… 162 Table 35: Composition of the regulatory balance sheet (CC2) …………………..……………… 164 Table 36: The main sources of the differences between the regulatory exposure amounts and the balance sheet balances in the financial statements …………………………………… 166

-6- Background

Union Bank of Israel Ltd. (hereinafter – "The Bank") was founded in 1951. The Bank is a banking corporation and possesses a banking license under the provisions of the Banking Law (Licensing) - 1981. The Bank's shares are listed for trading in the Tel Aviv Stock Exchange. The major shareholders of the Bank as of the publication of the financial statements (December 31, 2019) are as follows:

Shlomo Eliyahu Holdings Ltd. (2) 22.92% Yeshayahu Landau Holdings (1993) Ltd. (1)(3) 21.65% Yeshayahu Landau Properties (1998) Ltd (3) 3.12% David Lubinski Properties (Holdings) 1993 Ltd. (1)(4) 16.5% Cheroudar Properties Ltd. (4) 6.36% Eliyahu 1959 Ltd. 4.20%

1. Constitute the controlling shareholders of the Bank, (which is 33% of the Banks' issued and paid-up share capital, as at the publication date of the financial statements, and distributes evenly among its members, 16.5% of the Banks' issued and paid-up share capital each). 2. On October 29, 2012, Shlomo Eliyahu Holdings Ltd. ceased to be part of the controlling interest of the Bank following the completion of the acquisition of control of Migdal Insurance and Financial Holdings Ltd. By Mr. Shlomo Eliyahu through Eliyahu 1959 Ltd. (former Eliyahu Insurance Company Ltd.), all as detailed in Section "Investments in the Bank’s Capital and Transactions in its Shares". 3. Companies controlled by Mr. Yeshayahu Landau RIP. On November 25, 2018, Mr. Yeshayahu Landau, who holds a permit to control the Bank, as part of the controlling interest in the Bank, as mentioned above, died. 4. Held equally by Dr. Yael Almog-Zackai and Mrs. Ruth Manor.

The Bank has 35 branches across Israel (which includes a center for private banking). The Bank provides its customers with a variety of banking services. According to the figures published in the consolidated financial statements of all of the banks in Israel as of December 31, 2019, the Bank is the sixth largest in Israel. In addition, see "Top and Emerging significant Risks" section and also Note 32 - “Events during the reporting period and after the balance sheet date” to the financial statements as at December 31, 2019, in connection with the implications of the announcement of the shareholders that holds the controlling interest of the Bank from July 30, 2017, regarding their intention to act to sell their holdings in the Bank and their contractual engagement on November 27, 2017 with Mizrahi Tefahot Bank Ltd. ("Mizrahi Bank"), and other events related to these announcements.

-7- Disclosure Principle

The detailed report on risks includes detailed quantitative information and qualitative information on the review of risks and risk management. The report includes disclosure requirements published by the Basel Committee, as detailed in Pillar 3 of the directives (hereinafter: "Pillar 3"), and the disclosure requirements concerning risks based on other sources, including disclosure requirements issued by the Financial Stability Forum (hereinafter: "FSF") and disclosure requirements issued by the Enhanced Disclosure Task Force (hereinafter: "EDTF") established by the Financial Stability Board (hereinafter: "FSB") in order to improve the risk disclosure at banking corporations. In addition, the disclosure includes additional disclosure requirements established in the Public Reporting Directives of the Supervisor of Banks.

The report has been prepared in accordance with the following principles: • The information is based, in part, on financial information presented in the financial statements of the Bank, which serves as the basis for the calculation of regulatory ratios, with the required adjustments, and in part on internal estimates and internal models. Accordingly, some of the information constitutes unaudited estimates and/or represents information defined as forward- looking information. • The qualitative information concerning exposure to and management of risks is primarily described in this report. Additional relevant information can be found in the section, “Review of risks,” in the 2019 Annual Report of the Board of Directors and Management (hereinafter: the “Board of Directors and Management Report”).

-8- Forward-looking Information

Part of the information presented in the Detailed Report on Risks, which does not relate to historical facts, constitutes forward-looking information as defined in the Securities Law - 1968. The actual results of the Bank may be significantly different from those that were included in the forward-looking information, as a result of many factors. These factors include, but are not limited to, changes in legislation and the directives of supervisory agencies, macro-economic developments and in particular developments in the global financial crisis and the consequent uncertainty, extraordinary economic events such as drastic changes in interest, exchange rates, inflation rates, the behavior of competitors and specific changes to be detailed below. Forward-looking information is characterized by words or expressions such as: "expectation", "should", "forecast", "in the opinion of the Bank", "the Bank intends to", "forecast", "program", "target", "risk estimation", "scenario", "stress scenario", "risk assessment", "correlation", "segmentation", "we believe", "expected", "predicted", "estimate", "intend", "plan", "intend", "might change", "needs", "may", "will be" and similar expressions. The use of these forward-looking expressions involves risks and uncertainty since they are based on management assessment of future events, which may not materialize or materialize differently than expected. The information presented below relies on, inter alia, future forecasts regarding matters pertaining to economic developments in Israel and abroad and on the work plans and budgets of the Bank for 2017. The Bank makes no commitment to publish an update to the forward-looking information included in these reports, including in respect of the effect on such information of circumstances and events that may occur after the publication of the reports. Also see "Top and Emerging significant Risks" section and Note 32 - “Events during the reporting period and after the balance sheet date” to the financial statements, in connection with the implications of the announcement by the shareholders that holds the controlling interest in the Bank from July 30, 2017, regarding their intention to act to sell their holdings in the Bank and their contractual engagement on November 27, 2017 with Mizrahi Tefahot Bank Ltd. ("Mizrahi Bank"), and other events related to these announcements.

-9- Applicability of Implementation

Disclosure According to Pillar 3

Union Bank of Israel Ltd. does not hold banking subsidiaries. Accordingly, the requirements of the Supervisor of Banks, including the Basel 3 directives, are implemented only on the consolidated level. In general, the Bank's capital requirements are based on its consolidated financial statements, which are prepared in accordance with generally accepted accounting principles (GAAP) and in accordance with the directives and guidelines of the Supervisor of Banks. Pursuant to GAAP, subsidiaries controlled directly or indirectly by the Bank are consolidated in the financial statements; however, different consolidation rules sometimes apply for the purpose of capital supervision. However, as at December 31, 2019, there are no differences between the consolidation base according to the accounting principles and the supervisory consolidation base for the purposes of capital adequacy. As required in the directives of the Bank of Israel, the data presented in the disclosure in this report are stated on a consolidated basis only, and are based on the financial information presented in the financial statements of the Bank, with the adjustments required by the implementation of the Basel directives (such as: deductions from capital, debt instruments qualifying for inclusion in regulatory capital, special treatment of accounting effects of the efficiency plan on the capital of the Bank, and adjusted calculation in respect of special actuarial liabilities). There are no prohibitions or significant limits of any kind on transfers of funds or of supervisory capital within the group. For additional details regarding subsidiaries of the Bank, see Note 14 – "Investments in Investee companies and details on such companies" to the annual financial statements of 2019, and additional information in the Corporate Governance Section.

Note that the disclosure format of this report has been adjusted to the requirements of Public Reporting Directive 651 - "Basel 3 Disclosure Requirements and Additional Information Regarding Risks”.

-10- Principal supervisory ratios and risk-management and risk assets review Disclosure According to Pillar 3 Principal supervisory ratios (KM1)

Table 1: Principal supervisory ratios (KM1) A B C D E On a consolidated basis, as at 31.12.2019 30.09.2019 30.06.2019 31.03.2019 31.12.2018 NIS millions Available Capital 1 Common equity Tier 1 capital1 2,703 2,737 2,769 2,718 2,621 1a Common equity Tier 1 capital before effect of transitional directives 2,600 2,626 2,649 2,588 2,482 2 Tier 1 capital1 2,703 2,737 2,769 2,718 2,621 2a Tier 1 capital before effect of transitional directives 2,600 2,626 2,649 2,588 2,482 3 Total capital1 3,513 3,533 3,704 3,648 3,551 3a Total capital before effect of transitional directives 3,387 3,399 3,441 3,372 3,264 Risk-weighted assets 4 Total risk-weighted assets (RWA) 25,187 25,468 24,574 24,518 24,636 Capital-adequacy ratios (in %) according to the directives of the Banking Supervision Department In % 5 Common equity Tier 1 capital ratio 10.73% 10.75% 11.27% 11.09% 10.64% 5a Common equity Tier 1 capital ratio to risk elements before implementation of the effect of transitional directives 10.32% 10.31% 10.78% 10.56% 10.08% 6 Tier 1 capital ratio 10.73% 10.75% 11.27% 11.09% 10.64% 6a Tier 1 capital ratio to risk elements before implementation of the effect of transitional directives 10.32% 10.31% 10.78% 10.56% 10.08% 7 Total capital ratio 13.95% 13.87% 15.07% 14.88% 14.41% 7a Total capital ratio to risk elements before implementation of the effect of transitional directives 13.45% 13.35% 14.00% 13.75% 13.25% 11a Common equity Tier 1 capital ratio required by the Banking Supervision Department2 9.39% 9.38% 9.39% 9.38 % 9.38% 12a Available common equity Tier 1 capital ratio beyond the requirement of the Banking Supervision Department 1.34% 1.37% 1.88% 1.71% 1.26% Leverage ratios according to the directives of the Banking Supervision Department 13 Total exposures (NIS millions) 45,089 44,329 43,058 43,004 44,157 14 Leverage ratio (in %) 5.99% 6.17% 6.43% 6.32% 5.94% 14a Leverage ratio before effect of transitional directives (in %) 5.77% 5.92% 6.15% 6.02% 5.66% Liquidity coverage ratio according to the directives of the Banking Supervision Department 15 Total high-quality liquid assets (NIS millions) 10,022 9,982 9,885 10,197 11,066 16 Total net cash outflows (NIS millions) 7,721 7,788 7,793 8,309 8,807 17 Liquidity coverage ratio (in %)3 130% 128% 127% 123% 126% See comments below -11- Comments:

(1) Data regarding capital adequacy ratio and leverage ratio includes adjustments in respect of the efficiency plan set forth in the letter of the Supervisor of Banks dated January 12, 2016, concerning "Operational Efficiency of the Banking System in Israel" (hereinafter: "Adjustments in respect of the efficiency plan"), which were approved by the Supervisor of Banks. For further details, see the Capital Adequacy chapter (2) Requirements for a common equity Tier 1 capital ratio of 9% and a total capital ratio of 12.5% are in effect as at January 1, 2015. In addition, beginning January 1, 2015, additional capital requirements are in effect at a rate representing 1% of the balance of housing loans at the reporting date. In light of the above, the minimum common equity Tier 1 capital required and the minimum total capital ratio required are 9.39% and 12.89%, respectively, at the reporting date. (3) The liquidity coverage ratio presented in terms of simple averages of daily observations during the reported quarter. (4) For further details regarding these metrics, including detailed quantitative disclosure, see this report as well as the report of the Board of Directors and Management.

-12- Framework of Regulatory Directives

The Supervisor of Banks, who receives information regarding the Bank's capital adequacy and establishes capital requirements for the Bank, supervises the Bank. Since January 1, 2014, the Bank has applied the capital measurement and adequacy directives based on the Basel 3 directives (hereinafter: “Basel 3”), as published by the Supervisor of Banks and as integrated into Proper Conduct of Banking Business Directives 201-211. The Basel 3 directives are based on three pillars:

 Pillar 1 – Includes the manner of calculation of the supervisory minimum capital requirements in respect of credit risks, operational risk, and market risk.  Pillar 2 – Sets forth internal processes (ICAAP – Internal Capital Adequacy Assessment Process) to be used by banks to assess the required capital in respect of risks in aggregate, including those not covered by Pillar 1 (such as credit concentration, interest-rate risk in the banking book, liquidity risks, settlement risks, and more), as well as a review process (SREP) to be performed by the Supervisor of Banks.  Pillar 3 – Market discipline; establishes the manner and the extent of information to be presented in reporting to the public on the risks to which the Bank is exposed. This pillar requires the disclosure of both quantitative and qualitative information, in order to enable the market factors to estimate the extent of the Bank’s exposure to risk factors.

In addition, the Bank applies disclosure requirements in this report based on other sources, including disclosure requirements issued by the EDTF and additional requirements established by the Supervisor of Banks.

-13- The banking corporation's approach to risk management (OVA)

The Bank’s business activity entails credit risks, market risks, liquidity risks, operational risks including legal risks, compliance risks and also goodwill and strategic risks. The Bank's risk management policy aim is to assimilate a risk management culture, governance and control while enabling the strategic and business objectives of the bank. The Banks' risk management policy helps the Bank reach those objectives, while defining different risk types and their scope, and the compliance to the with risk appetite and risk tolerance set by the Board of Directors Suitable operating report systems and control and monitoring mechanisms are implemented to accommodate the appropriate risk management infrastructure.

For further details of the objectives and risk management policy in the various risks, see the chapters on credit risk, market risk, interest risk in the banking book and equity risk.

The Corporate Governance in the Risks Management Process at the Bank

Disclosure According to EDFT

The Bank's risk management and capital adequacy processes are regulated and controlled by the Board of Directors and its committees, the CEO of the Bank and Management, the Management Committees, the risk-creating business divisions, the Control and Risk Management Division, the Finance Division, the Legal Counsel and compliance Division, the Resources Division and the Internal Audit.

-14- Organizational Structure of the Risk Management

Disclosure According to EDFT

Following is a chart of the organizational structure of the Bank:

Chairman

Secretary of the Internal audit Bank Division Board of Directors

C.E.O.

Financial Retail, Costumers Controls and Risk Legal Advice and Corporate Finance Division Resources Division Management Asset, and Advising Management Division Compliance Division Division Division Division

Capital Market and Planning and Accounting Nostro Credit Risk Management Special Arranging Sales and Branches Transactions Consulting Information Capital market Special Credits Logistics Unit System Credit and Operational Risks mortgages Business Human Resources Foreign Currency Information and Economic Analysis consulting and Capital and Training Dealing Room, Credit Report Management of Planning ALM and Liquidity Costumers Assets Corporate Credit Wage, Operation Managerial Risks Retail Middle Office Control and and Negotiation Planning and Subsidiary Processes Marketing and Control Validation Domain Lawsuits and Digital resources Capital Market ILS Execution Igudim Operation Direct Banking Obedience Union Issuances Union Systems Inter-branches Coordination and Operation Union Bank Trust Company The Bank Brunches Union Investments & Enterprise (A.S.Y) Igud Leasing

-15- The Board of Directors of the Bank establishes the Bank's strategy and business policy, and guides the Bank's Management regarding the objectives and the principles of the Bank's activity. The Board of Directors expresses the overall exposure policy within the definition of the risk appetite and risk tolerance and within specific policy documents.

The Board of Directors and its committees hold discussions regarding the nature and characteristics of the various risks to which the Bank is exposed in its activity, the risk assessment methods, and the effectiveness of supervision over them, including discussions of the tools and manner of use of tools, and of risk assessment, measurement and monitoring. The Board of Directors establishes the risk exposure policy of the Bank, including hierarchy of authority, while determining the mix of exposures reflecting the risk profile of the Bank, and the required volume of capital, while allocating such capital to the various business activities. Determining risk appetite and risk tolerance and examining the need to update them, in all areas of activity and the exposures to risks. These areas include capital targets and capital planning, credit risks, market risks, liquidity risk, operational risks, concentration risks, goodwill risks and strategic risk. Monitoring of the compliance with the risk appetite and risk tolerance in all areas of the activities is performed by using the quarterly risk document discussed by the Risk Management Committee of the Board of Directors and by the plenum of the Board of Directors. In addition, monitoring tools were developed in order to routinely test for compliance with the risk appetite and risk tolerance and examine the development of the exposure to risks over time. In addition, the Board of Directors has approved a policy for applying stress scenarios to the different exposures and their effects on the capital ratios, while defining principles for the establishment of the stress scenarios and the reporting of their results.

The Board of Directors has determined the responsibilities, duties, and authority of the CEO, who is responsible, among other matters, for implementation of the business strategy and policy of the Bank; the routine business and organizational management of the Bank, while ensuring its stability and profitability; preparation of an annual work plan and annual budget, including an investment budget, and presenting them for discussion and approval by the Board of Directors; and maintaining managerial supervision and control over the organizational system of the Bank and over the execution of the work plan in congruence with the risk-management policy and risk appetite of the Bank.

-16- Following are the changes that occurred during the course of 2019 regarding management members and officers:

 From January 1, 2019, to October 31, 2019, Mr. Alon Biron served as Head of Controls and Risk Management Division and as Chief Risk Officer of the Bank; As of November 1, 2019, Mrs. Shira Radovan serves as Acting Head of Controls and as Risk Management Division and Chief Risk Officer. Further to Mrs. Radovan’s notice of her decision to finish her position at the Bank, the Board of Directors of the Bank decided, at its meeting of January 28, 2020, to appoint Mr. Ilan Yishayahu to the position of Acting Head of Controls and Risk Management Division and Chief Risk Officer of the Bank.  On January 31, 2020, the Internal Auditor of the Bank, Dr. Akiva Sternberg, had finished his service at the Bank.  On February 8, 2019, Dr. Zalman Segal had finished his service as an external director of the Bank, pursuant to the Companies Law. For further details see Immediate Report dated February 10, 2019 (reference no. 2019-01-013401), included by reference.  On May 23, 2019, Mr. Amnon Beck's service as an external director of the Bank was approved, pursuant to the Companies Law. For further details see Immediate Report dated May 23, 2019 (reference no. 2019-01-043764), included by reference.  On December 7, 2019, Mr. Alberto Garfunkel had finished his service as an external director of the Bank, pursuant to the Companies Law. For further details see Immediate Report dated December 8, 2019 (reference no. 2019-01-106989), included by reference.  On December 19, 2019, the Chairman of the Board of Directors, Mr. Zeev Abeles, noticed of his decision to finish his service as Chairman of the Board of Directors of the Bank. Mr. Abeles will finish his service in mid-June 2020; however, to the extent necessary, and if a transaction for the acquisition of shares of the Bank by Bank Mizrahi is executed, by mid-June 2020, Mr. Abeles has expressed his willingness to remain in office until such transaction is completed.

Lines of Defense Within the management, supervision, and control over the Bank's exposures, three lines of defense have been established, as detailed below:

First Line of Defense – Some of the members of management of the Bank are the creators of the various risks that realize the risk policy and appetite established by the Board of Directors. The corporate divisions that create risk contain units responsible for identifying, assessing, measuring, monitoring, and reporting of the risks inherent in the products, activities, processes, and systems under their responsibility. Thus, each of these divisions is responsible for the operational risks inherent in its areas

-17- of activity, for the goodwill risks, for the strategic risks and for the management of an appropriate control environment in the context of risk management. In order to fulfill their duties, the CEO and the members of management receive daily and periodic reports that allow them to follow the exposure to risks at the Bank, in addition to targeted discussions in the appropriate forums and committees.

Second Line of Defense – The controls and risk management division serves as an independent risk- management function, complementing the risk-management activities of the business line. The risk- management process performed in the second line of defense is independent of the business lines that create risk, and encompasses planning, maintenance, and ongoing development of the working framework for risk management at the Bank. Within this process, the appropriateness of the inputs of the business lines for risk management, risk measurement, and the reporting systems of the Bank are examined, as well as the appropriateness of the outputs obtained. Additional units that serve as a second line of defense include:  The Legal Advice and Compliance Division assists the branches in all of the legal aspects of the activity of the Bank and the Bank Group, including the preparation of agreements, procedures, and other legal documents; handling legal claims to which the Bank is a party; handling requests from authorized government agencies; overseeing compliance activities at the Bank, the prohibiting of money laundering and terrorism financing, and more.  The finance division is responsible, among other matters, for the management of the Bank's books, coordination and preparation of the financial statements for the public and reports to various supervision entities (primarily the Bank of Israel), and examination of the completeness of control processes and the execution thereof (SOX processes) in order to ensure the existence of an effective system of internal control over financial reporting at the Bank. The division oversees the Bank's work plan and budget, including monitoring of the attainment of objectives; measurement and control of capital adequacy, capital planning, and capital targets; and examination of the appropriateness of classifications and allowances for credit losses, in accordance with Proper Conduct of Banking Business Directive 311, “Credit Risk Management”. The division is also responsible for purchasing, logistics, supplier payments, and handling taxation matters with the tax authorities and with internal functions.  In order to ensure coordination and cooperation among all of the functions mentioned above, the work plans of these functions are reviewed by the chief risk officer; risk-assessment methodologies are reviewed, in order to ensure consistency in risk assessment across all risk types; and discussions are conducted in joint forums, including the capital planning forum, the SOX administration, dedicated forums for key risks (corporate credit, retail credit, market and liquidity, and operational and cyber risks), the new product forum, and the ICAAP stress scenario application committee. -18- Third Line of Defense – Internal audit is responsible for performing periodic internal audits in the units of the Bank and at its consolidated subsidiaries, based on a multi-year work plan based on risk mapping. The internal audit monitors the correction of deficiencies identified in audit reports, and independently reviews and challenges risk-management controls, processes, and systems at the Bank. The Bank rigorously maintains an effective risk culture and the existence of coordination among the three lines of defense, which are important attributes of proper risk-management governance.

Following is the organizational structure of the Risk Management of the Bank:

Additional units on the Executive Members on the Primary Internal second line of defense CRO businesses Divisions Auditor

The Legal Advice Overall Risk and Compliance The Internal Business units and risk Assessment Audit management units Division Operational Risks Finance Division Management Independent control units Market and Liquidity Supporting units Risk Management

Credit Risk Management

Validation Domain

First line of defense Second line of defense Third line of defense

The responsibilities of the various members of management within the lines of defense, described above, are detailed below.

Management of business credit exposures at the Bank, environmental risks and credit concentration risks are the responsibility of the Head of the Corporate Division. Management of credit exposure risks in the retail and commercial segment and the mortgages segment and the goodwill risk management are the responsibility of the Head of the Retail Banking, Customer Assets and Investment Advice Division. The management of exposures to market and liquidity risks is the responsibility of the Head of the Financial Management Division. Exposures are created primarily through the dealing rooms, the Asset and Liability Management Unit and the Proprietary Investments Unit in the division. In addition, the division is responsible for the credit risk of the proprietary units and clearing risk and activity with foreign banks.

-19- The management of legal risks is under the responsibility of the Chief Legal Advisor of the Bank, and compliance risks and money laundering prohibition are under the responsibility of the Chief Compliance Officer, with organizational subordination to the Chief Legal Counsel. The CEO of the Bank serves as the Strategic Risk Manager.

The head of the Controls and Risks Management Division serves as the Bank’s Chief Risk Officer (CRO). The division coordinates all of the management processes and the risks control and is a second line of defense to the Bank's business activity including monitoring and controlling the operational risks inherent in this activity, through the following units: Risk Management Array – Responsible for the identification, definition, mapping and measurement of the various risks, and formulation of overall risk picture and reporting in respect of it, which are served to the management of the Bank and the Board of Directors both in the quarterly risk document and in the annual ICAAP document. In addition, the array is also responsible for coordinating a risk examination forum of new products. This role includes the development and implementation of methodologies and internal models for measurement and assessment of the various risks. The system is also responsible for giving an independent opinion regarding material credit exposures and for writing and coordinating the business policy documents (credit, market and liquidity), including coordinating the risk appetite and risk tolerance. Credit Control Unit is responsible for performing credit controls, encompassing the major borrowers of the Bank, while evaluating the quality of the borrower, the quality of the fundamental documents and collateral in the customer’s portfolio, the quality of the credit portfolio, and the examination of the reliability of the credit rating at the Bank. The credit control unit works within an annual and multi-year work plan, which is submitted for approval to the Credit Committee of the Board of Directors. Operational Risks Unit – The unit measures the operational risk inherent in the activities of the various units of the Bank by conducting surveys on operational risks. In addition, monitors events of failure and loss in the current activity, updates the operational risk map and reports to the Bank's management and Board of Directors in a periodical format. In addition, the unit is responsible for updating the operational risk policy document at least once a year. Validation Domain – Responsible for validating the Banks' developed models in the market, liquidity and credit risk fields.

-20- Risk Management Culture Disclosure According to EDTF

An effective, broad, organization-wide risk management process is a key component in ensuring the stability of the Bank over the long term. A proper risk culture supports effective risk management, promotes appropriate risk taking, and ensures that emerging risks or activities involving undertaking risk beyond the risk appetite of the Bank, are identified, evaluated, and addressed in a timely manner. A proper risk-management culture includes, inter alia, the following components:

 Proper balance between risk and reward, consistent with the risk appetite.  An effective system of controls aligned with the scale and complexity of the Bank's activities.  Ability to challenge the quality of the models and the degree of accuracy of the data.  Existence of tools available for measuring risks correctly.  Monitoring of all deviations from limits and divergences from established policy, and locating of operational incidents, including the application of immediate disciplinary proceedings as necessary.

The Bank has instilled an organizational culture based on effective risk management, which supports professional and responsible behavior, and provides norms and appropriate incentives for such behavior. In order to achieve this goal, the Board of Directors and management:

 Receive routine reports on all of the significant business lines, in order to ensure that policies, controls, and risk-monitoring systems are maintained with respect to these activities. For details of risk management control tools, see the following chapters - credit risk, market risk, liquidity risk and operational risk.  Ensure the existence of a clear definition of authority and accountability, so that the employees of the Bank understand their roles and their responsibility for risk, as well as their authority to act in this connection, inter alia, through defining the policy documents and discussing and approving the key procedures at the Bank.  Ensure that risk-management considerations are a key component in strategic and routine decisions, inter alia, through the opinion of the Chief Risk Officer on the strategic plan, work plans, and remuneration plans of the Bank.  Ensure the alignment of the remuneration policy with the risk appetite and risk tolerance, with long-term strategic objectives, and with financial objectives, so that it does not impair the financial stability of the Bank, while appropriately balancing between risk and remuneration.

-21-  Ensure the existence of processes and of effective communication between the functions of the second line of defense, inter alia, through the participation of the Chief Risk Officer, or others acting on her behalf, in the forums that are under the responsibility of the other functions that serve as a second line of defense.

Training – The Bank attributes high importance to enhancing the knowledge and professional skill among the employees of the Bank, with the aim of creating an organization that is professional, sales- oriented, ethical, and continually learning. The Bank invests extensive resources in training employees, including training according to the professional track, and development of a new multi-year plan for designated executives' populations. In addition, training and meetings on the subject of regulation, and on various subjects related to banking, are conducted including lesson learning from various events, based on mapping of knowledge gaps and on organizational development.

Risk Appetite Disclosure According to EDTF

The following are the definitions of risk tolerance and risk appetite, as established by the Bank in accordance with Proper Conduct of Banking Business Directive 310, Risk Management:  Risk – Exposure to a borrower or counterparty (including a supplier, geographical region, economic sector, or other risk factors) with the potential to cause a significant loss, other damage, or a material change in the risk profile of the Bank.  Risk Appetite – Generally represents the risk environment sought by the Bank in order to attain its objectives.  Risk Tolerance – The maximum or minimum risk level which is not to be exceeded (the risk limit). The risk appetite and risk tolerance are determined taking into consideration the Bank's risk-management concept and corporate strategy. The Board of Directors discusses the risk appetite and risk tolerance at least on an annual basis. Any change in risk appetite and risk tolerance is approved in an orderly, documented procedure, while detailing the reasons for the change. The risk appetite and risk tolerance of the Bank are consistent with the corporate strategy (including the evaluation of business opportunities), the liquidity planning and its sources, and the capital planning of the Bank. When establishing risk appetite and risk tolerance, all of the material quantifiable and non- quantifiable risks, contingent risks, off-balance-sheet risks, and non-contractual risks, are taken into consideration, as well as capital constraints and the financing sources, the Bank's obligations (such as regulatory requirements and limits), and the effect of potential stress events.

-22- The risk appetite and risk tolerance constitute key components in establishing policies and risk limits, and are generally defined such that they serve as an effective limit, on the one hand, and such that deviation from them does not become routine, on the other hand. The utilization of the risk appetite and risk tolerance is measured by summing all of the exposures at the Bank to a specific defined risk and subject to routine monitoring of the limits.

Stress Tests

The Bank applies stress scenarios to the material risks: credit, market, liquidity, and operational risks, in all of the business lines of the Bank. This assessment process is performed through a thorough review of the nature and composition of the Bank's activities, combined with a review of the external environment in which the Bank operates, with the aim of evaluating the extent of its effect on the Bank's present and future financial condition. The identification of the appropriate risk factors is a critical component in ensuring the adequacy of the stress-test process as a whole. Therefore, a clear and identified set of risk factors that may be affected by the scenario defined is specified for each stress test.

The application of stress scenarios is part of the corporate governance and risk-management policy of the Bank.

The results of stress scenarios are taken into consideration in making substantial strategic decisions; the limits on stress-test results and scenarios are commensurate with the risk appetite established by the Bank. Stress tests are applied at different levels of severity and probability of occurrence, also based on historical scenarios and exceptional but plausible scenarios, distributed over a full economic cycle. Some of the stress scenarios are integrative, allowing individual analysis of risk factors and of movements in specific markets.

The Board of Directors and management are involved in setting targets for stress tests, establishing scenarios, discussing the results of stress tests, assessing possible actions, and making decisions. Management shall oversee the process of developing and operating stress tests.

-23- Top and emerging significant Risks

As noted, the Bank's business activity involves risks: credit risks, market risks, liquidity risks, operational risks (including IT, cyber, and information-security risks; legal risks; and compliance risks), as well as goodwill risks, and strategic risks. In accordance with the Bank's risk-management policy, as noted, all of the risks to which the Bank is exposed are monitored closely, as detailed in this document. In addition, the Bank closely monitors developments in the markets, in macro-economic data, and in regulation and legislation that apply to or may affect the Bank, and which, together with its corporate strategy and existing activity mix, may expose the Bank to significant risks.

Material individual risks that constitute top and emerging risks, which the Bank has identified and prepared to monitor and manage, are detailed below.

 On July 30, 2017, the Bank received a letter from the shareholders who hold the controlling interest in the Bank regarding their intention to act to sell their holdings in the Bank. For additional details, see the immediate report dated July 30, 2017 (reference no: 2017-01-078216), included by reference. Further to the letters of the controlling shareholders of the Bank of July 30, 2017 and July 31, 2017, on November 27, 2017, the Bank received notification sent on behalf of the shareholders who hold the controlling interest of the Bank that the controlling shareholders of the Bank had entered into an agreement, on that day, with Bank Mizrahi Tefahot, in which they undertook a commitment to agree to a full exchange acquisition offer to acquire the shares of the Bank, to be published by Bank Mizrahi Tefahot to all of the shareholders of the Bank, subject to suspending conditions established for the publication and completion of the acquisition offer, including regulatory approvals. If it is not possible to complete the transaction based on the trajectory of the Acquisition Offer, and the transaction is executed by means of a statutory merger, with the Bank as the "Target Company" and Mizrahi Bank as the "absorbing company", subject to the approval of the authorized organs of the Bank and Mizrahi Bank. Simultaneously with the shareholders holding the controlling interest in the Bank's announcement regarding their engagement with Mizrahi Bank as described above, on November 27, 2017, a letter was sent to Mizrahi Bank with the signature of Shlomo and Haya Eliyahu, Shlomo Eliyahu Holdings Ltd., and Eliyahu 1959 Ltd. (hereinafter: "Eliyahu Group"), whose principals are the commitment of the Eliyahu Group to instruct the Trustee on its behalf to accept a purchase offer issued by Mizrahi Bank or if the transaction is carried out through a statutory merger, with the Bank being the "Target company" and Mizrahi Bank being the "absorbing company", as defined in these terms in the Companies Law, 1999 (hereinafter: "the alternative transaction"). Inasmuch as the Alternative Transaction is subject to approval by the general -24- assembly of the Bank, the Eliyahu Group undertakes a commitment to support and to exercise its voting power in the general assembly of the Bank to support the aforesaid merger transaction, and it hereby instructs the Trustees accordingly, as required, except if such voting is prohibited by the directive of a regulatory agency (it was clarified that the Eliyahu Group is currently not permitted to participate in the general assemblies of the Bank or to make any use of the voting rights or other rights conferred by its holdings). For additional details, see the immediate report dated November 28, 2017 (reference no. 2017-01-110619), included by reference.

On May 30, 2018, the Bank received a decision of the Acting Supervisor of Competition, in which he gave notice of his objection to the approval of a merger between the Bank and Bank Mizrahi. The notification further states that this decision is subject to appeal before the Competition Tribunal, pursuant to the provisions of the Economic Competition Law, 1988. On June 25, 2018, the Bank received notification on behalf of the shareholders who hold the controlling core of the Bank, concerning advanced negotiations for the extension of the period of the agreement with Bank Mizrahi, and for the filing of an appeal of the decision of the Acting Supervisor of Competition. For further details, see the Immediate Report dated June 25, 2018 (reference no. 2018-01-055647) included by reference. On August 5, 2018, the Bank received notification on behalf of the shareholders who hold the controlling core of the Bank pursuant to which the shareholders who hold the controlling core of the Bank had contracted with Bank Mizrahi in an addendum to the agreement signed by them on November 27, 2017, which includes amendments to the aforesaid original agreement and provisions applicable to the parties to the original agreement with respect to the filing of an appeal of the decision of the Acting Supervisor of Competition. The parties has extended the deadline for the fulfillment of the conditions for publication of the acquisition offer according to the agreement, so that it expires 12 months after signing the addition to the agreement (hereinafter: the "Extended Deadline"). If the decision is rejected or if a ruling is not given in the appeal until the extended date for any reason, the agreement will be canceled (unless the parties have agreed in writing to postpone any of the dates).

On August 6, 2018, the Board of Directors of the Bank passed a resolution pursuant to which, as it believes that the strategic alternative of merging the Bank with another bank is consistent with the best interests of the Bank, and in view of the implications of the decision of the Acting Supervisor of Competition for future possibilities of merging the Bank, the Bank would join the appeal by the controlling shareholders and Bank Mizrahi of the decision of the Acting Supervisor of Competition to deny the request to merge the Bank with Bank Mizrahi, in order to preserve the future possibilities to merge the Bank, and without taking any position with regard to the terms of the contractual engagement between the controlling shareholders of the Bank and Bank Mizrahi; subsequently, the

-25- Bank joined the appeal of the decision of the Acting Supervisor of Competition, which was filed in September 2018. On July 8, 2019, the Bank received notification sent on behalf of the shareholders holding the controlling interest in the Bank according to which the shareholders holding the controlling interest in the Bank and Bank Mizrahi had contracted, on July 8, 2019, in a second addendum to the agreement they signed on November 27, 2017. Within the addendum, it was agreed that the deadline for fulfillment of the preliminary conditions for publication of the acquisition offer would be extended to November 30, 2019 (hereinafter: the “Extended Deadline”); however, if by that date a verdict had not been handed down on the appeal proceeding, each of the parties would be entitled to notify the other of deferral of the Extended Deadline to December 31, 2019. On November 25, 2019, the Bank received a copy, sent on behalf of the shareholders holding the controlling interest in the Bank, of a notification which they sent to Bank Mizrahi regarding the extension of the agreement signed by them with Bank Mizrahi on November 27, 2017, until December 31, 2019, in accordance with their right under the second addendum to the aforesaid agreement.

On November 28, 2019, the Bank received a ruling of the Competition Tribunal pursuant to which the Competition Tribunal accepted the appeals filed by the controlling shareholders of the Bank, the Bank, and Bank Mizrahi regarding the decision of the Acting Supervisor of Competition to object to the merger of the Bank and Bank Mizrahi. In the ruling, the Tribunal ordered the Supervisor of Competition to examine whether the concern over competition in the diamond industry following the merger could be dispelled. On January 8, 2020, the Supervisor of Competition issued her decision regarding the terms that could dispel concerns over damage to competition due to the aforesaid merger. The main one is selling the credit activity in the area of diamonds on all its aspects to a third party with appropriate qualifications and resources that is currently inactive in the industry and whose identity is approved by the Supervisor, prior the merger completion. On December 30, 2019, notification was received at the Bank, sent on behalf of the shareholders holding the controlling interest of the Bank, pursuant to which on December 30, 2019, the controlling shareholders of the Bank and Bank Mizrahi had contracted in a third addendum to the agreement between them, in which the parties agreed to extend the extended deadline until January 26, 2020.

On January 27, 2020, notification was received at the Bank, in which the controlling shareholders of the Bank and Bank Mizrahi contracted in a fourth addendum to the agreement between them. According to this addendum, inter alia, the deadline for fulfillment of the preliminary conditions for publication of the acquisition offer, will be extended until May 31, 2020, and Bank Mizrahi will submit an appeal to the Competition Tribunal, on its own behalf, of the ruling of the Supervisor of

-26- Competition of January 8, 2020, and the controlling shareholders will join the appeal. Further to the decision of the board of directors of the Bank to join the mentioned above appeal, the Bank will also be added to the additional appeal of the ruling of the Commissioner, if submitted, for the same reasons for which it joined the previous appeal, without taking any stance with regard to the terms of the contractual engagement between the controlling shareholders of the Bank and Bank Mizrahi

For further details, see the Immediate Report dated August 5, 2018 (reference no. 2018-01-073461), Immediate Report dated August 6, 2018 (reference no. 2018-01-073914), Immediate Report dated July 9, 2019 (reference no. 2019-01-058989), Immediate Report dated November 25, 2019 (reference no. 2019-01-101826), Immediate Report dated November 28, 2019 (reference no. 2019- 01-103896), Immediate Report dated December 30, 2019 (reference no. 2019-01-115971), Immediate Report dated January 8, 2020 (reference no. 2020-01-003852), and Immediate Report dated January 27, 2020 (reference no. 2020-01-010485), included by reference, and also see Note 32 “Events during the reporting period and after the balance sheet date” to the financial statements of the bank as a December 31, 2019.

Also see Immediate Report dated October 30, 2019 (reference 2019-01-092055), regarding the extension of the period for the sale of the instruments of control of Shlomo and Haya Eliyahu in the Bank (see also "Control of the Bank" chapter in the annual financial statement and in this report). In addition, the controlling shareholders reached agreements with Mr. Shlomo Eliyahu regarding the extension of the arrangements between them and the companies under its control, which the controlling shareholders announced on November 27, 2017, and received his consent to join the sale of his shares pursuant to the provisions of the agreement.

For further details regarding the engagement between the controlling shareholders of the Bank and Mizrahi Bank and regarding the Eliyahu Group's commitment in respect of the Trustees on its behalf's response to the obligation to an acquisition offer, as stated above, if it publishes, see Note 32.A to the Financial Statements as at 2019 as well as "Investments in Bank Capital and Transactions in its Shares" chapter to the Financial Statements as at September 30, 2019.

 There is a labor dispute with the workers' committees at the Bank in the context of the intention of the controlling shareholders to sell their holdings of the Bank. In the first half of 2019, the authorized signatories at the Bank filed a motion with the Regional Labor Tribunal of Tel Aviv to obligate the Bank to pay a profit bonus in the amount of two monthly salaries in respect of 2017 to managers and authorized signatories at the Bank, in accordance with the bonus paid to the employees of Bank Leumi. In addition, the executive committee began with partial sanctions in view of their demand for wage increscent according to the salary agreement signed in Leumi. On January 13, the parties -27- had reached an understanding outside of the court. Accordingly, the executive committee redrew its prosecution and the sanctions had stopped. Regarding the employee relations with the different committees, an industrial quiet was set, until the end of the first quarter of 2020.

Due to the open disputes and the continuation of the uncertainty state, in parallel with the efficiency steps taken, the risk of exacerbation of the measures taken by the employees continues.

 The Bank's activity relies largely on information and computer systems adapted to its needs. Cross- organizational processes, with a significant impact on the Bank's conduct, characterize information technology activity, inter alia. In addition, the Bank has a significant long-term contractual relationship with Bank Leumi Ltd to receive main computer and operational services, which exposes the bank to outsourcing risks. The current computing and operating agreement was signed for a period of ten years, which ended on December 31, 2016. From that date, a three years period had begun, which defined as the "project of ending the contractual engagement". The Bank is dependent upon Leumi, as there is no immediately available alternative to the systems that it provides, and damage to these systems may therefore cause material exposure or damage to the Bank. As the end date of the contractual engagement with Leumi approached, the Bank began to examine the options available to it. Within this process, the Bank contacted various suppliers in order to receive proposals for IT and operational services, and examined, starting from the end of 2016 and up to the first quarter of 2018, their initial proposals, with the assistance of external consulting services, under the supervision of a dedicated Directors Committee (Committee for Information Technology and Technological Innovation). However, following the controlling shareholders' notification regarding their contractual engagement with Bank Mizrahi, the process has been delayed due to the uncertainty concerning the future of the Bank as an independent bank. In light of the above, on March 29, 2018 the Board of Directors of the Bank approved the proposal of Bank Leumi, received at the Bank on that date. The main points of which, are that in view of the transaction of the controlling shareholders, Bank Leumi would agree, to postpone the end of the separation period for a period of up to eighteen additional months.

-28- the process on the examination and improvement of the proposal of Tech Mahindra, and to promote talks with it with regard to its proposal, while clarifying that the contractual engagement would not be executed or could be discontinued if the Bank does not remain an independent bank, and with no action of any kind that creates an obligation or liability of the Bank to Tech Mahindra to be performed without the specific advance approval of the board of directors of the Bank.

In light of the verdict of the Competition Tribunal of November 28, 2019, which accepted the appeals filed by the controlling shareholders of the Bank, the Bank, and Bank Mizrahi of the ruling of the Acting Supervisor of Competition objecting to the merger of the Bank and Bank Mizrahi, and the consequent increased feasibility of the merger of the Bank, on the one hand, and in view of the uncertainty concerning the fulfillment of the conditions established by the Supervisor of Competition for the merger of the banks and the completion of the acquisition offer proceedings by Bank Mizrahi, on the other hand, the Bank has suspended the advancement of the negotiations that had commenced with Tech Mahindra, and has not yet reached a decision regarding its further actions with regard to this matter.

Accordingly, the foregoing and the conclusions thereof constitute forward-looking information, as defined in the Securities Law, 1968, which may conclude without a contractual engagement between the Bank and Tech Mahindra, or may materialize differently than expected, and there is no certainty that it will occur in practice.

Given the inputs required in order to execute the project of replacing the IT systems, if the Bank remains an independent bank and if the project is executed, and the expenses and investments that will be required of the Bank simultaneously, both to carry out the project of replacing the IT systems and to continue receiving services from Bank Leumi, in the event of execution of the aforesaid IT project a significant increase is expected in the Bank’s IT expenses, for a limited period (which includes the period of the project of replacing the systems as well as the first years of activity of the

-29- system after the replacement, due to accelerated charging of amortization expenses in respect of the new system) and, accordingly, significant damage to the profitability of the Bank is also expected, which the Bank cannot estimate at this stage. There will also be an impact on the extent of the Bank's exposure to various risks, first and foremost to information-technology risk and strategic risk. In the alternative of continued receipt of services from Bank Leumi for the long term, there may also be a significant increase in the IT expenses of the Bank, which may affect the profitability of the Bank in a manner that the Bank is unable to estimate at this stage.

 In view of the foregoing and of the uncertainty within which the Bank is operating, the level of certainty with regard to the realization of the Bank's strategic plan has decreased, and, accordingly, strategic risk increased during 2018. Accordingly, the work plan of the Bank has been adapted to the strategic plan and to the current period of uncertainty, including deferral of long-term, resource-intensive tasks until the situation is clearer. In light of the verdict of the Competition Tribunal of November 28, 2019, which accepted the appeals filed by the controlling shareholders of the Bank, the Bank, and Bank Mizrahi, strategic risk may decrease. If there is no merger, there is a potential for strategic risk to increase. As part of the Bank's efforts to reduce risks, on November 29, 2018, the Board of Directors of the Bank approved principles for an action plan to improve efficiency. The goals of the plan, inter alia, includes increasing the capital ratios of the Bank, such that during 2019 the Tier 1 common equity ratio of the Bank stands at 10.3% or more, while maintaining the stability of profitability and return. On December 31, 2018, the Board of Directors of the Bank approved a voluntary-retirement plan for approximately 70 employees, 40 in 2019 and the rest in 2020 (in practice, 53 employees retired in 2019). This retirement plan is expected to have a positive effect on the profitability of the Bank in the coming years. The approval of the Supervisor of Banks for a relief permitting the Bank to spread the effect of the costs of the Plan, for the purpose of calculating capital adequacy, over five years, was received on January 17, 2019. In additions, the Board of Directors of the Bank has decided on an increase in total liquidity ratio (LCR) of 10 percentage points, for appetite and endurance of 115% and 120%, respectively. For further details regarding the efficiency program see "Significant developments and changes in the Bank" chapter at the Financial Statements for 2019, as well as Note 32.D to the Financial Statements. The management and Board of Directors of the Bank are implementing processes aimed at coping with the strategic risk, through close monitoring and supervision of the development of the risk, including through a dedicated Board of Directors' committee to monitoring the development of the risks during this period, and the implementation of mitigation measures. The Bank will continue to monitor and examine the actions necessary in view of the situation.

-30-

 The technological developments and innovation affect the ways in which banks conduct their business, and the ways in which they communicate with customers, suppliers, and partners. The rapid pace of changes, the innovation, the connectivity of older information systems of the banking corporation with modern and open IT infrastructures, as well as the growing dependence on IT services supplied by third parties, create fertile ground for the emergence of vulnerabilities in the defense systems of the banking corporation. At the same time, the intensity of cyber threats and information-security threats is rising, in terms of scope, causes of the threat, sophistication, and availability of means of attack. This is the most substantial non-financial risk to which banks are exposed. A cyber-attack on the Bank’s IT systems and sites may cause damage to the ability to continue to provide service, cause a delay in the provision of service, cause theft of customers' data as well as potential damage to such data, damage the Bank's reputation and in public confidence in its ability to properly manage the client assets, and create legal exposures. Cyber threats are characterized, among other matters, by continual development, sophistication and complexity of the attacks on IT systems, intensification of potential damage, and difficulty in identifying such attacks and the perpetrators of the attacks. The number and intensity of attempted attacks of various types have increased in recent years, including cyber-attacks on information systems of business organizations, financial organizations, and others, aimed at obtaining unauthorized access to computerized systems in order to make illegal use of assets or of sensitive information, damage information, disrupt activity, and more. Therefore, The Bank is required to accord special emphasis and take the necessary measures to effectively manage the cyber defense and information security (hereinafter: “cyber defense”), while adapting to the dynamic nature of this field. Furthermore, the outsourcing of core systems to Leumi also exposes the Bank to cyber risks at Leumi, and to unique cyber defense challenges, in the routine deployments and in the creation of appropriate work interfaces.

 On December 31, 2018, the Board of Directors approved reorganization of the units in the area of information security and logistics, redirecting the activity of the lines of defense to the relevant units of the Bank in order to reinforce corporate governance and attain synergetic efficiencies. These recommendations were discussed with a cyber strategy consultant for leading Israeli and global companies. Accordingly, during the first quarter of 2019, cyber activity in the first line of defense was placed under the information-security units, in order to take advantage of the knowledge and familiarity of the information-security units with these matters and improve synergy among the units, while second-line defense systems were strengthened.

-31-  Within the behavior risk management processes (conduct risk), the Bank conducts its affairs while maintaining the law requirements and the fairness values, inter alia, within its daily conduct with its customers including while examining the adaption of the offers given to them to their needs and assisting in making intelligent decisions as borrowers and promoting their interests within this process

 Within its routine treatment of compliance risks, the Bank applies measures to minimize cross- order risks and risks arising from the FATCA and the CRS, legislation in its activity with customers with foreign tax residencies, including risks arising from failure to comply with Israeli tax laws.

 In light of the notification of the shareholders holding the controlling interest of the Bank regarding their intention to act to sell their holdings in the Bank, and in light of the ruling of the Competition Tribunal, as noted above, the ability to plan for the long term has been impaired due to the uncertainty characteristic of this period. As the ICAAP is based, among other matters, on long-term planning, the process has been delayed, with capital planning performed for the coming year only. Note that the Bank performs a quarterly process to assess its capital adequacy against the full range of risks, in the course of running a holistic stress scenario.

 Within the Bank's strategic plan, long-term strategic objectives were set for the improvement of profitability and return, including the improvement of operating efficiency, along with a decrease in borrower concentration and redirection of risk assets from corporate credit to credit for retail customers. Retail banking has been defined as the key growth driver for the coming years, including credit granting to customers of all banks, which is handled by the dedicated Loan Center established for that purpose. In addition, recent regulatory initiatives in this area may affect the extent of implementation of the Bank's corporate strategy. In specific, the improved capabilities arising from the use of the credit database, which allows every entity to receive integrative information regarding to each customer in the banking system, and from Open API, which enables service providers to connect to the Bank’s systems and retrieve up-to-date information regarding the customer in real time, are expected to increase competition over retail customers, including with non-bank competitors. Note that Open API also increases the potential exposure to cyber risks, as noted above. In addition, the continued low interest-rate environment affects the ability to improve profitability and return in the short term.

-32-  The spread of the coronavirus in the world and its arriving to Israel has evoked worry and uncertainty. In the immediate term, stock markets in China and leading indices worldwide have dropped, and there are concerns over cooling of global economic activity. The Bank is monitoring the impact of the spread of the virus on the various risks relevant to the activity of the Bank, and preparing to act in accordance with the developments.

Part of the information presented in the report of the Board of Directors, which does not relate to historical facts, constitutes forward-looking information as defined in the Securities Law. The actual results of the Bank may be significantly different from those that were included in the forward-looking information, as a result of many factors. These factors include, but are not limited to, changes in legislation and the directives of supervisory agencies, macro-economic developments and the consequent uncertainty, extraordinary economic events, such as drastic changes in interest, exchange, and inflation rates, the behavior of competitors and more. In addition, see the section "Developments and Significant Changes in the Bank" in the Directors' and Management's Report.

-33- Review of Weighted Risk Assets (OV1)

The table below provides an overview of total weighted risk assets (RWA) that create the denominator of risk-based capital requirements. Additional details of weighted risk assets are presented in the next section - "Composition of capital".

Table 2: Review of Weighted Risk Assets (OV1)

A B C Micro capital Weighted risk assets requirements 1 31.12.2019 30.9.2019 31.12.2019 NIS Millions 1 Credit risk (not including counterparty credit risk) (CCR) (standard approach) 2, 3 21,666 21,981 2,793 6 Counterparty credit risk (standard approach) 129 127 17 10 Credit Risk Adjustment (CVA) 93 82 12 20 Market risk 544 507 70 24 Operational risk 2,014 2,022 260 25 Amounts below deduction thresholds (subject to risk weight of 250%) 741 749 96 27 Total 25,187 25,468 3,248

A B C Micro capital Weighted risk assets requirements 31.12.2018 30.9.2018 31.12.2018 1 NIS Millions 1 Credit risk (not including counterparty credit risk) (CCR) (standard approach) 2 21,214 22,640 2,732 6 Counterparty credit risk (standard approach) 186 164 24 10 Credit Risk Adjustment (CVA) 75 114 10 20 Market risk 458 540 59 24 Operational risk 1,991 1,967 256 25 Amounts below deduction thresholds (subject to risk weight of 250%) 712 688 92 27 Total 24,636 26,113 3,173

See comments below.

-34- Comments:

1. Capital requirements According to the minimum total capital ratio required, with the addition of a capital requirement at the rate that present 1% of the balance of housing loans at the reporting date to a total of 12.89% (in 2018 - 12.88%). 2. Credit risk does not include counterparty credit risk, credit risk adjustment, settlement risk, securitization exposures and amounts below the deduction thresholds. 3. On March 27, 2019, the Bank purchased an insurance policy in respect of credit exposures to guarantees issued or to be issued by the Bank, in accordance with the Sale Law (Residences) (Securing the Investments of Buyers of Residences), 1974, and the commitments to issue such guarantees and execution guarantees, all in connection with projects with respect to which project financing agreements are signed and/or to be signed with the Bank from time to time (hereinafter, jointly: the “Guarantees”). The insurance is performed through a wholly owned subsidiary of the Bank (CAPTIVE) established overseas, and purchased from international reinsurers with high international ratings, to insure the Bank against an instance in which payment is required of the Bank due to forfeiture of the Guarantees, all in accordance with the terms of the policy. The insurance is in effect as at March 31, 2019. The purchase of the insurance is primarily intended to reduce the locked-in capital in respect of credit risk arising from the issuance of the Guarantees, using the policy as a “credit risk mitigator,” in accordance with the terms set forth in the directives of the Banking Supervision Department. As at December 31, 2019, the insured part of the Guarantees was in the amount of approximately NIS 1.8 billion. The purchase of the insurance led to an increase of approximately 0.2 % in the Tier 1 capital adequacy ratio of the Bank. 4. For details regarding the relationships between the financial statements and the supervisory exposures, see Appendix A to this report.

-35- Table 3: Movement in risk assets

Disclosure According to EDTF

The following table displays changes that occurred in the Bank's risk-weighted assets during the reported period according to types of risk.

Credit Counter Market Operational Total Risk Party Risk Risk Risk NIS millions December 31, 2019 Balance as at December 31, 2018 21,926 261 458 1,991 24,636 Change in the volume of the portfolio/gross income (1) 931 (40) 86 23 1,000 Change as a result of change in the portfolio's quality (2) (36) - - - (36) Methodology change (3) - - - - - Other(4) (413) - - - (413)

Balance as at December 31, 2019 22,408 221 544 2,014 25,187

December 31, 2018 Balance as at December 31, 2017 23,437 181 571 1,873 26,062 Change in the volume of the portfolio/gross income (1) (747) 80 (113) 118 (662) Change as a result of change in the portfolio's quality (2) (23) - - - (23) Methodology change (3) - - - - - Other (741) - - - (741)

Balance as at December 31, 2018 21,926 261 458 1,991 24,636

See comments below.

-36- Comments:

(1) The change in "portfolio volume" is aimed at reflecting an increase in exposure resulting from an increase in the volume of activity. This also includes the effects of exchange rates, if any, and the CVA component. The change in "gross revenue" reflects a change in the average revenue, pursuant to Appendix B to Directive 206, in the last twelve quarters. The main change in the volume of the portfolio between December 2018 and December 2019 mainly stems from an increase in exposure to private customers, of which, approximately NIS 390 million in consumer credit and approximately NIS 350 million in housing loans. (2) The change in "portfolio quality" includes an increase/decrease in the population of debts in default and/or in assets, whose ratings have been downgraded, necessitating higher capital requirements. (3) "Changes in methodology" refer to changes due to new regulatory directives concerning capital allocation and/or other changes; such as credit-risk mitigation methods or offsets not previously applied that constitute changes in policy, if any. (4) Derived from insurance for credit exposures to the guarantees issued by the Bank in accordance with the Sales Law (Dwellings) (Guarantee of Investors' Investments), 1974, and commitments for issuing such guarantees and performance guarantees as stated on the previous page. (5) On August 3 2018, credit rating agency S&P upgraded Israel’s long-term credit outlook from +A to AA- (the highest rating Israel has ever received). As a result of the change, the risk weight of Israel's exposures in foreign currency has changed from 20% to 0%, and Israeli banks and public sector entities in Israel have changed from 50% to 20%.The implication of the rating update is a reduction in the capital requirements for exposures by the State of Israel, Israeli banks and public sector entities in Israel, at a rate of 0.14% in terms of capital adequacy ratio. (6) On November 13 2018, the Banking Supervision Department published a directive to amend Proper Conduct of Banking Business 203 and 313, which updated the conversion coefficient rate for the loan in respect of guarantees securing investments by apartment buyers under the Sales Law. Pursuant to the circular, if the apartment has not yet been delivered to the buyer, the loan conversion coefficient was reduced from 50% to 30%. The effect of this change is 0.09% in terms of the capital ratio.

-37- Composition of Capital

Disclosure According to Pillar 3

Composition of Supervisory capital (CC1)

Capital measurement is based on a division of the capital into Tier 1 capital (common equity Tier 1 capital and additional Tier 1 capital) and Tier 2 capital. As of the reporting date, there is no additional Tier 1 capital. Common equity Tier 1 capital includes the components of capital attributed to the shareholders of the Bank, with the deduction of supervisory adjustments, as required in the directives of the Supervisor of Banks. The principal supervisory adjustments and deductions from common equity Tier 1 capital are net deferred tax assets in respect of timing differences, and unrealized profits and losses arising from changes in the fair value of liabilities due to changes in the banking corporation's own credit risk (DVA – debt value adjustment). (Own credit risk – when the Bank has a liability to a counterparty in financial derivative transactions, in accordance with the American accounting standard FAS 157, the probability of insolvency of the Bank must be taken into consideration in calculating the fair value of the derivative instrument. As a result of this adjustment, the liability to the counterparty decreases, in the amount of the adjustment of the risk). Tier 2 capital includes a collective allowance for credit losses, capital instruments, and subordinated notes with a mechanism for the absorption of losses through a write-off of the principal. The amount of subordinated notes that fulfill the qualifying conditions of Basel 3 and are recognized as Tier 2 capital by the Supervisor of Banks, stands at approximately NIS 520 million (The amount of subordinated notes that do not fulfill the qualifying conditions of Basel 3 and are recognized by the Supervisor of Banks as Tier 2 capital stands at approximately NIS 23 million). According to Midroog, the rating of the subordinated notes with a contractual loss absorption mechanism is A3.il (hyd). According to Midroog, the rating of the subordinated notes with the loss absorbing mechanism is A3.il (hyd). In addition, Tier 2 capital includes capital instruments and subordinated notes that do not qualify for inclusion in supervisory capital, pursuant to the directives of Basel 3, are subtracted gradually until January 1, 2022. According to the transitional directives. The main characteristics of the subordinated notes are: a term to maturity of no less than five years; issued without collateral; rights under the instruments are subordinated to the claims of other creditors of the Bank excluding creditors who hold Tier 1 capital and Tier 2 capital instruments, of the amount thereof recognized as Tier 2 capital, as noted, 20% shall be deducted at the beginning of each year of the last five years before their maturity date (in the event of a subordinated note settled in installments, such a deduction should be made from each installment). According to Midroog, the rating of the subordinated notes with the loss absorbing mechanism is A3.il (hyd).

-38- As at the reporting date, the capital instruments and the subordinated notes, which no longer qualify as supervisory capital, are recognized up to a ceiling of 30% of the balance of supervisory capital on December 31, 2013.

Proper Conduct of Banking Business Directive 202 sets limits on the structure of capital:  Tier 2 capital shall not exceed 100% of Tier 1 capital, after the required deductions from this capital.  Capital instruments that qualify for inclusion in Tier 2 capital shall not exceed 50% of Tier 1 capital, after the required deductions from this capital. This limit does not include capital instruments included in Upper Tier 2 capital prior to the inception of this directive, in the amount of the balance of such instruments as at December 31, 2013, and in accordance with the transitional directives established in Proper Conduct of Banking Business Directive 299 (Supervisory Capital – Transitional Directives).

The description of the main characteristics of supervisory capital instruments issued presented on the /https://www.unionbank.co.il/Igudכללי/בנק-אגוד-גילויים-רבעוניים :Bank's website at

The Bank's total overall capital amounted to NIS 3,513 million on December 31, 2019 compared to NIS 3,551 million at the end of 2018. The decrease is mainly due to a decrease in subordinary notes (NIS 123 million), from dividends (NIS 100 million), from a decrease in Employee benefits comprehensive income (NIS 67 million), from reducing the capital benefit for the efficiency plan (NIS 36 million) and a decrease in the regulatory adjustment (NIS 22 million), which was partially offset by profit for the period (NIS 162 million) and an increase in available for sale securities Capital (NIS 145 million). For further details, see table 5 below.

-39- Table 4 – Supervisory Capital composition for the Calculation of the Capital Ratio (CC1) Disclosure According to Pillar 3

As at December 31, 2019 1 As at December 31, 2018 1 Amounts not Amounts not deducted from deducted from capital which are capital which are subject to the subject to the required required treatment treatment prior prior to the Reference to the adoption adoption of To the of Directive 202, Directive 202, supervisory in accordance in accordance with balance Balance with Basel 3 Balance Basel 3 sheet NIS millions

Common Equity Tier 1 Capital: Instruments and Retained Earnings

1. Ordinary share capital issued by the banking corporation and premium on ordinary shares included in common equity Tier 1 capital 952 - 952 - A

2. Retained earnings, including dividends proposed or declared after the balance sheet date 1,635 - 1,566 - B

3. Cumulative other comprehensive income and disclosed retained earnings 51 - )20( - C

6. Common equity Tier 1 capital before supervisory adjustments and deductions 2,638 - 2,498 -

Common Equity Tier 1 Capital: Supervisory adjustments and deductions

10. Deferred tax assets, realization of which depends on future profitability of the banking corporation, excluding deferred tax assets arising from timing differences - - )3( -

14. Unrealized profits and losses resulting from changes in the fair value of liabilities due to changes in the own credit risk of the banking corporation. In addition, in connection with liabilities in respect of derivative instruments, debt valuation adjustment arising from changes in the own credit risk of the bank shall be deducted (7) - (1) - D

-40- Table 4 – Supervisory Capital composition for the Calculation of the Capital Ratio (CC1) (Cont'd) Disclosure According to Pillar 3

18. Investments in capital of financial corporations not consolidated in the banking corporation's reports to the public, where the banking corporation's holding does not exceed 10% of the ordinary share capital issued by the financial corporation (in an amount greater than 10% of common equity Tier 1 capital) - - - - E

19. Investments in capital of financial corporations not consolidated in the banking corporation's reports to the public, where the banking corporation's holding exceeds 10% of the ordinary share capital issued by the financial corporation - - - - F

21. Deferred tax assets arising from timing differences in amounts exceeding 10% of common equity Tier 1 capital (31) - (12) - G

26. Supervisory adjustments and other deductions determined by the supervisory of bank's 103 - 1391 -

28. Total supervisory adjustments and deductions in common equity Tier 1 capital 65 - 123 -

29. Common equity Tier 1 capital 2,703 - 2,621 -

-41- Table 4 – Supervisory Capital composition for the Calculation of the Capital Ratio (CC1) (Cont'd) Disclosure According to Pillar 3

Additional Tier 1 Capital: Instruments

36. Additional Tier 1 capital before deductions - - - - -

Additional Tier 1 Capital: Deductions

43. Total deductions from additional Tier 1 capital - - - -

44. Additional Tier 1 capital - - - -

45. Tier 1 capital 2,703 - 2,621 -

Tier 2 Capital: Instruments and Provisions

46. Instruments issued by the banking corporation (not included in Tier 1 capital) and premium on such instruments - - - -

47. Tier 2 capital instruments issued by the corporation, which are eligible for inclusion in supervisory capital during the transitional period 2 - 9 -

48. Tier 2 capital instruments issued by subsidiaries of the banking corporation to third-party investors 541 - 657 - H

49. Of which: Tier 2 capital instruments issued by subsidiaries of the banking corporation and held by third-party investors, which are gradually deducted from Tier 2 capital 21 - 139 - I

-42- Table 4 – Supervisory Capital composition for the Calculation of the Capital Ratio (CC1) (Cont'd) Disclosure According to Pillar 3

50. Collective allowances for credit losses before the effect of related tax 267 - 264 -

51. Tier 2 capital before deductions 810 - 930 -

Tier 2 Capital: Deductions

57. Total supervisory adjustments to Tier 2 capital - - - -

58. Tier 2 capital 810 - 930 -

59. Total capital 3,513 - 3,551 -

60. Total risk-weighted assets 25,187 - 24,636 -

Capital Ratio and equity preserve cushions (at percentage)

61. Common equity Tier 1 capital (as a percentage of the risk-weighted assets) 10.73% - 10.64% -

62. Tier 1 capital (as a percentage of risk- weighted assets) 10.73% - 10.64% -

63. Total capital (as a percentage of risk- weighted assets) 13.95% - 14.41% -

-43- Table 4 – Supervisory Capital composition for the Calculation of the Capital Ratio (CC1) (Cont'd) Disclosure According to Pillar 3

As at December 31, 2019 1 at December 31, 2018 1 Amounts not deducted from Amounts not capital which deducted from are subject to capital which are the required subject to the treatment prior required to the adoption treatment prior to Reference of Directive the adoption of To the 202, Directive 202, supervisor in accordance in accordance y balance Balance with Basel 3 Balance with Basel 3 sheet NIS millions

Minimum requirement determined by the supervisor of bank's

69. Minimum common equity Tier 1 capital ratio (2) established by the Supervisor of banks 9.39% - 9.38% -

70. Minimum Tier 1 capital ratio established by the Supervisor of banks (2) 9.39% - 9.38% -

71. Minimum total capital ratio established by the Supervisor of banks (2) 12.89% - 12.88% -

Amount Below the Deduction Threshold (Before Risk Weighting)

72. Investments in the capital of financial corporation's (excluding banking corporations and their subsidiaries ) which do not exceed 10% of the ordinary share capital issued by the financial corporation and which are below the deduction threshold 120 - 141 -

73. Investments in the common equity Tier 1 capital of financial corporations (excluding corporations and their subsidiaries) which exceed 10% of the ordinary share capital issued by the financial corporation and which are below the deduction threshold - - -

75. Deferred tax assets arising from timing differences, below the deduction threshold 296 - 285 -

-44- Table 4 – Supervisory Capital composition for the Calculation of the Capital Ratio (CC1) (Cont'd) Disclosure According to Pillar 3

Ceiling for Inclusion of Provisions in Tier 2

76. Provision eligible for inclusion in Tier 2, with reference to exposures under the standardized approach, before application of the ceiling 267 - 264 -

77. Ceiling for inclusion of provision in Tier 2 under the standardized approach 283 - 277 -

Equity instruments that are ineligible as common equity which are subject to transitional directives

84. Current ceiling amount for instruments included in Tier 2 capital subject to the transitional directives 452 - 603 -

85. Amount deducted from Tier 2 capital due to the ceiling - - - -

1. These figures include adjustments in respect of the efficiency plan set forth in the letter of the Supervisor of Banks from January 12, 2016 on "Operational Streamlining of the Banking System in Israel" (hereinafter: Adjustments in respect of the Efficiency Plan"), which were approved by the Supervisor of Banks. For further details, see the Capital Adequacy chapter. 2. Tier 1 capital requirements at 9% and total capital ratio of 12.5% plus capital requirement at a rate that expresses 1% of the balance of housing loans as of the reporting date. In light of the above, the Tier 1 minimum equity ratio required and the minimum total capital ratio required are 9.39% and 12.89% at the reporting date, respectively.

For details regarding the relationships between the financial statements and the regulatory capital, see Appendix A to this report. -45- Additional information on capital and capital adequacy that is not included in the disclosure requirements of Pillar 3:

Table 5 – Quarterly Movement Report on the Composition of the Supervisory Capital Disclosure According to EDTF AS at As at December 31, December 31, 2019 2018 NIS millions Common Equity Tier 1 Capital

Balance of common equity Tier 1 capital for the end of the previous 2,736 2,637 quarterly Profit (loss) for the period 62 (36) Movement in other comprehensive income 13 (35) Of which: available for sale 26 (56) Of which: employee rights 1 (13) 21 Dividend (100) - Adjustments in respect of efficiency plan 2 (8) 71 Supervisory adjustments and additional deductions established by the

Supervisor of Banks - (16) Balance of common equity Tier 1 capital as at December 31 2,703 2,621

Tier 2 Capital

Balance of Tier 2 capital for the end of the previous quarterly 796 1,032 Changes in Tier 2 capital instruments issued to third party investors (5) - Changes in Tier 2 capital instruments issued to third party investors

eligible for inclusion in the supervisory capital in the transitional period (103) - Change as a result of the transitional directives - - Change in collective allowances for credit losses before the effect of the related tax 19 1 Balance of Tier 2 capital as at December 31 810 930 Total supervisory capital 3,513 3,551

See comments below.

-46- Table 5 – Annually Movement Report on the Composition of the Supervisory Capital Disclosure According to EDTF As at As at December December 31, 2019 31, 2018 NIS millions Common Equity Tier 1 Capital

Balance of common equity Tier 1 capital for the end of the previous year 2,621 2,611 Profit (loss) for the period 162 70 Movement in other comprehensive income 78 (100) Of which: available for sale 145 (112) Of which: employee rights 1 (67) 12 Dividend (100) Adjustments in respect of efficiency plan 2 (36) 553 Supervisory adjustments and additional deductions established by the Supervisor of Banks (22) (15) Balance of common equity Tier 1 capital as at December 31 2,703 2,621

Balance of Tier 2 capital for the end of the previous year 930 1,144 Changes in Tier 2 capital instruments issued to third party investors 2 - Changes in Tier 2 capital instruments issued to third party investors eligible for (125) (240) inclusion in the supervisory capital in the transitional period Change as a result of the transitional directives - - Change in collective allowances for credit losses before the effect of the related tax 3 26 Balance of Tier 2 capital as at December 31 810 930 Total supervisory capital 3,513 3,551

(1) A change in the recognized balance for the purpose of capital adequacy - after the effect of the transitional provisions. (2) These data include adjustments in respect of an efficiency plan determined by the letter of the Banking Supervision Department, published on January 12, 2016, on the subject “Improvement of operational efficiency of the banking system in Israel” (hereinafter: “adjustments in respect of an efficiency plan”), which were approved by the Supervisor of Banks. (3) The effect of the plan approved at the end of 2018 amounted to an addition of NIS 76 million.

-47- Capital Adequacy

Disclosure According to EDFT

The capital adequacy of a banking corporation is a key component in the assessment of the stability of the corporation. The capital adequacy is examined through the ratio between the capital base and the weighted amount of risk components in the Bank’s business as defined in the Basel 3 directives. The Basel 3 Directive emphasizes risks management, while linking the risk profile of the Bank and the quality of their management with the required capital allocation, and this is in order to reinforce the resilience of the banking system during times of crisis. The directive establishes a capital-adequacy requirement for the banking system, according to which banking corporations in Israel are required to maintain a minimal common equity Tier 1 capital ratio of 9.0% and a total capital ratio of 12.5%. In addition, the regulation stipulates that banking corporations must increase the Tier 1 capital target and the total capital target at a rate representing 1% of the balance of housing loans, beyond to the capital target the Supervisor of Banks has determined for banking corporations. In this extension, the minimum regulatory capital ratios required as of December 31, 2019 is 9.39% of Tier 1 capital target ratio and 12.89% of the total capital target ratio. The Bank implements the standardized approach in the fields of credit risk and the market risk and the basic indicator approach for operational risks. The directives of Basel 3 are implemented on a consolidated basis, and also, regarding the investee companies to which the Bank provided an indemnification letter according to the Basel directives, there is no obstacle and there is not expected to be an obstacle for the immediate transfer of capital sources or the reimbursement of liabilities of the investee companies by the Bank. Also see "Top and Emerging Risks" section and Note 32 "Events During the Period of the Report and After the Balance Sheet Date" in the financial statements as at December 31, 2019, in the context of the implications of the announcement of the shareholders holding the controlling interest in the Bank from July 30, 2017, regarding their intention to sell their holdings in the Bank and their engagement with Mizrahi Bank, from November 27, 2017, and other events in connection with these announcements.

-48- New Regulatory Directives Concerning Capital Measurement and Capital Adequacy

Allowance for predictable credit losses (CECL)

The letter adopts US GAAP’s ASU 2016-13, Financial Instruments - Credit Losses. The purpose of the new rules is to improve the quality of reporting on a banking corporation’s financial position by early recording the provisions for loan losses so as to reinforce the anti-cyclical behavior of the loan loss provisions in order to support a swifter response by banks to a deterioration in borrowers’ credit quality and enhance the correlation between credit risk management and the manner in which these risks are reflected in the financial statements, based on existing methods and processes. The main highlights of the expected changes are as follows: The loan loss provision will be calculated according to the expected loss over the life of a loan rather than the estimated loss that has been incurred but not yet identified; When estimating loan losses, significant use will be made of forward-looking information which shall reflect reasonable forecasts regarding future economic events; Disclosure of the effect of the loan granting date on the credit quality of the loan portfolio will be expanded; A change will be made in the manner in which impairment of bonds in the available-for-sale portfolio is recorded; The new rules for calculating the loan loss provision will apply to loans, held-to-maturity bonds and certain off-balance sheet credit exposures. In general, the new rules were applied by recording retained earnings on the first-time application date of the cumulative effect of the rules’ application. According to a draft issued by the Banking Supervision Department on January 3, 2019, the directive will apply from January 1, 2022 onwards. A banking corporation will perform a parallel running from January 1, 2021 onwards.

Leases

On July 1, 2018, the Banking Supervision Department published a circular concerning reporting of banking corporations and credit card companies in Israel in the subject of Leases according to US GAAP. The circular adopts the rules of presentation, measurement and disclosure set forth in Section 842 of the Codification of Leases. The main objective of the new rules is to fully reflect, in the financial statements, the level of leverage created by long-term lease contracts. The main changes following the application of these rules are: Banks that lease assets for a period exceeding one year shall recognize them in the balance sheet, even if the lease is classified as an operating lease. An asset shall be recorded in the balance sheet in respect of operating lease transactions reflecting the right to use the leased asset, and conversely, the liability for payment for the lease shall be recorded, transactions in which a banking corporation sells an asset and leases it back in certain circumstances may be considered as accounting sales transactions, subject

-49- to certain conditions specified in the new directives. The Standard will be implemented from January 1, 2020 onwards.

The Bank's estimates that the implementation of the new directives is expected to result in an increase of approximately NIS 119 million in the balance of the rights of use assets and in a corresponding increase of approximately NIS 119 million in the balance of liabilities arising from a lease, at the date of first implementation.

In addition, according to the estimates of the Bank, the implementation of the new directives is expected to lead to a decrease in the common equity Tier 1 capital ratio and in the total capital ratio, by approximately 0.05 and 0.07 percentage points, respectively, as a result of the weighting of risk-adjusted assets in respect of usage right assets arising from operating leases, to be recognized in the balance sheet at a rate of 100%. The implementation of the new directives is also expected to lead to a decrease of approximately 0.02 percentage points in the leverage ratio of the Bank.

Circular Regarding Operational Efficiency of the Banking System

On January 12, 2016, the Supervisor of Banks published the circular, "Operational Streamlining of the Banking System in Israel." Pursuant to the circular, the Board of Directors of a banking corporation shall formulate a multi-year plan to improve efficiency. A banking corporation that meets the conditions established in the letter shall receive a relief according to which, inter alia, it will be permitted to spread the effect of the plan over five years, in a straight line, for the purpose of the calculation of capital adequacy.

On November 30, 2016, the Bank's Board of Directors approved the efficiency plan and on December 4, 2016, the Supervisor of Banks approved the relief in respect of this plan. The capital relief amounts to NIS 105 million (approximately 0.41%in terms of the capital ratio). This relief is spread over 20 quarters as of the first quarter of 2017.

On December 31, 2018, the Board of Directors of the Bank resolved to approve a voluntary-retirement plan for 70 employees, as part of the efficiency processes undertaken by the Bank, within which employees are expected to retire from the Bank in 2019-2020 (the retirement date will be determined by the Bank). On January 17, 2019, the approval of the Supervisor of Banks for a relief in respect to this program was received. The capital relief for this plan amounts to NIS 76 million (0.31% in terms of the capital ratio) and spreads over 20 quarters starting from the first quarter of 2019. For further details see Note 21.B.1 in the financial statements as of December 31, 2019. The influence of the different efficiency plans on the common equity Tier 1 capital ratio as at December 31, 2019 amounted to NIS 103 million (December 31, 2018 - NIS 139 million).

-50- Internal Assessment of Appropriateness of Capital Adequacy (ICAAP)

The Bank is required to establish an internal process to assess the risks and capital allocation in order to ensure that the Bank allocates sufficient capital against all risks (hereinafter: ICAAP). Within the ICAAP process, the Bank performs a proactive process of identifying and assessing each of the material risks in each of the main activities of the Bank. This process also surveys the components of the existing policies and restrictions, measurement and tracking tools, reporting systems, main processes and products, and components of corporate governance. The assessment is aided by a qualitative review and an analysis of quantitative data, while examining the ability to rely on internal models.

The approach of the Bank considers the ICAAP to consist of two main processes: A. An internal process of identification, measurement, management, and reporting of the main risks to which the Bank is currently exposed and to which it may be exposed to in the future. B. An internal process for establishing the capital allocation and the examination of the appropriateness of the capital objectives, so that it ensures adequate capital ratios, taking into consideration the risk profile of the Bank, including capital planning and management. The ICAAP process is a comprehensive and concerns various levels of the processes of risk management, and capital management.

Within the eased supervisory requirements for small banks, the Bank is required to submit the results of its ICAAP to the supervisory agency every two years (instead of annually), subject to compliance with the instructions specified in Proper Conduct of Banking Business Directive 211, "Capital Adequacy Assessment". Accordingly, the Board of Directors has approved a shortened ICAAP for years in which the document is not submitted to the supervisory agency.

In light of the notification of the shareholders holding the controlling interest of the Bank regarding their intention to act to sell their holdings in the Bank, and in light of the ruling of the Competition Tribunal, as noted above, the ability to plan for the long term has been impaired due to the uncertainty characteristic of this period. As the ICAAP process is based, among other matters, on long-term planning, the process has been delayed, with capital planning performed for the coming year only. Note that the Bank performs a quarterly process to assess its capital adequacy against the full range of risks, in the course of running a holistic stress scenario.

-51- In addition, see the section "Top and Emerging significant Risks " and Note 32 – “Events during the reporting period and after the balance sheet date” in connection with the implications of the announcement by the shareholders holding the controlling interest in the Bank from July 30, 2017 regarding their intention to act to sell their holdings in the Bank and their contractual engagement on November 27, 2017 with Mizrahi Bank, and additional events related to these announcements.

Capital Planning and Capital Objectives

The Capital Adequacy Objective – On November 29, 2018, the Board of Directors of the Bank approved principles for an action plan to improve efficiency. The goals of the plan, to the extent that it is realized, include increasing the capital ratios of the Bank, such that during 2019 the Tier 1 common equity ratio of the Bank stands at 10.3%, while maintaining the stability of profitability and return.

Capital Planning - Within the discussions of the Board of Directors, held on the end of December 2019, concerning the work plan for 2020, the capital planning for this year was established. The annual capital planning is derived from capital targets defined by the Board of Directors. Capital planning for 2020 was mainly influenced by the following parameters:  An increase in common equity Tier 1 capital due to an expected increase in the retained earnings item.  A gradual reduction of the capital reserve balance was taken, in respect of securities available for sale.  A decrease in Tier 2 capital as a result of the reduction of liability deeds in accordance with the transitional directives As part of the capital planning, the Bank has prepared a plan for the reduction of risk-weighted assets, if necessary in order to cope with possible changes, as a result of the potential effects of the economic situation on the Bank's capital base (profitability and capital reserve), as well as possible effects of new regulatory directives. Note that part of this information is "forward-looking information".

In addition, see "Top and Emerging significant Risks" section and Note 32 - “Events during the reporting period and after the balance sheet date” to the financial statements, in connection with the implications of the announcement by the shareholders holding the controlling interest in the Bank from July 30, 2017 regarding their intention to act to sell their holdings in the Bank and their contractual engagement on November 27, 2017 with Mizrahi Tefahot Bank, and additional events regarding these announcements.

-52- Description of the Use of Stress Tests in Capital Planning Disclosure According to EDTF

The actual materialization of a stress scenario and the need to comply with the risk appetite and risk tolerance established by the Board of Directors of the Bank may lead to a deviation from the original capital planning as presented, such that damage occurs to the capital ratios as established. Within the implementation of risk-management processes, the Bank examines a range of stress scenarios; two holistic scenarios were chosen for the ICAAP process for implementation within the capital planning and the ICAAP process. In addition, a scenario of the Bank of Israel is examined, based on a uniform scenario and a reverse scenario, the effect of which leads to a decrease in the core capital ratio to the lower limit of the risk tolerance.

The stress scenarios refer to the business lines and to the principal risks identified at the Bank, with an evaluation of the effect of each stress event on several components: the volume of risk-weighted assets, interest income, the rate of the provision for credit losses, non-interest income, expenses, changes in the capital reserve, and impact on overall profitability and on capital ratios. The Bank examines the leading stress scenario (the extreme scenario that caused the most significant damage to capital adequacy) on a quarterly basis. The analysis of stress scenarios indicates that the actual capital-adequacy ratios and the targets established are congruent with the Bank's ability to absorb the unexpected losses reflected in the scenario without falling below the minimum ratios.

In addition, see the section "Top and Emerging significant Risks " and Note 32 to the financial statements- “Events during the reporting period and after the balance sheet date”, in connection with the implications of the announcement by the shareholders holding the controlling interest in the Bank from July 30, 2017 regarding their intention to act to sell their holdings in the Bank and their contractual engagement on November 27, 2017 with Mizrahi Tefahot Bank, and additional events regarding these announcements.

-53- The Leverage Ratio Disclosure According to Pillar 3

Proper Conduct of Banking Business Directive 218, Leverage Ratio (hereinafter: the “Directive”). The Directive establishes a simple, transparent, non-risk-based leverage ratio, which serve as a reliable measurement complementary to risk-based capital requirements, and which is designed to limit the accumulation of leverage at the banking corporation. The leverage ratio is expressed as a percentage, and is defined as the ratio between the capital measurement and the exposure measurement. Capital, for the purpose of measurement of the leverage ratio, is Tier 1 capital, as defined in Proper Conduct of Banking Business Directive 202, taking into consideration the transitional arrangements that have been established. The total exposure measurement is the total of balance-sheet exposures, exposures to derivatives and to securities financing transactions, and off-balance-sheet items. In general, the measurement is consistent with accounting values, and risk weights are not taken into account. In addition, physical or financial collateral, guarantees, or other credit-risk mitigation techniques cannot be used to reduce the exposure measurement, unless otherwise noted in the Directive. Balance-sheet assets deducted from Tier 1 capital (in accordance with Proper Conduct of Banking Business Directive 202) are deducted from the exposures measurement. Pursuant to the Directive, exposure in respect of derivatives is calculated in accordance with Appendix C to Proper Conduct of Banking Business Directive 203; exposures in respect of off-balance-sheet items are calculated by converting the notional amount of the items using credit conversion coefficients, as established in Proper Conduct of Banking Business Directive 203. Pursuant to the Directive, as from January 1, 2018 banking corporations shall comply with a leverage ratio of no less than 5% on a consolidated basis. Banking corporations whose total balance-sheet assets on a consolidated basis constitute 20% or more of the total balance-sheet assets in the banking system shall comply with a leverage ratio of no less than 6%. Based on the foregoing, the minimum required leverage ratio for the Bank is 5%.

The leverage ratio as at December 31, 2019 was 5.99%, compared with 5.94% as of December 31, 2018. The ratio has increased negligibly despite an increase of approximately NIS 0.9 billion in exposures (mainly in mortgages and loans to private customers), following the increase in common equity Tier 1 capital in the amount of NIS 82 million.

-54- Comparison of the assets in the balance sheet and the measurement of exposure for the purpose of the leverage ratio (LR1) Table 6 – Comparison between the Assets in the Balance Sheet and the Measurement of Exposure for the Purpose of Leverage Ratio (LR1) Disclosure According to Pillar 3

December 31, 2019 December 31, 2018 NIS millions 1. Total assets according to the consolidated financial statements 42,467 41,316 2. Adjustments in respect of investments in entities in the - - banking, financial, insurance, or commercial fields, which were consolidated for accounting purposes but outside the consolidation scope for supervisory purposes 3. Adjustments in respect of securities financing transactions - - (for example: repurchase transactions and other similar secured loans) 4. Adjustments in respect of off-balance sheet items 2,658 (conversion of the off-balance sheet exposures to credit equivalent amounts) 2,754 5. Other adjustments, including in respect of derivative financial instruments (36) 87 6. Exposure for the purpose of the leverage ratio 45,089 44,157

-55- The Leverage Ratio (LR2) Table 7 – The Leverage Ratio (LR2) Disclosure According to Pillar 3

December December 31, 2019 31, 2018 NIS millions Balance Sheet Exposures

1. Assets in the balance sheet (excluding derivatives and securities financing 41,963 40,090 transactions but including collateral) 2. (Amounts in respect of assets deducted when determining Tier 1 capital) (31) (15) 3. Total balance sheet exposures (excluding in respect of derivatives and 41,932 40,075 securities financing transactions)

Exposure in Respect of Derivatives 614 791 4. Replacement cost related to all of the transactions in respect of derivatives 5. Add-on amounts in respect of potential future exposure related associated 497 with all derivatives transactions 410 6. Gross-up of collateral provided in respect of derivatives, which were - - deducted from the Balance Sheet assets according to the Public Reporting Directives 7. (Deductions of receivable assets in respect of variable collateral in cash (614) (441) provided in derivatives transactions) 8. (Exempted central counterparty leg of client-cleared trade exposures) - - 9. Adjusted effective nominal amount of written credit derivatives - - 10. (Adjusted effective nominal offsets and add-on deductions in respect of written credit derivatives) - -

11. Total exposures in respect of derivatives 497 760

Exposures in Respect of Securities Financing Transactions

12. Gross assets in respect of securities financing transactions (without offsets), 2 568 after adjustments in respect of transactions treated as an accounting sale 13. (Offset amounts of cash payable and cash receivable from gross assets in - - respect of securities financing transactions) 14. Exposure of credit risk of a central counter party in respect of securities - - financing assets 15. Exposure in respect of transactions as an agent - - 16. Total exposures in respect of securities financing transactions 2 568

-56- The Leverage Ratio (LR2) (Cont'd) Table 7 – The Leverage Ratio (LR2) (Cont'd) Disclosure According to Pillar 3

December December 31, 2019 31, 2018 NIS millions

Other Off Balance Sheet Exposures 9,862 9,801 17. Off-balance sheet exposure in gross par value 18. (Adjustments in respect of conversion to credit equivalent amounts) (7,204) (7,407) 19. Off balance sheet items 2,658 2,754

Capital and Total Exposures 45,089 44,157 20. Total exposures 21. Tier 1 capital1 2,703 12,621

Leverage Ratio 5.99% 5.94% 22. Leverage ratio according to Proper Conduct of Banking Business Directive 218

(1) These figures include adjustments in respect of the efficiency plans set forth in the letter of the Supervisor of Banks from January 12, 2016 on "Operational Streamlining of the Banking System in Israel" (hereinafter: Adjustments in respect of the Efficiency Plan"), which were approved by the Supervisor of Banks.

-57- Credit Risk

General Information on Credit Risk Quality (CRA) Disclosure According to Pillar 3

Credit risk is the risk that a loss may be incurred by the Bank as a result of insolvency or decline in the repayment capability of a counterparty to a transaction with the Bank, in which the counterparty fails to fulfill its obligations pursuant to the agreed terms; this is the most significant risk to which the Bank is exposed in the course of its operations, mainly in terms of extent relative to other risks. Credit risk is inherent in the business activity of the Bank, and constitutes a significant element of the Bank's overall risk profile. The credit-risk profile of the Bank indicates credit concentration risk as a key characteristic; portfolio quality indicators show high portfolio quality. The Bank has worked continuously for several years to reduce concentration, using a range of tools and indicators, while applying stricter parameters of risk tolerance and risk appetite to all concentration indicators. For additional information, see the Counterparty Credit Risk chapter.

Risk Management Framework The Bank manages the credit risk in accordance with the credit policy documents that specify parameters for the approval of credit – evaluation of the customers' quality and of the customer's repayment capability, financial stability, liquidity, reliability, duration of activity in the sector, duration of activity at the Bank, quality of collateral provided, and more. Based on these parameters, detailed working procedures have been established, which set forth clear instructions with regard to the manner of granting credit at the Bank and credit management work processes prior to the granting of credit and the course of its management. These procedures require the functions that handle credit at the Bank to become deeply familiar with the borrower and to obtain an understanding of the transaction, including the purpose of the credit and its suitability for the customer's needs, the structure of the credit, and the sources for repayment. The Board of Directors guides the credit-risk management framework, and reviews the credit policy documents of the Bank on an annual basis at least. The Board of Directors discusses, decides, and establishes guidelines with regard to the credit policy of the Bank, and ensures the existence of effective processes for the identification, measurement, monitoring, and control of this risk, inter alia, through a quarterly review of the risks document.

-58- The main activities of the Board of Directors related to the management of credit risks during the period under review, are described below:  Discussions on the credit-risk management policy, including the credit authorization hierarchy, weights of collateral, and limits on exceptions from policy.  Discussions on relevant business objectives and of the effect of work plans and strategic plans for the expansion of retail credit activity on the credit-risk profile.  Approval of the corporate structure supporting credit-risk management and the hierarchy of authorizations.  Quarterly discussion of the risk document, in relation to credit risks and the exposure to such risks; exceptions from the policy document, if any; and ensuring that the credit-risk profile of the Bank is consistent with the established risk appetite.  Discussion and approval of customer rating models, according to the indication received from the heat map of the models, used in the risk-management process.  Discussion of the results of stress tests for credit risks, and their effect on the capital ratios.  Discussion of the allocation of capital within Pillar 2.  Discussion of principal gaps arising in the risk assessment questionnaires process and recommendations for treatment.  During the approval of new products, discussion of the effects of the products on the credit risks.

The policy documents are discussed on an annual basis at least, and reflect the Bank's corporate strategy as well as economic developments, in Israel and globally, and relevant regulatory directives. The policy documents establish the risk limits for the credit management, corporate governance, and the hierarchy of authority for the approval of credit; the required spread/return, adjusted to the risk of the transaction; parallel to a description of the lines of defense and of reporting, monitoring, and control obligations. Indicators have been established for quarterly monitoring, aimed at allowing early identification of a possible need to update the policy as aforesaid.

Within the corporate governance for risk management, the following central committees have been defined: the Credit Committee of the Board of Directors, the Diamond Credit Committee of the Board of Directors, the Executive Credit Committee and other forums. In general, the corporate division of the Bank serves customers with a credit balance greater than NIS 10 million. The Bank's core specialty sectors are: accompanying real-estate projects, customers active in the capital market, and diamonds. The division also operates in the industrial, commercial, and services sectors.

-59- Banking services for customers in the corporate sector primarily include financing of routine operations; financing of investments, projects, and foreign trade; and dealing-room transactions. These services are provided at most of the branches of the Bank. The activity of customers in the diamond sector is centralized at the Ramat-Gan branch only. The activity of capital-market customers is conducted at a dedicated unit headquartered at the Tel Aviv branch.

In general, the Retail Banking, Customer Assets, and Advising Division handles credit exposures to retail borrowers and to commercial customers with a credit balance of up to NIS 10 million. In addition, the division also handles mortgage credit, credit for product customers (customers whose main activity is not at Union Bank) - through the Direct Banking Center, and leasing activity.

Within the process of applying internal models to assess credit risks at the Bank, the Bank improved the processes for rating business customers and retail borrowers, and is working to match the total spread to the customer risk and the transaction risk based on the rating. It should be noted that the rating of the customer constitutes a significant part of the process of assessing the risk in the transaction and in its approval, it makes it possible to distinguish between levels of risk in different credit exposures, serves as a tool for monitoring the quality of credit and constitutes a major tool in credit pricing and calculation of profitability. In general, the Bank ranks all of its credit exposures.

The Bank's credit risk is managed and audited by three lines of defense, as detailed above, is based on orderly work processes, and reports to management and the Board of Directors which allow monitoring of the current activity. The risk-management processes make it possible to manage risks in accordance with the risk appetite established by the Board of Directors of the Bank.

Exposures to credit risks are created in the corporate division primarily by the corporate credit network, and in the Retail Banking and Customers Asset Division, mainly through the branch network and the mortgage network.

Credit-Granting Authority - The decision making process concerning credit granting is based on a hierarchy of authorities for functionaries in various levels up to the level of the Board of Directors’ Credit Committee, according to the risk appetite and risk tolerance set by the Board of Directors.

In general, in the credit granting process the Bank maintains the "four eyes" principle, in order to minimize the risk of relying on the judgment of a single individual.

Within the credit authorities, limitations were set on the volume of credit with no collateral, which each authorized official may approve.

-60- Credit Control - The Bank operates numerous and varied automated control tools, at its branches and headquarters, aimed at detecting, as early as possible, changes in the customers' behavior, formation of collateral gaps, deviations from the approved credit limits, and exceeding authority. The Bank integrates information from external sources with the control tools, in order to identify activities and events that may influence customers’ ability to repay their debts.

The control tools include, inter alia, detailed definitions of risk management components and their monitoring, determination of risk appetite and risk tolerance to the various activity components, assimilation of automated systems at the level of the branch and at the level of the headquarters, designated training activity and a report and control format at all of the levels at the Bank. Automated systems that identify potential problems with customers, who are not classified as having problematic debts, is used for early detection of such problems (see details in the section treatment of problematic credit and debt collection, further on).

In addition, a process of examination of borrowers, based on Proper Conduct of Banking Business Directives, is performed at the Credit Control Unit in the Control and Risk Management Division.

A lot of resources and effort are invested in updating and developing automated control tools and in improving the information systems in the field of credit in order to adapt them to the changing business environment and to the regulatory directives.

Within the quarterly risk document, which is submitted for discussion to the Bank's management, the Board of Directors' Risk Management Committee and the Board of Directors' plenum, the Bank examines the assessment of the credit portfolios' quality risk. In addition, in the credit fields issues such as: the development of the portfolio, the compliance with the components of the risk appetite and the risk tolerance, examination of the management quality, provisions for credit losses, scope of the leveraged credit portfolio, data concerning problematic debts, and more. See the "Risk Overview" chapter, under "Leveraged Finance" chapter in the Board of Directors and Management Report.

Management of Corporate Credit Risk The Corporate Division is responsible for routine management of credit (excluding credit which is under the authority of the Retail Banking, Customers Assets, and Advising Division); treating problematic debts, carrying out procedures to collect the debts, and handling legal claims against the Bank related to such debts through the Special Credit Department; and periodic reporting to authorities (the Bank of Israel and the Ministry of Finance) and within the financial statements.

-61- The activity of the division is concentrated in the following four main units:

 Corporate Credit Array – Responsible for processing all credit applications under the responsibility of the division, including applications in the real estate field and those of customers served by the special customer treatment (special customer treatment for customers in difficulties of more than NIS 10 million).  Special Credit Array – Responsible for processing and monitoring corporate and retail collection portfolios.  Information and Credit Reporting Sector – Responsible for monitoring limits set by the Board of Directors and regulatory limits, and reports to various interested parties, including to the Bank of Israel, to the Board of Directors, and to the management of the Bank.  Managerial Planning and Control Sector – Responsible, inter alia, for risks controls, concentration of procedures and training.

Corporate and Commercial Credit Policy – The credit policy encompasses the principles and rules for management of all aspects of credit risk at the Bank, as established by the Board of Directors. The policy specifies the guidelines of the Board of Directors for the various management tiers and for credit staff at the headquarters and branches with regard to the method of management of the credit granted by the Bank to borrowers in the various sectors. The policy document refers to principles and rules for rating of the borrowers and for granting, managing, and controlling credit, with the aim of improving the quality of the credit portfolio and reducing the risk inherent in its management. In addition, the policy defines the reporting, monitoring and controlling processes over the risk development in the portfolio, within defined risk indices, which are examined on an ongoing basis and presented to the management and the Board of Directors.

The policy and guidelines are based, inter alia, on the overall risk appetite and risk tolerance of the Bank, and on the risk appetite and risk tolerance at the level of the sector (including reference to exposure to banks and to corporate bonds) and at the level of the individual customer. The policy and guidelines establish the conditions necessary in order to allow the Bank to operate within the bounds of its risk appetite and risk tolerance.

Within the risks-management processes, an independent opinion is given by the risks-management function on material credit exposures.

The policy is updated at least once annually, in accordance with the changes and events in the business environment in which the Bank operates and with the Bank's corporate strategy.

-62- In order to ensure that the policy is up to date, the Corporate Division examines various (internal and external) indicators on a quarterly basis. If one or more of the indicators exists, the Corporate Division reports to the Controls and Risk Management Division; and if necessary, certain sections of the policy are updated, according to business conditions, changes in regulation, etc., and presented to the Board of Directors for discussion and approval.

Credit for construction financing – One of the core sectors on which the Bank is focused is project finance for residential construction in high-demand areas. In general, the Bank focuses on financing for the construction of standard apartments.

Credit is granted in the form of project finance. This is financing in the form of the creation of a financing framework separate from the other activities of the entrepreneur, ensuring that the financing granted for construction is used solely for the property financed by the Bank, and that revenue from the sale of the residences in the property are used, with certainty, to repay the financing. For the purposes of the financing, the entrepreneur engages a supervisor, who serves as an objective reporting and supervising function and makes the financial management of the project possible for the Bank.

Considerations regarding project finance for residential construction include examination of the customer's fulfillment of qualitative parameters (such as the purpose of the construction, the type of project, and more) and quantitative parameters (such as the profitability of the project, advance sales, and more), which are established in the policy.

The Bank closely monitors developments in this industry, and updates its policy accordingly. See “Review of risks” chapter in the “Credit for construction and real estate” section, in the Board of Directors and Management Report.

Policy for Investment in Bonds with Issuer Risk – This policy is part of the Bank's policy with respect to proprietary investments; its goal is to generate surplus returns over an alternative investment in risk- weighted assets. The Bank views some of the proprietary investment in corporate bonds as a substitute for credit granting. The investment framework and rules for execution of the investment are discussed and approved by the Board of Directors, and encompass the volume of the exposure, the types of bonds permitted for investment, ratings of the bonds, maximum exposure to a single issuer, diversification limits, and minimal spread by rating.

The process of making decisions regarding investments in this area is performed in the Financial Management Division and in accordance with the hierarchy of authority. Limits pertaining to investments in corporate bonds are audited routinely, and the Bank's policy in this area is adjusted to developments in the markets. -63- For further details, see Note 1.E.5 "Accounting Policies" regarding securities in the Financial Statements as at December 31, 2019 as well as Note 12 "Securities" in the Financial Statements for December 31, 2019.

Management of Retail Credit Risk The Retail Banking, Customers Assets, and Advising Division is responsible for achieving the Bank's objectives in the area of retail banking, and for the management of the Bank's branch network in its activity with private customers (households and private banking) and commercial customers. In addition, the Division is responsible for coordinating the processes of strategic planning, marketing, information infrastructure and digital banking. At the end of 2018, the organizational structure of the division was examined, and as of today the division includes the following main units:

 Branches and Sales Division - Responsible for ongoing operations, including sales activity and compliance with the objectives of the work plan at the branches.  Retail Credit and Mortgage Unit – Responsible for coordinating all retail credit activity (consumer credit, commercial credit, and mortgages).  Customer Asset and Consulting Array – Responsible for the advising activity, the research, and the deposits.  Direct Banking Sector – Centralizes all components of direct banking: sales, service, and operations.  Operations and Intra-Division Coordination Sector – Responsible for operational processes, monitoring, controls, and reporting on the periodic development of risk indices.  Marketing and digital unit

Retail Credit Policy – The retail credit policy addresses principles and rules for the management of retail credit risk, including management of the risk of consumer credit including credit to product customers and mortgages credit.

The policy and guidelines for retail credit risk management are based, inter alia, on the risk appetite of the Bank, and define the required conditions in order to act in accordance with the risk appetite and within the bounds of the risk tolerance.

The policy reflects the Bank's strategy for retail-banking growth, while significantly expanding the retail credit in the Bank's credit mix, inter alia, by operating the Direct Banking Center for customers whose primary activity is not conducted at the Bank ("product customers"), and expansion of the portfolio of credit for small businesses. The policy links credit risk with spread, and establishes a mechanism for

-64- calculation of the risk spread required in each transaction. The policy details reporting and control lines, and the various control circuits. In addition, control and monitoring tools and the manner in which they are used, are described. The automated means and the retail credit processes allow effective monitoring and identification of deviations from the credit policy, and allow the identification of the source of the deviation and the treatment of it. In order to ensure the updating of the policy, the Retail, Customer Asset, and Advising Division examines on a quarterly basis various indicators (external and internal). Upon fulfillment of one or more of the indicators, the Retail Division will report to the Controls and Risk Management Division and if necessary, certain sections of the policy will be updated according to the business conditions, regulation changes etc., and will be brought to the Board of Directors for discussion and approval. In addition, the Bank purchases loans from Mimun Yashir. For details see Note 23.C.7 "Contingent Liabilities and Commitments" to the financial statements as at December 31, 2019. For details regarding purchased loans, see Note 27.B.1. to the financial statements as at December 31, 2019.

On January 22, 2020, the Bank and Mimun Yashir signed an addendum to the agreement extending the term of the agreement between the Bank and Mimun Yashir until December 31, 2021. See "Risk Review" chapter, under the "Credit Policy" chapter in the Board of Directors and Management Report.

Regulatory developments

On April 12, 2019, the Credit Data Law, aimed at establishing comprehensive regulation of credit-data sharing, took effect. This regulation is expected to improve the quality of information available to the Bank when making decisions regarding the granting of credit to customers, and to improve the financing options available to customers in the banking system. However, in the short term, following the implementation of the law, the quantity of information of the Bank regarding its existing customers has decreased, until the completion of the process of obtaining customers’ signatures. Terms for requirements for customers’ signatures had been established. The Bank estimates that the law is expected to improve the underwriting procedures on the one hand, and to significantly increase competition from non-bank entities, on the other hand.

On August 25, 2019, the Fair Credit Law took effect. Pursuant to this law, customers must be provided with a proposed agreement, for advance perusal of the details of a transaction, a reasonable amount of time before signing an agreement. The law also imposes limits on the maximum interest rate collected from customers, with two conditions: (1) the rate of the actual cost of credit shall not exceed the maximum rate of the cost of credit; (2) the arrears interest rate shall not exceed the maximum arrears interest rate. The aforesaid two conditions must be fulfilled cumulatively.

The Bank implements the directives of the law.

-65- On October 28, 2019, a new draft of Proper Conduct of Banking Business on "Retail Credit Management" was published. The draft is expected to replace the letter from the Supervisor of Banks from November 2017 (Initiated Retail Credit Marketing) and the publication of Supervisory Expectations Document from the second quarter of 2019 on Consumer Credit and Internal Audit, in which it defines what is consumer risk: "Violation of behavioral norms by a banking corporation, causing Damage to consumers, even if there is no fear of a material loss for the banking corporation". The Supervisor of banks rates the consumer risk as high due to a legislative regulatory intervention. On February 19, 2020, an updated Proper Conduct of Banking Business Directive draft, regarding "consumer risk management", was published (The name of the Proper Conduct of Banking Business Directive was changed). On February 27, 2020, an advisory committee had gathered, which discussed at this Proper Conduct of Banking Business Directive draft. The Bank is learning the main requirements.

On March 15, 2018, the Insolvency and Economic Rehabilitation Law, 2018, which proposes a comprehensive reform in the area of insolvency, was published. The law seeks to codify insolvency law and achieve comprehensive, complete organization of all insolvency laws, for individuals and corporations, in a new, up-to-date law, and to rescind older orders and existing arrangements in the Companies Law. The law has three main goals:

a) To achieve financial rehabilitation of the debtor, as a key value in insolvency proceedings of individuals. b) To increase the percentage of debt repaid to creditors. c) To increase the certainty and stability of the law, shorten procedures, and reduce the bureaucratic burden.

A key innovation lies in the definition of insolvency. The law adopts the cash-flow test, stating that an insolvent entity is one unable to pay its debts on schedule. It has also been determined that, in general, a future creditor will not be permitted to file a request to initiate proceedings, except under circumstances in which there is a substantial concern that the debtor is acting with the aim of deceiving the creditors, granting preference to a particular creditor, or smuggling the debtor’s assets.

The main innovation with regard to corporations is a common opening point for restructuring procedures and liquidation procedures. Another innovation is the elimination, in the decisive majority of cases, of preferential debts, in order to promote the principle of equality among creditors and increase the share of general creditors in the collection fund. In addition, the power of holders of floating liens has been limited, and such holders can settle their debts only up to an amount equal to 75% of the value of the assets subject to the floating lien (the sections relevant to floating liens will take effect on March 15, 2020; the Bank is preparing to implement these sections).

The law took effect on September 15, 2019. The Bank is prepared and is implementing the law.

-66- Housing Loans

When examining the risks during the approval process of a housing loan, the Bank's policy establishes clear criteria for the examination of the quality of the customer and transaction risks characterizing the mortgage sector, while referring to regulative instructions, to risk limits and to the market conditions that vary from time to time. The Bank customarily grants housing credit only in cases in which the information regarding the borrowers and the collateral, at the time of the loan granting, is complete, updated, verified and suitable to the policy. The period of the loan does not exceed 30 years.

Following are main parameters taken in to account when discussing the credit request:

 Examination of borrowers' repayment capability from the borrower's disposable income, financial wealth and the financing rate relative to the value of the property, with regard to the internal and regulatory restrictions.  Existence of liens on the property and its legal status.  Financing of homes purchased for investment purposes.  Location of the property and its marketability.  Examination of the ration of return to risk weighted assets according to the objectives set forth by the Bank. For all credit applications, automatic soundness tests are performed based on various databases, and presented to the credit officer as a preliminary parameter for the examination and approval of the transaction.

Housing loans with significant risk attributes are examined according to specific criteria. For example, in loans with a variable interest track, the customer's repayment capability is examined using a simulation of an increase in the interest rate exceeding the average interest rate offered to the customer in all tracks containing a variable interest component.

The examination of the risks of the portfolio is done by examining various sectors and cross-sections (such as purchasing groups, homes purchased as investments), examining borrower quality, and examining risks in a range of stress scenarios. The mortgage system routinely and continuously monitors developments in housing credit, as well as developments and changes in mortgage repayments, both at the level of the branch and at the level of the overall portfolio, and examines the various implications thereof.

-67- As noted, the Bank periodically runs targeted stress scenarios to examine the development of risk in the mortgage portfolio. A definition has been established according to which borrowers exposed to a scenario are those borrowers who meet three cumulative conditions regarding the financing rate, the level of monthly income, and the ratio of the monthly payment from the income. The assumption is that the higher the borrower's income, the borrower will be able to meet loan payments at a higher proportion to income, as a function of the LTV ratio.

The activation of the stress scenarios indicated that the exposure to stress scenarios is not significant and does not expose the mortgage portfolio to significant risks.

Credit Quality of Credit Exposures (CR1) Disclosure According to Pillar 3

Table 8: Credit quality of credit exposures (CR1)

Balance as at December 31, 2019 NIS millions A B C D )1( Gross balances Impaired or Allowances for in arrears of credit losses 90 days or more Others or impairment Net balances 1 Debts, excluding bonds )3( 277 33,623 0 33,900 2 Bonds )4( 57 6,865 )55( 6,867 )5( 3 Off-balance sheet exposures 43 10,370 )20( 10,393

4 Total 377 50,858 )75( 51,160

Balance as at December 31, 2018 NIS millions A B C D Gross balances )1( Impaired or Allowances for in arrears of credit losses 90 days or more Others or impairment Net balances 1 Debts, excluding bonds )3( 362 35,078 )18( 35,422 2 Bonds )4( 71 4,667 )45( 4,693 )5( 3 Off-balance sheet exposures 32 10,578 )19( 10,591

4 Total 465 50,323 )82( 50,706

See comments below.

-68- Comments: (1) In accordance with the accounting values reported in the financial statements, of balance sheet and off-balance sheet instruments, which create exposure to credit risk under Proper Conduct of Banking Business Directive No. 203. (2) Excludes collective allowances. (3) Including credit to the public, bank and government deposits and other assets. (4) Not including shares in the portfolio held for trading and investments in supervisory capital components of financial corporations, which are included in the item 'other assets'. In addition, not including non-monetary items such as activity in the Maof market, which are included in off- balance-sheet exposures. (5) Including credit risk in respect of transactions in derivative financial instruments presented in terms of credit equivalent (after the effect of netting agreements) and after multiplication by the add-on coefficient and customer activity in the Maof market, that does not meet the definition of a derivative.

Changes in impaired debt stock (CR2)

For information on the balance and movement of impaired debts in the Bank, see the chapter on risk review under the chapter on risk of credit portfolio quality in the Board of Directors and Managements’ Report.

For further details, see Note 27 – "Additional Information on Credit Risk, Credit to the Public and Provision for Credit Losses" to the financial statements as at December 31, 2019.

-69- Further disclosure regarding credit quality of credit exposures (CRB)

Disclosure According to Pillar 3

Problematic Credit and Debt Collection In order to identify borrowers whose risk level and exposure has increased, as early as possible, the following processes are activated at the Bank with the aim of examining and treating the widest possible group of customers, at a high frequency, and properly monitoring and treating these customers. The processes are computerized in the Bank's information systems:  A process for identifying potential problems for borrowers up to a certain amount according to various parameters. Customers identified by the system are thoroughly examined and presented for discussion in an internal forum which discusses the necessary steps to be taken with these customers, and examines the need for continued monitoring, their classification as problematic debt, or an allowance for credit losses in respect of which.  Process of identifying borrowers, from a particular amount, with potential for inclusion in a watch list. Customers whose debt is defined as a debt on the watch list as a result of the review, in accordance with the classification rules that have been established, as well as customers added to this list within the routine reports of credit committees, are discussed on a quarterly basis by a special committee headed by the CEO, established for that purpose. The committee discusses borrowers included in the customer watch list, both from an operational and control perspective and from a credit perspective. The discussion of these borrowers also includes a discussion of the existing credit structure, decisions regarding the status and classification of the debt, credit applications of these customers, and extension of existing credit facilities.  A process for debt classification and charge-offs based on the number of days of arrears. The process is performed on a monthly basis. At the conclusion of the process, a report is generated escalating all borrowers in respect of which classifications and/or charge-offs were performed for handling by the branches.  A process for identifying restructuring potential in loans granted to borrowers at the Bank. Further to the escalation process, an individual examination is performed to determine whether the loans meet the criteria for classification as debts in restructuring.

The Special Corporate Treatment Unit coordinates and routinely handles all customers potentially or actually placed on the watch list, with the aim of reducing their debt and the future allowances in respect of these customers, or even to return them to normal activity. Customers on the watch list under the authority of the Board of Directors are discussed by the Board of Directors' Credit Committee.

-70- In addition, problematic customers above a certain amount are discussed on a quarterly basis by the Audit Committee of the Board of Directors.

The Special Credit Unit in the Corporate Division oversees business customers for which the probability of a return to regular business activity is low. The goal of the work with these customers is, first and foremost, to improve their ability to service the debt; in the absence of such ability, the unit acts to collect the debt, while attempting to reach an arrangement with the debtor or activating legal collection processes to collect the debt and minimize the damage to the Bank. Borrowers are transferred to the special credit unit when objective criteria are fulfilled (initiation of liquidation proceedings, cessation of activity, restriction of the borrower, etc.) necessitating such transfer, and/or according to the judgment of the Head of the Corporate Division or the Managements' Credit Committee.

Provision for Credit Losses and Identification of Problematic Credit

As of January 1, 2011, the Bank has applied American accounting standards regarding impaired debts, credit risk, and allowance for credit losses (ASC 310) and the regulatory directives of bank supervision agencies and of the Securities and Exchange Commission in the United States, as adopted in the Public Reporting Directives. In addition, as of that date, the Bank has implemented the directives of the Supervisor of Banks concerning the treatment of problematic debts. In addition, as of January 1, 2013, the Bank has also implemented the directives of the Supervisor of Banks concerning the update of the disclosure regarding credit quality of debts and regarding the allowance for credit losses. In addition, pursuant to the circular of the Supervisor of Banks of January 19, 2015, the Bank implements the directives of the Supervisor of Banks regarding the calculation of the collective allowance for non- housing credit losses, particularly with respect to credit for private individuals. The movement in the balance of the allowance for credit losses is detailed in Table 12- Movement in balance of provision for credit losses. The allowance to cover estimated credit losses with respect to the credit portfolio is assessed by one of two methods: “individual allowance” or “collective allowance.” For further details, see Note 27- "Additional Information Regarding Credit risk, credit to the public and Allowance for Credit Losses", to the Financial Statements as at December 31, 2019.

The Bank has established procedures for the identification of problematic credit and classification of debts as impaired. In accordance with these procedures, the Bank classifies all of its problematic debts and items of off-balance-sheet credit into the categories: under special supervision, inferior, or impaired.

-71- Fairness of the Classification and Allowance for Credit Losses In order to determine the classifications and the allowance, the population of borrowers at the Bank is divided into several borrower types. Borrower management, maintenance of the credit portfolio, and collection of information for detection and classification of problematic debts are under the responsibility of the Business Division and Retail Division of the Bank. The Finance Division is responsible for determining the classification of credit and the allowances for credit losses. Within this process, the division examines and tests the completeness and correctness of the criteria established for choosing customers; the correct execution of the process for choosing customers in the various categories; the appropriateness of the classification of chosen customers and of customers classified in the past, and the developments therein; the need to record an allowance for credit losses; the appropriateness of the allowance; and the appropriateness of the collective allowance, including the appropriateness of the allowance in aggregate.

Debt in Arrears – Debt, in which the principal or interest has not been paid on time, with respect to the contractual repayment terms. A current account / current drawing account shall be reported as a debt in arrears when the account remains continuously at a negative balance (in the absence of an approved credit facility), or in deviation from the approved credit facility, for 30 days or more; or if, within the credit facility, amounts are credited to the account that are lower than the negative balance and the credit facility, for a period of 180 days. Loans shall be reported as debt in arrears when the principal or interest have not been paid after 30 days have elapsed from the scheduled date of payment according to the contractual repayment terms of the debt.

Impaired Debt – Credit examined on an individual basis, in respect of which the banking corporation expects to be unable to collect the full amounts owed to it according to the contractual terms of the debt agreement. This classification shall also be applied to credit examined on an individual basis which is in arrears of more than 90 days, unless it is secured and in collection proceedings; and to restructured problematic debts in which the Bank granted the debtor a concession in the course of the restructuring which it would not have considered granting under other conditions.

Debt in restructuring – troubled debt restructuring – debt that meets both of the following conditions: (a) the borrower is in financial distress, and (b) the Bank has granted the borrower a concession that it would not consider granting under other circumstances, such as changes in the terms of the credit (possible changes in the terms of credit are extension of the period of the loan, an increase in the number of payments, suspension of payments (full grace) for a substantial period, postponement of payment for a period exceeding 90 days, etc.), a relief in the interest rate, a waiver of part of the debt, etc.

-72- All restructured debts are classified as “impaired debt,” as it is expected that the banking corporation will be unable to collect the full amounts according to the contractual terms of the original credit agreement (even if it is expected to collect such amounts according to the new contract).

Other-than-temporary impairments – see the section “Critical accounting policies” in the Board of Directors and management report on the subject of allowance for credit losses and provision for other- than-temporary impairment of bonds available for sale, respectively.

Credit Portfolio Concentration Risk

Concentration risk is one of the types of risk faced by banking corporations in their business activities. In contrast to other risk components, which are usually defined at the level of the individual transaction or single counterparty, the exposure to concentration risk arises from the composition of the portfolio of risk-weighted assets of the Bank or from the composition of its exposures. Portfolio risks can be divided into two types: systematic risk factor and idiosyncratic risk factor. The systematic risk factor represents the effect of macro-economic and financial events on the quality of the asset portfolio of the banking corporation, and in particular on the quality of its credit portfolio. The sensitivity of borrowers to macro-economic events may be different, but the basic assumption is that no borrower is entirely immune to events of this type. Consequently, the systematic risk factor is unavoidable, by definition, and cannot be mitigated by management or by effective hedging. By contrast, the idiosyncratic risk factor is defined at the level of the specific borrower, and depends on the quality of management and business performance of the firm. As a result, the lower the relative weight of the exposure to a single borrower, the smaller the specific component of the portfolio risk. The more diversified the credit portfolio, the lower the exposure of the Bank to idiosyncratic risk factor; however, the exposure to the systematic risk factor remains unchanged.

Borrowers Concentration - In general, the Bank's credit policy is to increase the diversification of the credit portfolio among the various borrowers. According to Proper Conduct of Banking Business Directive No. 313, total credit to a single borrower, to a group of banking borrowers and to a group of credit card borrowers shall not exceed 15% of the capital of the Bank, excluding speculative borrower / group of borrowers, for whom the exposure was limited to 10% of the capital of the bank (according to the amendment to the directive dated October 27, 2019). Regarding borrowers and / or groups of borrowers, that exceed the limit set by the directive, transitional directives for settlement of the exception by June 30, 2020, had been set. The directive further states that total credit to a group of borrowers shall not exceed 25% of the capital of the Bank; and the exposure of total net indebtedness (after deduction of the amounts specified in Section 5 of the directive) of "borrowers," "groups of borrowers," "groups

-73- of banking borrowers" and “groups of credit card borrowers” with a net indebtedness exceeding 10% each, of the capital of the Bank shall not exceed 120% of the capital of the Bank.

The Board of Directors if the Bank has set internal limits for the various concentration indices, which are stricter than those set by the Proper Conduct of Banking Business Directive 313, as stated above. The Bank routinely examines its compliance with the risk appetite and risk tolerance established by the Board of Directors for exposures to single borrowers and groups of borrowers, including compliance with the concentration limits set, through various indices and scenarios. The Bank routinely monitors the different borrowers' business situation, especially the big borrowers.

There are no balances of credit to the public and off-balance-sheet credit risk as at December 31, 2019, to groups of borrowers, to groups of banking borrowers and to groups of credit card borrowers of the Bank whose net indebtedness, on a consolidated basis, after the permitted deductions under Section 5 of Proper Conduct of Banking Business Directive No. 313, exceeds 15% of the Tier 1 capital according to Proper Conduct of Banking Business Directive No. 202.

Sectorial Concentration - In general, the Bank’s credit policy is to increase the diversification of the credit portfolio among the various economic sectors. The Board of Directors of the Bank conducts discussions at least once a year within the discussion on the credit policy, regarding credit to certain sectors, particularly sectors sensitive to fluctuations and sectors in which sectorial risk is high compared to other sectors of the economy, and establishes policy based on the expected developments in these sectors. Credit to sectors, in which the Bank’s activity is focused, such as accompanying construction for residential purposes, finance, and diamonds, is handled by professional units specializing in these sectors. Specific working procedures and special controls have been set for these sectors in addition to the usual procedures and controls, in order to address the credit risks unique to these sectors. On March 27, 2019, the Bank purchased an insurance policy in respect of credit exposures to guarantees issued or to be issued by the Bank, in accordance with the Sale Law (Residences) (Securing the Investments of Buyers of Residences), 1974, and commitments to issue such guarantees and execution guarantees, all in connection with projects with respect to which project financing agreements are signed and/or to be signed with the Bank from time to time (hereinafter, jointly: the “Guarantees”). The insurance is performed through a wholly owned subsidiary of the Bank (CAPTIVE) established overseas, and purchased from international reinsurers with high international ratings, to insure the Bank against an instance in which payment is required of the Bank due to forfeiture of the Guarantees, all in accordance with the terms of the policy. In accordance with the terms set out in the Banking Supervision directives, 70% of the guarantees against which eligible credit protection was purchased are classified according to the activity of the protection provider. -74- The Bank complies with the directives of the Bank of Israel concerning limits on credit to a specific sector, and actively manages the concentration of its exposure to the sectors, while adjusting the volume of credit in each sector to the changing map of risks.

Geographical Concentration – Most of the Bank's credit activity is for customers in Israel. The Bank does not have branches outside of Israel. The Bank's exposure to foreign countries is due mainly to the Bank's activity with foreign banks, from exposure to foreign resident customers and from investment in bonds of foreign issuers. For details of the main exposures to foreign countries, see table 11 below.

Collateral Concentration – Within the credit policy, principles and rules were set regarding the type and volume of the collateral. The collateral requirement and their rate derive from the level of risk the Bank is willing to undertake when granting credit. A special emphasis is given to the ranking of the borrowers and to the repayment ability of the customers as criteria for granting the credit, in addition to the weight given to the accepted collateral. The collateral is tailored for the type of credit it's meant to ensure while addressing time range, linkage type, the nature of the credit and its objective. Determining the value of a collateral out of various types of collateral is derived from their nature and liquidity, the quality and speed of the ability to realize them, including changes in their value as a result of slowdown or growth situations in the borrowers business environment. The Bank regularly monitors the concentration of the business collateral, in order to identify a possible risk as a result of reliance on a particular type of collateral/specific asset as collateral which exposes the Bank to potential loss upon realization of the asset. The credit policy of the Bank is based on the diversification of the credit risks and their management in a controlled manner. This is reflected in seeking to disperse the credit portfolio among the various economic sectors and among a large number of borrowers.

-75- Sectorial Concentration – Table Detailing Credit by Economic Sectors

Table 9: Credit Risk by Economic Sectors – Consolidated

As at December 31, 2019 Overall Credit Risk (1) Debts (2) and Off-Balance Sheet Credit Risk (Excluding Derivatives)(3) Of Which: Credit Losses (4) Expense Net Balance of Credit Of (Income) Accounting Allowance Execution which: for Credit Write-Offs for Credit (5) (6) (2) (6) (9) Total Rating Problematic Total Debts Problematic Impaired Losses Losses NIS millions Borrowers Activity in Israel: Agriculture 159 159 - 158 143 - - - - - Mining and quarrying 351 351 - 221 125 - - (4) 4 1 Industry 2679 2526 153 2553 1615 153 131 2 (17) 43 Construction and real estate – construction (7) 4727 4658 69 4683 2101 69 48 3 (3) 40 Construction and real estate – activities in real estate 1365 1342 23 1187 899 23 23 (4) 3 9 Electricity and water supply 694 694 - 532 282 - - (1) (1) 4 Trading 3322 3293 29 3242 2357 29 17 (1) (1) 13 Hotels, accommodation services and food 469 467 2 467 380 2 - - - 1 Transportation and storage 404 395 9 398 330 9 6 (2) - 4 Information and communication 461 457 4 355 228 4 4 (1) - 2 Financial services 3373 3333 40 3018 1965 40 38 2 - 24 Other corporate services 436 432 4 431 264 4 2 - - 1 Public and community services 552 551 1 547 413 1 - 1 - 2 Total trading 18992 18658 334 17792 11102 334 269 (5) (15) 144 Private individuals – housing loans 10634 10,585 49 10634 9932 49 3 (2) (4) 42 Private individuals - other 6571 6511 60 6564 5084 60 17 47 (35) 101 Total public – activity in Israel 36197 35754 443 34990 26118 443 289 40 (54) 287 Banks in Israel (8) 500 500 - 113 113 - - - - - Israeli government 4940 4940 ------Total activity in Israel 41637 41194 443 35103 26231 443 289 40 (54) 287 Borrower Activity Abroad: Total public 330 314 16 2 1 16 16 - - - Banks abroad 1048 1048 - 524 524 - - - - - Governments abroad 1407 1407 ------Total activity abroad 2785 2769 16 526 525 16 16 - - - Total 44422 43963 459 35629 26756 459 305 40 (54) 287

See comments below -76- Comments: (1) Balance sheet credit risk and off-balance sheet credit risk, including in respect of derivative instruments, as calculated for the borrower's indebtedness limitations, including: debts – NIS 26,756 million, bonds – NIS 8,134 million, borrowed securities – NIS 2 million, assets in respect of derivative instruments – NIS 526 million, credit risk in off-balance sheet financial instruments – NIS 9,004 million. (2) Credit to the public, credit to governments and deposits with banks (excluding deposits with the Bank of Israel) and other debts, excluding bonds and borrowed securities. (3) Credit risk in off-balance sheet financial instruments as calculated for the borrower's indebtedness limitations excluding in respect of derivative instruments. (4) Including in respect of off-balance sheet credit instruments (presented in the Balance Sheet under the "other liabilities" item). (5) Credit risk whose credit ranking at the reporting date matches the credit ranking for granting of new credit in accordance with the policy of the Bank. (6) Balance sheet and off-balance sheet credit which is impaired, inferior or under special supervision, including, in respect of housing loans, in respect of which there is an allowance according to the extent of arrears and housing loans in respect of which there is no allowance according to the extent of arrears which is in arrears of 90 days or more. (7) Including housing loans, which were granted to purchase groups which are in the process of construction. In respect of balance sheet credit risk in the amount of NIS 6 million and in respect of off-balance sheet credit risk in the amount of NIS 13 million. (8) Not including deposits with the Bank of Israel. (9) Decrease (increase) in net write-offs (change in the balance of write-offs after neutralizing collections and forgiveness during the period).

-77- Table 9: Credit Risk by Economic Sectors – Consolidated (Cont'd) As at December 31, 2018 Overall Credit Risk (1) Debts (2) and Off-Balance Sheet Credit Risk (Excluding Derivatives)(3) Of Which: Credit Losses (4) Expense Net Balance of Credit Of (Income) Accounting Allowance Execution which: for Credit Write-Offs for Credit (5) (6) (2) (6) (9) Total Rating Problematic Total Debts Problematic Impaired Losses Losses NIS millions Borrowers Activity in Israel: Agriculture 163 163 - 162 145 - - - - - Mining and quarrying 291 291 - 155 106 - - - - 1 Industry *3,389 *3,176 213 3,183 1,902 202 162 31 (44) 58 Construction and real estate – construction (7) 4,474 4,384 90 4,425 1,836 88 48 8 (11) 40 Construction and real estate – activities in real estate *1,640 *1,613 27 1,376 1,021 23 18 3 (4) 10 Electricity and water supply 502 495 7 317 241 7 7 1 - 6 Trading 2,997 2,951 46 2,882 2,087 30 20 9 (7) 15 Hotels, accommodation services and food *445 *444 1 446 372 - - - - 1 Transportation and storage 532 520 12 499 394 6 - (2) - 6 Information and communication 379 342 37 311 191 30 - (1) - 3 Financial services 2,618 2,572 46 2,307 1,773 40 40 (14) 8 22 Other corporate services 345 343 2 338 203 2 1 - - 1 Public and community services *384 *376 8 369 272 8 2 - - 1 Total trading 18,159 17,670 489 16,770 10,543 436 298 35 (58) 164 Private individuals – housing loans 9,786 9,723 63 9,786 9,259 63 4 6 - 48 Private individuals - other 6,114 6,059 55 6,101 4,605 55 15 76 (55) 89 Total public – activity in Israel 34,059 33,452 607 32,657 24,407 554 317 117 (113) 301 Banks in Israel (8) 669 669 - 153 153 - - - - - Israeli government 3,962 3,962 ------Total activity in Israel 38,690 30,083 607 32,810 24,560 554 317 117 (113) 301 Borrower Activity Abroad: Total public 233 215 18 3 1 - - - - - Banks abroad 748 748 - 215 215 - - - - - Governments abroad 218 218 ------Total activity abroad 1,199 1,181 18 218 216 - - - - - Total 39,889 39,264 625 33,028 24,776 554 317 117 (113) 301

See comments below

*Reclassified. -78- Comments: (1) Balance sheet credit risk and off-balance sheet credit risk, including in respect of derivative instruments, as calculated for the borrower's indebtedness limitations, including: debts – NIS 24,776 million, bonds – NIS 5,359 million, borrowed securities – NIS 568 million, assets in respect of derivative instruments – NIS 642 million, credit risk in off-balance sheet financial instruments – NIS 8,544 million. (2) Credit to the public, credit to governments and deposits with banks (excluding deposits with the Bank of Israel) and other debts, excluding bonds and borrowed securities. (3) Credit risk in off-balance sheet financial instruments as calculated for the borrower's indebtedness limitations excluding in respect of derivative instruments. (4) Including in respect of off-balance sheet credit instruments (presented in the Balance Sheet under the "other liabilities" item). (5) Credit risk whose credit ranking at the reporting date matches the credit ranking for granting of new credit in accordance with the policy of the Bank. (6) Balance sheet and off-balance sheet credit which is impaired, inferior or under special supervision, including, in respect of housing loans, in respect of which there is an allowance according to the extent of arrears and housing loans in respect of which there is no allowance according to the extent of arrears which is in arrears of 90 days or more. (7) Including housing loans, which were granted to purchase groups which are in the process of construction. In respect of balance sheet credit risk in the amount of NIS 86 million and in respect of off-balance sheet credit risk in the amount of NIS 27 million. (8) Not including deposits with the Bank of Israel. (9) Decrease (increase) in net write-offs (change in the balance of write-offs after neutralizing collections and forgiveness during the period).

-79- Table 10: Credit exposures by maturity

Up to 1 year Over 1 year Over 5 years No maturity Total credit up to 5 years period exposures*(4) NIS millions As at December 31, 2019 Commercial 7,056 3,331 1,270 307 11,964 Private individuals – housing loans 1,201 3,812 7,685 - 12,698 Private individuals - other 1,809 2,390 1,654 711 6,564 Assets in respect of derivative instruments 335 195 96 - 626 Total public 10,401 9,728 10,705 1018 31,852 Banks and Governments 8,203 2,882 3,782 - 14,867 Total balance sheet credit exposure 18,604 12,610 14,487 1018 46,719 Of which: bonds 1,502 3,583 4,224 - 9,309 Total off-balance sheet credit exposure 6,936 819 1,754 - 9,509

As at December 31, 2018 Commercial 6,660 3,294 1,516 261 11,731 Private individuals – housing loans 1,015 3,307 8,784 - 13,106 Private individuals - other 2,458 2,072 396 840 5,766 Assets in respect of derivative instruments 548 163 106 - 817 Total public 10,681 8,836 10,802 1,101 31,420 Banks and Governments 9,953 1,946 2,666 - 14,565 Total balance sheet credit exposure 20,634 10,782 13,468 1,101 45,985 Of which: bonds 810 2,588 3,223 - 6,621 Total off-balance sheet credit exposure 7,555 1,117 2,275 - 10,947

*Total credit exposures, based on future cash flow, including interest.

-80- Table 11: Exposure to Foreign Countries - Consolidated

A. Information regarding total exposures to foreign countries (1) and regarding exposure to countries, whose total exposure to each of them is above 1% of the total assets of the consolidated Balance Sheet or above 20% of the capital (6), whichever is lower

As at December 31, 2019 Off -Balance Sheet Cross Boarder Balance Cross Boarder Balance Sheet Exposure (4) Exposure(2), (4) Sheet Exposure (4) Total Off- Of Which: Total Balance Problematic To Balance Problematic Sheet Off-Balance Maturity governments To To Sheet Balance Sheet Impaired Exposure(2 Sheet up to one Maturity (3) Banks Others Exposure Credit Risk (4) Debts (4) ), (3) Credit Risk year over a year NIS Millions The Country U.S.A 119 546 184 849 1 - 108 - 572 277 France 1,075 5 63 1,143 - - 2 - 1,078 65 Others 213 514 644 1,371 1 - 166 - 683 688

Total exposure to foreign countries 1,407 1,065 891 3,363 2 - 267 - 2,333 1,030 Of which: total exposure to PIGS countries - 2 3 5 - - 15 - - 5 Total exposure to LDC countries - 18 105 123 - - 20 - 77 46 Of which: Total exposure to countries with liquidity problem - 4 34 38 - - 6 - 33 5

See comments below

-81- Comments: (1) Based on final risk, after the effect of liquid guarantees and collateral. (2) Balance sheet and off-balance sheet credit risk are presented before the effect of the allowance for credit losses and before the effect of deductible collateral for the purpose of the indebtedness of a borrower and a group of borrowers. (3) Credit risk in off-balance sheet financial instruments as calculated for the purpose of a borrower's indebtedness limit. (4) Exposure to LDC countries includes those countries that defined as less developed countries, which are countries classified by the World Bank as with low or medium income.

-82- Exposure to Foreign Countries – Consolidated Table 11: Exposure to Foreign Countries

As at December 31, 2018 Off -Balance Sheet Cross Boarder Balance Cross Boarder Balance Sheet Exposure (4) Exposure(2), (4) Sheet Exposure (4) Of Which: Total Total Off- Problematic To Balance Problematic Balance Off-Balance Maturity government To To Sheet Balance Sheet Impaired Sheet Sheet up to one Maturity s (3) Banks Others Exposure Credit Risk (4) Debts (4) Exposure Credit Risk year over a year NIS Millions The Country U.S.A 218 304 168 690 2 1 178 - 177 513 Italy (7), (8) - - 5 5 - - 1 - 1 4 Others (7) - 470 587 1057 5 5 237 - 462 595

Total exposure to foreign countries 218 774 755 1,747 7 6 415 - 639 1,108 Of which: total exposure to PIGS(7),(8) countries - - 5 5 - - 1 - 1 4

Total exposure to LDC countries - - 166 166 4 4 32 - 136 30 Of which: Total exposure to countries with liquidity problem - 3 63 66 4 4 21 - 61 5

See comments below

-83-

Comments: (1) Based on final risk, after the effect of liquid guarantees and collateral. (2) Credit risk in off-balance sheet financial instruments as calculated for the purpose of a borrower's indebtedness limit. (3) Governments, official institutions and central banks. (4) Balance sheet and off-balance sheet credit risk, problematic credit risk and impaired debts are presented before the effect of the allowance for credit losses and before the effect of deductible collateral for the purpose of the indebtedness of a borrower and a group of borrowers. (5) Since, according to the directive, the risk is classified according to residency, Israeli companied, whose debt guarantors (in this case they are also the owner) have passports from these countries, were included in this item. Regarding LDC countries, the Bank doesn't rely only on this guarantee but mainly on other collateral, including non-liquid collateral. The Bank does not grant credit directly or finance projects of LDC countries. (6) Capital as defined in Proper Conduct of Banking Business Directive 202 concerning "Capital Measurement and Adequacy – The Capital Components". (7) According to the directives of the Supervisor of Banks, an exposure to the countries Portugal, Ireland, Italy, Greece and Spain is required to be disclosed in a separate row. As at December 31, 2016, the Bank has no exposure to Portugal, Greece and Spain. (8) Since, according to the directive, the risk is classified according to residency, these amounts derive from borrowers, whose guarantor to the debt (in this case they are also the owners), have a passport from Italy or Ireland. The Bank does not rely only on this guarantee but mainly on other collateral, including non-liquid collateral. The Bank does not grant credit directly or finance projects of PIIGS countries.

-84-

Table 12: Movement in the Balance of Allowance for Credit Losses Disclosure According to Pillar 3 Credit to the Public Private Banks and

Commercial Housing Other Total Public Government Total As at December 31, 2019 NIS millions Allowance for credit losses as at December 31, 2018 164 48 89 301 - 301 Provision (income) for credit losses (5) (2) 47 40 - 40 Of which: in respect of off-balance sheet credit instruments (4) - - (4) - (4) Accounting write-offs (36) (5) (81) (122) - (122) Recoveries of debts written-off in previous years 21 1 46 68 - 68 Net accounting write-offs (15) (4) (35) (54) - (54) Balance of allowance for credit losses as at December 31, 2019 144 42 101 287 - 287 Of which: in respect of off-balance sheet credit instruments 38 - 3 41 - 41

As at December 31, 2018 NIS millions Allowance for credit losses as at December 31, 2017 187 42 68 297 - 297 Provision (income) for credit losses 35 6 76 117 - 117 Of which: in respect of off-balance sheet credit instruments (2) - - (2) - (2) Accounting write-offs (79) (1) (92) (172) - (172) Recoveries of debts written-off in previous years 21 1 37 59 - 59 Net accounting write-offs (58) - (55) (113) - (113) Balance of allowance for credit losses as at December 31, 2018 164 48 89 301 - 301 Of which: In respect of off-balance sheet credit instruments 42 - 3 45 - 45

For additional details, see Note 27 - Additional Information on Credit Risk, Credit to the Public and Provision for Credit Losses to the Financial statements as at December 31, 2019, as well as the section of movement in impaired debts - risk of credit portfolio quality, in the Directors' Report.

Credit Risk Mitigation Methods (CRC) Disclosure According to Pillar 3

As part of the credit risk management, the Bank receives from its customers, collateral in order to secure the credit. Under Basel 3, in the first pillar, the Bank recognizes collateral according to the comprehensive approach, as defined in the directive. In that approach the net value of the collateral is deducted in accordance with coefficients stemming from type of asset, incongruence's in currency or term to maturity.

The types of eligible financial collateral used by the Bank in order to calculate capital adequacy are listed below, and the manner of evaluation of such collateral for risk reduction purposes:

Securities – Eligible securities pledged in favor of their owners or of a third party. The evaluation of collateral is based on the market price of the pledged security, and in accordance with the reduction coefficients from the value of the collateral that are affected, inter alia, by the number of days of holding and by the nature of the customer’s activity. The deduction rate implemented by the Bank, in some cases is at the rate of 50% in accordance with the alternative in item 151A.C of Proper Conduct of Banking Business Directive 203. In the other cases, the Bank implements a reduction mechanism at specific rates, according to the customers' activity, in accordance with agreements and subject to the terms of item 151A.C. of the directives.

Deposits and Savings Plans - Liquid means, taken as collateral by way of an offsetting letter or a lien, as necessary, and they cannot be withdrawn until they cease to serve as collateral. The value of the collateral is established according to the revaluation in respect of a withdrawal, prior to the stated maturity date.

Third Party Guarantees - Guarantees provided by third parties against a customers’ exposure. Upon the provision of the guarantee, the guarantor becomes the counterparty to the exposure, so that the risk weight, in respect of the exposure, changes. A guarantee of this type allows a mitigation of the risk-weighted assets arising from the exposure, according to the risk of the guarantor factor. Regarding guarantees provided by foreign banks against the customers' exposure, the use is carried out subject to an individual legal examination as for the validity of the guarantee in accordance with the laws that apply to it (mostly, the law of the country in which the Bank that provided the guarantee, was associated).

- 86 -

Guarantees insurance - insurance policy in respect of credit exposures to guarantees issued or to be issued by the Bank, in accordance with the Sale Law (Residences) (Securing the Investments of Buyers of Residences), 1974, and commitments to issue such guarantees and execution guarantees, all in connection with projects with respect to which project financing agreements are signed and/or to be signed with the Bank from time to time (hereinafter, jointly: the “Guarantees”). This insurance reduces the risk assets that arise from the opposite side of the transaction, by weighting the exposure at the insurance company risk.

Deduction of collateral, in order to calculate the capital ratio, is performed after the use of safety coefficients set forth in the directive. These coefficients take into account, inter alia, the collateral's term of maturity, discrepancies between linkage terms of the collateral and of the credit that it secures and volatility in the value of the collateral.

Offset - As of December 31, 2019, the amount of offsetting (offsetting between assets and liabilities) is immaterial (similar to December 31, 2018).

For information regarding risk management for concentration of collateral, see the chapter on credit risk - risk of concentration of the credit portfolio, above.

- 87 -

Credit Risk Mitigation Methods - Review (CR3) Table 13: Methods for reducing credit risk (CR3)

A A1 A2 B C D E Unsecured Secured Of which: by Of which: by collateral financial guarantees Total Total Of balance balance Of balance balance which: sheet Of which: sheet which sheet sheet amount balance amount balance amount balance )1( balance)1( secured )1( secured)2( )1( Secured: NIS millions December 31, 2019 1 Debts, excluding bonds 30,450 3,450 1,881 3,427 1,871 23 10 2 Bonds 6,867 ------3 Total 37,317 3,450 1,881 3,427 1,871 23 10 4 Of which: impaired or in arrears of 90 days or more 279 ------

December 31, 2018 1 Debts, excluding bonds 32,259 3,161 1,670 3,105 1,642 56 28 2 Bonds 4,693 ------3 Total 36,952 3,161 1,670 3,105 1,642 56 28 4 Of which: impaired or in arrears of 90 days or more 369 1 1 1 1 - -

(1) Exposure after accounting write-offs, net of provisions for credit losses (2) After multiplication by safety coefficients (haircuts), including positive adjustments added to the exposure.

- 88 -

Credit Risk According to the Standardized Approach Use of external credit ratings in the Standardized Approach to Credit Risk (CRD)

Disclosure According to Pillar 3

The capital allocation in the first pillar in respect of the credit risk in the portfolio is calculated according to the standardized approach. The credit and collateral concentration risk, as well as the credit quality risk are estimated within the second pillar. For the purpose of complying with the first pillar of the Basel directives according to the standardized approach, the Bank uses country rankings (including in order to assess the banks risk), of the ranking agency Standard & known as an eligible ranking service according to the directive. The Bank does not use information from export credit agencies. These rankings are used to determine risk weight of the following counter parties: sovereignties, public sector, banking corporations and corporate bonds. In addition, the rankings are used to determine the appropriate safety coefficient for collaterals.

Table 14 – The Mapping Table for the Rankings of the Ranking Company S&P (CRD) Disclosure According to Pillar 3 Corporate The Ranking of S&P Company Bonds Public Sector Banks Sovereigns Risk Weight (in Percentage) AAA to AA- 20% 20% 20% 0% A+ to A- 50% 50% 50% 20% BBB+ to BBB- 100% 100% 100% 50% BB+ to BB- 100% 100% 100% 100% B+ to B- 150% 100% 100% 100% CCC+ or lower 150% 150% 150% 150%

When there is no ranking for the counter party, the risk weight is calculated by the default setting in the directives of the Bank of Israel. The risk weight of banks is determined by the risk weight of the country in which it is incorporated and it is inferior by one rank from the risk weight derived from the ranking of that state. The risk weight for debts, of Israeli banks is 20%.

- 89 -

The following tables display the details of the gross credit exposure according to the risk weights while segmenting the exposure according to the counter party before and after reducing the credit risk in respect of known collateral.

The Standard Approach - Exposure to Credit Risk and Credit Risk Mitigation (CR4)

Table 15 – The Standard Approach - Exposure to Credit Risk and Credit Risk Mitigation (CR4)

A B C D E F Exposures before CCF and Exposures after CCF and RWA and RWA CRM(1) CRM(2) density Balance sheet Off-balance Balance sheet Off-balance RWA amount sheet amount amount sheet amount RWA(3) Density(4) NIS Millions Types of properties As at December 31, 2019

Sovereignties Debts 10,845 - 10,845 - - 0% Public sector entities Debts 433 262 433 93 105 20% Banking corporations Debts 1,058 330 1,069 73 228 20% Corporations Debts 8,893 3,785 7,569 1,444 8,616 96% Secured by commercial real estate Debts 2,332 3,017 2,238 548 2,793 100% Retail to individuals Exposures 5,223 1,407 5,152 195 4,033 75% Small businesses 798 376 720 73 600 76% Housing mortgages 9,507 685 9,507 62 4,510 47% Other assets 1,382 34 1,383 17 781 56% Total 40,471 9,896 38,916 2,505 21,666 52% Of which: Loans in arrears(5) 279 23 279 21 374 125%

Types of properties As at December 31, 2018

Sovereignties Debts 12,131 - 12,131 - - 0% Public sector entities Debts 289 89 293 25 63 20% Banking corporations Debts 837 - 861 3 173 20% Corporations Debts 8,765 3,956 7,482 1,064 8,603 101% Secured by commercial real estate Debts 2,077 3,522 2,030 1,245 3,275 100% Retail to individuals Exposures 4,711 1,406 4,641 197 3,647 75% Small businesses 773 351 690 70 572 75% Housing mortgages 8,833 517 8,831 36 4,145 47% Other assets 1,414 30 1,414 15 736 53% Total 39,830 9,871 38,373 2,655 21,214 52% Of which: Loans in arrears(5) 372 367 479 131%

See comments below

- 90 -

Comments:

(1) Exposure after charge-offs, net of allowance for credit losses.

(2) Exposure after charge-offs, net of allowance for credit losses, after application of a credit conversion factor and implementation of credit-risk mitigation methods. The amount of the exposure covered by guarantees is transferred to the debt of the counterparty that granted the guarantee.

CCF - Credit Conversion Factor

CRM - Credit Risk Mitigation

(3) RWA - Risk Weighted Assets

(4) Ratio of risk-weighted assets to total exposures in columns C and D.

(5) Due to immateriality, the balance includes off-balance sheet loans in arrears.

(6) Balance of credit risk assets.

- 91 -

The Standard Approach - Exposures by asset types and risk weights (CR5) Table 16: The standard approach – Exposures by asset types and risk weights (CR5) See Note (1) to the table

A C D E F G H I J

0% 20% 35% 50% 60% 75% 100% 150%3 Total

NIS Millions

As at December 31, 2019 1 Sovereignties 10,845 ------10,845 2 Public sector entities - 526 ------526 3 Banking corporations - 1141 - - - - 1 - 1,142 5 Corporations - 517 - 1 - - 8,462 33 9,013 6 Secured by commercial real estate ------2,772 14 2,786 7 Retail to individuals - - - - - 5,315 3 29 5,347 8 Small businesses - - - - - 786 1 6 793 9 Housing mortgages 5,2 - - 15 2,260 584 1,351 93 66 9,569 11 Other assets 644 - - - - - 704 52 1,400 12 Total 5,2 11,489 2,184 15 2,261 584 7,452 12,036 200 41,421 10 Of which: Loans in arrears 152 148 300 11a Of which: In respect of shares 252 - 252 As at December 31, 2018 1 Sovereignties 12,131 ------12,131 2 Public sector entities - 318 ------318 3 Banking corporations - 864 ------864 5 Corporations - - - 1 - - 8,431 114 8,546 6 Secured by commercial real estate ------3,272 3 3,275 7 Retail to individuals - - - - - 4,812 4 22 4,838 8 Small businesses - - - 1,830 - 755 1 4 760 9 Housing mortgages 5,2 - - 52 - 173 1,459 73 80 8,867 11 Other assets 716 - - - - - 668 45 1,429 12 Total 5,2 12,847 1,182 52 1,831 173 7,026 12,449 268 41,028 10 Of which: Loans in arrears ------144 223 367 11a Of which: In respect of shares ------214 - 214

See comments below.

- 92 -

Comments: (1) Exposure after accounting write-offs and allowances for credit losses. Not including the trading portfolio. Presentation of derivative financial instruments according to the standardized approach, after multiplying by conversion coefficients of off-balance-sheet exposures. (2) Including loans in arrears of 90 days or more, or non-accruing interest impaired debts or investments in hedge/ venture-capital/ private equity funds (see also "Shares in the Banking Portfolio" subsection, further to this section).

- 93 -

Counterparty credit risk

Disclosure According to Pillar 3

Qualitative Disclosure of Counterparty Credit Risk (CCRA)

The credit risk, which arises from transactions with financial instruments, is derived in relation to the counter party. The risk that the counterparty to an OTC (over the counter) transaction may default before the final settlement of cash flows in the transaction. Loss results if, when the counterparty defaults, there are transactions with the customer with a positive economic value. This risk is measured by activating coefficients set forth in the directive concerning the par value of the transactions and in accordance with the risk weight of the counter party. These exposures are concentrated in the Bank’s activity with customers, banks in Israel, and banks abroad. The action is performed after activity limits are set for customers, and compliance with these limits is monitored routinely. This monitoring includes current revaluation of transactions with customers at market prices (mark to market), assessments of potential risk according to the type of instruments and market risks, and suitable collateral requirements. Limits and collateral are examined routinely. Procedures and rules have been established for control and for working with customers. The Bank applies the historical scenarios method and additional internal models, at the level of the transaction and the customer, to determine the required collateral. The risk is managed through legal netting agreements and routine supplementation of collateral, using qualifying collateral and guarantees (through CRM). Accordingly, scenarios were defined based on measurement groups with different risk levels in the calculation of the total exposure (subject to the existence or non-existence of netting agreements) and the holding period (subject to collateral supplementation agreements). These scenarios periodically undergo validation processes, such as examination of their durability in times of financial crisis. The capital allocated in the report is calculated according to the principles detailed in appendix C to Proper Conduct of Banking Business Directive No. 203. Beyond the capital allocation performs for a counterparties' credit risk in Pillar 1, performed in accordance with the regulatory directives, the Bank examines the economic risk and the need to allocate additional capital to this exposure, as part of Pillar 2. In addition to the Bank's activity with customers, there is also activity with banks abroad. Credit exposure in activity with banks overseas mainly derives from the following activities: deposits of surplus liquidity, receiving guarantees as collateral for customers, activity in derivatives, clearing activity and purchases of bonds of banks. - 94 -

The Bank’s activity with banks abroad is based on limits of exposure approved annually, examined routinely, and updated as necessary. The Bank acts in derivatives mainly with banks with which it has ISDA agreements and CSA agreements. The Bank has clearing Agreements in CLS (Continuous Linked Settlement) through a big international Bank with a high rating, which is a CSA clearing house member. There are currencies and transactions that clear two- sided. IRS interest derivatives in euro and dollar currencies are cleared at the LCH clearing house through Commerzbank, which is a clearing house member. The rest of the transactions are cleared two-sided. The clearing house LCH is expected to start clearing derivatives also in NIS starting March 23, 2020. Commerzbank, which represents Union Bank at the clearing house, has notified the Bank that it does not intend to develop and support this activity. Accordingly, the Bank is in negotiations to select the representing bank for it. Note that the ability to clear derivatives in NIS at a clearing house is expected to reduce the Bank’s exposure to foreign banks. In order to calculate the credit risk exposure in respect of derivative financial instruments, the Bank implements the current exposure method, as established by the directive. According to this method, the credit risk in respect of derivative financial instruments includes the amounts of the positive fair value of the derivatives in the Balance Sheet plus add-on values in respect of potential credit risk calculated by multiplying the face values of the derivatives by coefficients set in the directive, which take into account the base asset of the instrument and its term to maturity. The Bank performs offsetting in derivative transactions for capital adequacy purposes, under fulfillment of the conditions detailed in Proper Conduct of Banking Business Directive No. 203.

In addition, the Bank works with a number of foreign financial institutions in order to receive custodian services in activity with foreign securities.

- 95 -

Analysis of exposure to counterparty credit risk (CCR) by supervisory approach (CCR1)

Table 17 – Analysis of exposure to counterparty credit risk (CCR) by supervisory approach (CCR1):

A B E F A B E F Replacem Potential EAD RWA Replacement Potential EAD RWA ent cost(1) future after cost(1) future after exposure(2) CRM(3) exposure(2) CRM(3)

As of December 31, 2019 As of December 31, 2018 NIS millions 1. Present exposure method - 497 413 129 310 410 640 186 6. Total - 497 413 129 310 410 640 186

(1) Replacement cost - for transactions that do not meet the replacement cost margin requirements, is the loss that will occur if an opposite party fails and its transactions are immediately closed. For transactions with margin, it is the loss that will occur if an opposite party enters a default, now or in the future, assuming the closing or the exchange of the transactions occurs immediately. However, closing a transaction to the opposite party when a failure occurs will not necessarily be immediate. (2) Future potential exposure is any potential increase in exposure between the current time and the end of the margin risk period. (3) Exposure while failure. Refers to the amount of the current exposure (MTM) and the potential exposure (as mentioned in section 2 above), after Credit Valuation Assessment (CVA).

- 96 -

Capital allocation in respect of revaluation adjustment to credit risk (CVA) (CCR2)

Table 18 – Capital allocation in respect of revaluation adjustment to credit risk (CVA) (CCR2)

A B A B EAD EAD after CRM RWA after CRM RWA NIS Millions December 31, 2019 December 31, 2018 Total portfolios in respect of which CVA is calculated according to the standardized approach 235 93 426 75

Exposures to counterparty credit risk (CCR) by risk portfolio and risk weights (CCR3, CCR8) Total exposures arising from counterparty credit risk are immaterial. Total replacement cost totals to NIS 0 million, as at December 31, 2019 (NIS 310 million as at December 31, 2018).

Composition of collateral in respect of exposure to counterparty credit risk (CCR) (CCR5) The amount of collateral used as risk mitigates is immaterial. Total collateral as at 31 December 2019 is NIS 84 million (NIS 80 million as at 31 December 2018).

Exposure to credit derivatives (CCR6) As at December 31, 2019, the bank does not use credit derivatives for the purpose of managing the credit portfolio's risks.

- 97 -

Market Risk

Disclosure According to Pillar 3

Market risk is the risk of loss arising from change in the fair value of financial instruments due to changes in market conditions (prices levels, interest rates, exchange rate, inflation, prices of shares and commodities).

Market Risk Management (MRA) The Board of Directors delineates the market-risk management framework, and reviews the policy document of the Bank on at least an annual basis. The Board of Directors discusses, decides, and establishes guidelines with respect to the market-risk management policy of the Bank and its business objectives, in accordance with the procedure for the work of the Board of Directors. The Board of Directors reviews the market-risk management process and ensures the existence of effective processes for the identification, measurement, monitoring, and control of the market risks, as well as adjustment of the market risks profile of the Bank to the risk appetite established, inter alia, by a quarterly review of the risk document. The main activities of the Board of Directors related to the management of market risks during the period under review are described below:  Discussions of the Bank's market-risk management policy, and of the management of interest-rate risks in particular, as well as of business strategies that affect the Bank's exposure to market risk.  Discussions of relevant business objectives and of the effect of the work plans and the strategic plans on the market-risks profile.  Approval of a corporate structure that supports the management of market risks, including definition of the managerial functions involved in the process of managing market risks, and the responsibility assigned to each unit.  Quarterly discussion of the risk document, in relation to the market risks and the exposure to them; with exceptions from the policy document, if occurred; and ensuring that the market-risk profile of the Bank is consistent with the established risk appetite.  Discussion and approval of the models and measurement methods used in the market- risk management process. Within this process, a measurement of spread risk, interest- rate basis and scenarios for sensitivity to non-parallel changes in interest-rate curves, were approved and the main assumptions used in the management of interest-rate risk, were examined. - 98 -

 Discussion of the results of the model validation process and of the back-test process (As part of the risk document).  Annual structure review of the stress scenarios in the market risks field including the main assumptions.  Discussion of the allocation of capital in respect of market risks, within Pillar 2.  During the approval of new products, discussion of their effect on the market risks.  Discussion of main gaps in the management quality, including in the infrastructure, computer systems and work processes.

The organizational structure for market-risk management is based on corporate-governance rules, and includes the three lines of defense, in accordance with the definitions specified in Proper Conduct of Banking Business Directive 310. Exposures to market risks are created at the Financial Management Division, primarily by the dealing room and the proprietary unit, within the limits established by the Board of Directors. In addition, the asset and liability management unit of the Bank is responsible for the management of the Bank's assets and liabilities portfolio in the current banking activity (not including the proprietary unit) in order to maintain the exposure to market risks within the limits of the risk appetite and risk tolerance as defined by the Board of Directors. The Dealing Room is responsible for market making and management of initiated positions in various areas of market exposures (linkage base, interest rate, options) based on the limits set by the Board of Directors. In general, most of the activity in the dealing room is activity with customers. The Proprietary Unit manages the Bank's proprietary investments, and includes investments in various financial products (such as government bonds, corporate bonds, structured bonds, bonds denominated in foreign currency, interest derivatives etc.). In addition, the proprietary unit performs accounting hedging activities. Every activity in the field is coordinated in advance with the Finance Division. The proprietary activity creates a material exposure to market risks such as index base risks, interest and shares risks that is managed in the market risks management policy. The activity is carried out in the banking portfolio and in the trading portfolio. The ALM Unit and liquidity is responsible for establishing and publishing benchmark prices and managing the gap (exposure) between assets and liabilities arising from the routine operations of the Bank. The activity of the ALM is carried out only in the banking portfolio.

- 99 -

The activity in these units is examined on a daily basis by the middle office in the Financial Management Division and once a week it is being discussed within the forum for financial issues.

Middle Office in the Financial Management Division is used a first line of defense for market risks, including inter alia, checking the compliance and adapting the activity and the exposures of the Bank within the exposure limits determined and approved by the Board of Directors as well as measuring and reporting about the business activity of the division. The middle office is responsible for creating an overall risk view and for reporting it to the financial issues management forum.

The following are the main guiding principles in the management of exposure to market risks:  Market risks shall be managed from an integrative corporation-wide perspective, throughout the management chain, and across business units, while using consistent methodologies and terminology.  Risks shall be managed based on a forward-looking approach, encompassing ongoing identification of new or developing risks alongside ongoing monitoring of existing risks.  Risk-management processes shall include all of the risks related to the Bank, on and off balance sheet, quantifiable and unquantifiable, at the level of the Bank as a whole, portfolios, and business lines, taking into consideration the degree of overlap among risks.  The Bank shall operate solely in markets and instruments with respect to which it has the ability to assess and manage the inherent risks.  The Bank shall operate solely in markets and instruments with respect to which it possesses the knowledge and expertise to assess the risks inherent in such activities and in the management thereof.  In general, the Bank shall operate in markets and instruments characterized by a high level of liquidity, so that trading transactions can be performed at a reasonable cost and time.

- 100 -

Over the last year, a transition was made from measurement of the overall interest-rate risk of the Bank, in all currencies and in foreign currency, in terms of DV1, to measurement in terms of DV2, similarly to the measurement in the banking book. Limits have been expanded accordingly. In addition, on May 30, 2019, the Board of Directors approved a proposal to update interest rate and basis VaR using the hybrid method, while eliminating the parameter method.

Routine monitoring and control processes are performed in the first line of defense, while monitoring of actual exposures against limits, in a breakdown by business lines and by risks; flooding alerts regarding deviations or proximity to limits; monitoring the risk factors in the financial markets; monitoring of the correction of deficiencies and findings of internal and external audit reports; obtaining of transaction approvals from the counterparty; analysis of the exposures while focusing on vulnerable areas and analysis of risk concentrations; and production of a daily status snapshot of the principal exposures in the various fields. The Financial Management Division is responsible for monitoring a list of indicators; when one or more of the indicator materializes, the need to update the activity framework is examined, subject to discussion and approval by management and the Board of Directors.

In addition, the measurement of the second line of defense is being controlled. During 2019, no deviations from total defined market risk limits were observed.

The Bank manages and monitors its operations with the help of various systems, including trading systems such as Bloomberg and Reuters, and specialized risk measurement systems.

Within the overall risk assessment process, the structured risk and the quality of risk management are assessed, based on questionnaires, with a breakdown by trading units and the lines of defense. As part of this process, the effectiveness of controls over market risks is determined.

The Bank does not operate in the area of securitization. If it decides to operate in this area, the Bank shall request the approval of the Supervision.

- 101 -

Market Risk in the Standardized Approach (MR1) Table 19 – Market Risk in the Standardized Approach (MR1)

As at December As at December 31, 2019 31, 2018 Amounts NIS millions Direct products Interest-rate risk (general and specific) 306 346 Shares position risk (general and specific) 38 30 Exchange rate risk 172 60 1 Optionality - - Delta-plus approach 28 22 Total 544 458

- 102 -

Additional information on market risk that is not included in the disclosure requirements of Pillar 3: Market Risks Assessment and Control Other

The market risks to which the Bank is exposed are described below: Interest-Rate Risk – Exposure to loss arising from the effect of movements in interest rates on the profits or capital of the corporation. Interest-rate risk has five risk factors. The Bank determines measurements and limits to each of the risk factors.  Re-pricing Risk – Risk arising from timing differences in terms to maturity (in fixed interest rates) and re-pricing dates (in floating interest rates) of assets, liabilities, and off-balance-sheet positions of the corporation. Incompatible re-pricing dates may expose profits and economic value to unexpected fluctuations due to changes in interest rates.  Yield Curve Risk – Risk arising from unexpected movements in the yield curve, with a negative effect on the profits or economic value of the corporation (such as flattening of the curve – a small gap between short-term and long-term interest rates, or steepening – a large gap in favor of long-term interest rates relative to short-term interest rates).  Interest Basis Risk – Risk arising from different behavior of interest-rate curves in different financial markets or in different instruments with similar pricing characteristics. These differences may lead to changes in the cash flows and in the revenue spread between assets, liabilities, and off-balance-sheet instruments with apparently similar characteristics (similar terms to maturity). For further details, see the section "Interest Rate Risk in the Banking Portfolio (IRRBB) and in the Trading Portfolio".  Spread Risk – The risk of erosion of the future financial spread due to possible changes in the market.  Optionality Risk – Risk arising from change in the timing or volume of the cash flow of a financial instrument due to changes in market interest rates.

- 103 -

Basis Risk – Exposure to loss arising from the effect of changes in price bases on the corporation's profits or capital, including through the effect on off-balance-sheet items. Price basis risks include a range of types of risk: exchange rate, inflation, shares and options.  Exchange-Rate Risk – The exposure to loss arising from the effect of changes in exchange rates on the corporation's profits or capital, including through the effect on off-balance-sheet items.  Inflation Risk – The exposure to loss as a result of the effect of changes in the consumer price index on the corporation's profits or capital resulting from CPI-linked instruments, including through the effect on off-balance-sheet items.  Shares Risk – The exposure to loss as a result of the effect of changes in shares prices on the corporation's profits or capital, including through the effect on off-balance-sheet items. For further details, see the section “Shares Risk”.

Options Risk – Exposure to loss as a result of changes in parameters that affect the value of the options.

Market-risks position is managed using the instruments existing in the market, with precedence given to balancing the exposures through the activity with the customers of the Bank (deposits, credit and derivatives). The Bank operates in the interest-rate market, the foreign-currency market, the credit market, and stock markets in Israel and overseas, to hedge and manage balance-sheet exposures, to hedge and open positions in the Bank's proprietary portfolio, and for customers of the Bank for whom the Bank acts only as an intermediary. The Bank's activity with derivative instruments is managed so that the exposure is negligible. Note that the activity with derivatives, although sometimes its goal is to reduce the exposure to various risks, creates other risks, including credit risks of a counterparty (CCR), clearing risk, market risk and operational risks. For further details, see the section "Counterparty Credit Risk".

Market-risks position is managed using the instruments existing in the market, with precedence given to balancing exposures through activity with the Bank's customers (deposits, credit, and derivatives). Position management considers the following goals: A. Short-term positions in order to generate profit from changes expected in the market in the short term. B. Long-term interest-rate positions intended to take advantage of long-term trends in interest rates and in linkage bases. - 104 -

C. Balancing and hedging assets with similar characteristics. D. Handling surplus resources, while also taking liquidity needs into account. E. Investment in shares within the non-financial investment limits of the Bank, with the aim of increasing the Bank's yield. F. Management of the Bank's foreign-currency positions, as part of market making in foreign currency for customers, and positions management aimed at taking advantage of opportunities in the markets, within the Bank's risk appetite.

The policy establishes a hierarchy of authority for decision-making in the area of market risks. For key limits, the Financial Management Division, which serves as the first line of defense, can use its authority up to a certain level, beyond which the approval of the management forum on financial matters or of the management, is required. In addition, the Head of the Financial Management Division is authorized to approve migration of credit facilities between the Proprietary Unit and Asset and Liability Management, in accordance with established thresholds, beyond these thresholds management forum approval is required.

Market Risks Management Models Disclosure According to EDTF / Other

Market risk measurement and assessment are key components in the process of managing the market risks, and are the foundation for monitoring and reporting processes and for ensuring the adequacy of the expected return in relation to the market risk. The measurement encompasses all of the market risk factors identified in the products and in the balance-sheet and off-balance-sheet activities of the Bank, through a VAR (value at risk) model that presents the potential risk (the possible decline in value over a given period of time). In general, the calculation is performed daily, using two methods, at a confidence level of 99%. Until June 14, 2019, the calculation was performed using the parameter approach and the historical approach. The parameter approach, in which deviations were recorded during the back-test process, was eliminated as of that date; instead, hybrid VaR measurement was added (an approach combining a historical approach with decay factors). In addition to the VAR model, the Bank applies holistic stress scenarios (Stress) and interest rate risk in particular. The goal of the stress scenarios is to assess the potential effect of an exceptional event or of a series of exceptional events on the materialization of risks, and the effect thereof on the stability of the Bank. The scenarios are based on "exceptional but plausible" events that may materialize in the economic environment in which the Bank - 105 -

operates. The scenarios concern a range of market risks, and include references to basis risks, interest-rate risks, shares risks and options risks. These scenarios are based on historical and theoretical fluctuations in the currencies and markets in which the Bank operates. The holding period examined is defined according to the risk factor, with a division between the banking portfolio and the trading portfolio. The list of scenarios is reviewed on at least an annual basis and updated as necessary from time to time, according to developments in the markets. The scenarios are presented to management and the Board of Directors for discussion, examination, and approval.

As a complement to the VAR tests and as part of the validation of the model, the Bank performs back tests for each risk factor separately. The quality of the model is examined using the results of the back test and in accordance with the stoplight method. In this method, the results of the back test are classified into three zones: red, yellow, and green, according to the number of deviations. A minimum of 250 observations are required in order to determine the stoplight zone. All measurements are in the "Green Zone", except for VAR options, for which the Back Test measurement is weekly, so insufficient observations have yet to be gained. In addition, insufficient observations were cumulated in order to assess the model quality (interest and base) in the hybrid approach.

Table 20 – Concentration of the Overall Market Risk Limitations and the Actual Exposure in NIS Millions Limit Actual 31.12.2019 31.12.2018 31.12.2019 31.12.2018 Total VAR Overall market exposure (2) 160 160 64.6 78.7 Total VAR Overall market exposure in the trading portfolio(2) 50 50 6.8 8.6 Interest (1) VAR Overall interest exposure (2) 150 150 25.4 43.8 Interest (1) Overall DV(3),(4) 16.0% 7.5% 3.5% 3.2% Basis VAR Basis (2) 60 60 12.8 17.2 Shares VAR Shares (2) 30 30 20.6 15.4 Options VOL/SPOT scenarios 28 28 4.8 1.9

See comments below.

- 106 -

Comments: (1) When calculating the total, reductions of the interest-rate risks in respect of correlations, are taken into account in the interest exposures and in the foreign currency base between various currencies and over the periods in the banking portfolio and the trading portfolio separately. (2) VAR measurement in the banking portfolio for a calendar month and in the trading portfolio for 10 days. (3) The interest exposure at overall DV terms had been updated from presentation of the data in NIS millions to presentation of data in terms of percentage from equity. (4) As at June 2019 the limit and measurement are in DV2 terms, comparison numbers are shown in DV1 terms.

Management of Positions in the Trading Portfolio Other

The trading portfolio is composed of positions in financial instruments held for trading purposes for the short term, or for the purpose of hedging other components of the trading portfolio. The trading portfolio includes assets which can be revalued to-market prices daily (MTM), by referring to an active or quoted liquid bilateral market, with no known limits that could impede the Bank's ability to immediately liquidate the exposure. The Bank manages market risk in the trading portfolio. Exposure in this portfolio is immaterial relative to the overall portfolio and to the limits established for the portfolio. Exposures in the trading portfolio are tracked against the limits on a daily basis.

Reference to Events after the Balance-Sheet Date Other

The Bank closely monitors developments in the markets, in macro-economic data, and in regulation and legislation that apply to or may affect the Bank, and which, together with its corporate strategy and existing activity mix, may expose the Bank to significant risks The spread of the coronavirus in the world and its' arrive to Israel has evoked worry and uncertainty. In the immediate term, stock markets in China and leading indices worldwide have dropped, and there are concerns over cooling of global economic activity. The Bank is monitoring the impact of the spread of the virus on the various risks relevant to the activity of the Bank, and preparing to act in accordance with the developments.

- 107 -

Interest-Rate Risk in the banking book (IRRBB) and in the trading portfolio

Objectives and targets in the management of interest rate risk in the banking book

The Bank measures and manages interest-rate risk for its overall portfolio while separating the banking portfolio and the trading portfolio, while referring to the risks deriving from ALM activity, as a result of the banking activity and from the proprietary activity and the dealing room. The banking portfolio includes all the positions not attributed to the trading portfolio. For the definition of the trading portfolio, see the section "Managing positions in the trading portfolio" above. Interest-rate exposure management policy is aimed at maintaining desirable exposure levels in each of the linkage segments to which the Bank is exposed, according to market forecasts and the targeted risk levels, and based on the limits set by the Board of Directors. The main exposures are taken in the shekel segment, in the CPI-linked shekel segment and in the USD segment. Interest-rate exposure is measured on a daily basis for the following currencies: unlinked shekel, CPI-linked shekel, U.S. dollar, Euro, JPY, Swiss Franc, and Pound Sterling. Measurement of the interest-rate exposure takes into account, inter alia, working assumptions regarding the rate of early settlements in mortgages in fixed interest rate, and working assumptions regarding the rate of withdrawals at optional exit points in saving plans based on the historical behavior of the depositors. Part of the balances of the current account in NIS and in foreign currency are recognized as a long term stable funding source and are deployed over a period of seven years depending on the type of depositor. In addition, partial stability balances are recognized as a short-term funding source, up to one year. The rest of the balances of the current accounts are defined without a defined maturity date. Considering the interest-rate assumptions, the average duration of the balance sheet liabilities reaches approximately 0.9 years in the unlinked segment and approximately 0.65 years in the foreign currency segment. The work assumptions when calculating the interest exposure measurement, are reviewed once a year at least, are examined at a frequency defined in the validation policy and are set before the Risk Management Committee of the Board of Directors and the Board of Directors' plenum, for discussion and approval.

- 108 -

The models are validated independently of the construction of the model, in accordance with the guidelines for model validation and the validation policy of the Bank. An indication of residual risk is determined for each model, according to the risk of the model and the usefulness of the model, and used to determine periodic validation processes. In addition, a routine Back Test process is used to assess the quality of the model and its estimates of actual results.

Interest-rate exposure is measured by various measurement techniques: A. DV (Delta Value) - Meant to examine the sensitivity of the economic value to a parallel shift in the interest rate curve ("re-pricing" risk) by calculating the effect on the NPV. The DV calculations are performed based on re-pricing the portfolio in a scenario of interest increase and in a scenario of interest decrease of 1%-4% and re-discounting of the future flows. The exposure is determined as a loss in one of the scenarios (interest increase or decrease). The measurement is performed with the division between the banking portfolio and the trading portfolio and at the level of trading units while detailing the effect of the various instruments in each linkage sector. B. VAR (Value at Risk) - Measures the potential risk to the portfolio at a confidence level that is no less than 99% and for a holding period of 10 business days in the trading portfolio and a month in the banking portfolio. The measurement is carried out using a cash flow deployment over the following periods: Periods of one to 30 years across the curve points, parametric approaches (equal weights and exponential approach) and the historical approach. C. Sensitivity Tests – the Bank performs sensitivity tests in order to assess the yield curve risks (exposure to loss as a result of a non-parallel change in the curve) the spread risk and the interest base risk (exposure to loss in respect of change of interest curves in a different intensity or direction between balance sheet products and off-balance sheet products), calculated by the calculation of the effect on the NPV. The measurement is performed on a daily basis with the division between the banking and trading portfolios and at the level of trading units. For an explanation of the risk factors of the interest rate, see the section "Market Risk Assessment and Control" above. D. Stress tests – the Bank uses Stress Scenarios, which are based on "exceptional but plausible" events that may materialize in the economic environment in which the Bank operates. The stress scenarios reflect materialization of all of the interest-rate risk factors, at varying degrees of intensity. Within the stress scenarios, the internal assumptions are adjusted to the intensity of the change in interest rates in the various scenarios. The effect in stress situations is an increase in the overall interest-rate exposure. Also see the section “Market risk management models.” - 109 -

For the purpose of risk management, the exposure limits established are monitored daily and compliance with the key limits is reported.

The Bank set limits for each of the measurements.

An analysis is presented within the quarterly risk document of the development of the gap between economic value, as calculated in the Bank’s risk-management processes, and fair value, as calculated in the financial statements according to the accounting principles, and balance sheet shareholders’ equity, and the main reasons for this gap are described. Also see the section “Market risk management models.”

In addition, the following main committees are specified within corporate governance for risk management: the risk management committee of the Board of Directors, the management forum for financial affairs, the ALM forum, and the nostro forum.

- 110 -

Quantitative information on interest risk in the banking book and in the trading portfolio Table 21 - Net Adjusted Fair Value of the Financial Instruments of the Bank and its Subsidiaries See note (1) to the table Foreign Foreign NIS- Foreign Foreign Total NIS NIS- Currency- Currency- NIS Linked Currency- Currency- Unlinked Linked USD Other Total Unlinked USD Other December 31, 2019 December 31, 2018 NIS million (2) Financial assets 30,289 6,294 2,875 1,976 41,434 30,162 5,517 3,132 851 39,662 Other Amounts receivable in respect of derivative, complex

and off-balance-sheet financial instruments 28,066 710 20,446 5,388 54,610 19,107 403 21.077 4,390 44,977 (2) Financial liabilities 27,854 4,531 4,783 1,386 38,554 27,567 3,506 5,317 1,392 37,782 Other Amounts payable in respect of derivative, complex and

off-balance-sheet 29,489 868 18,496 5,881 54,734 21,164 1,091 18,767 3,795 44,817 Net fair value of financial instruments 1,012 1,605 42 97 2,756 538 1,323 125 54 2,040 Effect of employee rights liabilities - (548) - - (548) - (487) - - (487) The effect of deployment for periods of deposits on demand 37 - 48 (1) 84 111 0 77 2 190 Net Adjusted fair value 1,049 1,057 90 96 2,292 649 836 202 56 1,743 Of which: banking portfolio 632 1,169 104 38 1,943 1,055 914 211 39 2,219

(1) Net fair value of financial instruments, excluding non-monetary items, and after impact of liabilities for employee rights and attribution to periods of demand deposits. For further details regarding the assumptions used to calculate the fair value of the financial instruments, see Note 30.C – The main methods and assumptions for Fair Value Estimations of the Financial Instruments to the Financial Statements as at December 31, 2019. (2) Excluding balance sheet balances of derivative financial instruments, fair value of off-balance-sheet financial instruments and fair value of complex financial instruments.

- 111 -

Table 22 – Effect of scenarios of Changes in the Interest Rates on the Adjusted Net Fair Value of the Bank and its Subsidiaries See note (1) to this table December 31, 2019 December 31, 2018 Unlinked CPI- Foreign Foreign Total Unlinked CPI- Forei Foreign Total NIS linked currency currency NIS linke gn Curren NIS – – other d curre cy- USD NIS ncy – other USD NIS millions

Parallel changes 1% parallel increase 1,004 1,037 86 99 2,226 626 794 188 60 1,688 Of which: banking book 527 1,133 225 107 1,992 983 855 257 48 2,143 1% parallel decrease 1,202 1,077 58 91 2,428 692 879 189 49 1,809 Of which: banking book 738 1,187 169 96 2,190 1,127 966 197 36 2,326

Non-parallel changes Steepening 2 1,018 1,011 95 97 2,221 629 815 207 60 1,711 Of which: banking book 603 1,126 109 39 1,877 1,043 894 217 42 2,196 Flattening 3 1,045 1,014 90 97 2,246 644 795 196 55 1,690 Of which: banking book 625 1,123 106 39 1,893 1,042 871 206 38 2,157 Increase in short-term interest rate 909 908 82 99 1,998 551 719 182 59 1,511 Of which: banking book 489 1,018 96 42 1,645 953 794 192 42 1,981 Decrease in short-term interest rate 1,191 1,211 97 93 2,592 748 957 221 53 1,979 Of which: banking book 778 1,324 112 35 2,249 1,160 1,037 231 36 2,464

(1) Net fair value of financial instruments (excluding non-monetary items) and after effect of employee rights liabilities and attribution to periods of demand deposits. (2) Steepening- a decrease in the interest rate in the short term, and an increase in the interest rate in the long term. (3) Flattening- an increase in the interest rate in the short term, and a decrease in the interest rate in the long term.

- 112 -

Table 23 – The effect of scenarios of changes in interest rates on net interest income and non-interest financing income

Non- Non- Interest Interest Interest financial Interest financial income income Total income income Total NIS Millions

December 31, 2019 December 31, 2018 parallel changes

1% parallel increase 107 46 153 91 53 144 Of which: banking book 107 44 151 93 57 150 1% parallel decrease (60) (48) (108) (42) (55) (97) Of which: banking book (60) (49) (109) (44) (63) (107)

- 113 -

Table 24 – Total exposure of the Bank and its subsidiaries to changes in interest rates

Over 3 Over 1 Over 3 On Over 1 Over 5 Over 10 months year up years up Reported amounts demand month up years years up to 1 to 3 up to 1 to 3 to 5 up to 10 up to 20 month months year years years years years NIS millions As at December 31, 2019

Financial assets* 12,533 4,707 4,870 5,912 3,669 4,017 3,531 Other amounts receivable** 14,997 16,727 11,330 4,713 2,958 3,721 31 Financial liabilities* 21,384 4,305 2714 4,435 3,370 2,016 112 Other amounts payable** 15,376 15,097 11,216 5,260 3,138 4,321 318 Exposure to changes in interest rates (9,230) 2,032 2,270 930 119 1,401 3,132 Additional details of exposure to changes in interest rates

A. By nature of activity Exposure in the banking book (9,157) 938 2,397 5,940 2,182 (4,915) 3077 Exposure in the trading book (73) 1,094 (127) (5,010) (2063) 6,316 55 (9,230) 2,032 2,270 930 119 1,401 3,132 B. By linkage base Israeli currency unlinked (6,973) 1,071 1,177 1186 (36) 1,743 1,786 Israeli currency CPI-linked 68 1 420 31 277 (296) 366 Foreign currency (including foreign currency linked) (2,325) 960 673 (287) (122) (46) 980

C. Effects on exposure to changes in interest rates Effect of employee benefit liabilities 6 (5) (19) (49) (53) (142) (173) Effect of spreading over periods of on-demand deposits 2,505 - - (877) (862) (682) - Effect of early repayments of housing loans 6 (82) 279 171 10 (102) (279) Effect of other behavioral assumptions 30 26 68 (63) (26) (29) (9)

See comments below. - 114 -

Table 24 – Total exposure of the Bank and its subsidiaries to changes in interest rates (cont'd)

No Internal Effective Internal Effective maturit rate average rate average Over 20 y Total fair of return Total fair of return Reported amounts duration duration years period value value NIS millions As at December 31, 2019 As at December 31, 2018 Financial assets* 1,341 854 41,434 2.42% 1.8 39,662 3.16% 1.3 Other amounts receivable** 133 - 54,610 1.2 44,977 1.1 Financial liabilities* 21 114 38,471 0.51% 0.7 37,593 0.60% 0.5 Other amounts payable** 555 - 55,281 1.4 45,303 1.4 Exposure to changes in interest rates 898 740 2,292 1,743

Additional details of exposure to changes in interest rates a. By nature of activity Exposure in the banking book 759 722 1,943 ***0.3 2,219 ***0.3 Exposure in the trading book 139 18 349 ***0.1 (476) ***0.1 898 740 2,292 b. By linkage base Israeli currency unlinked 422 673 1,049 ***0.2 649 ***0.3 Israeli currency CPI-linked 163 27 1,057 ***0.7 836 ***1.0 Foreign currency (including foreign currency linked) 313 40 186 ***0.4 258 ***0.2 c. Effects on exposure to changes in interest rates Effect of employee benefit liabilities (113) - (548) 0.17% 13 Effect of spreading over periods

of on-demand deposits - - 84 1.03% 3.3 Effect of early repayments of

housing loans (20) - (17) 4.44% 0.8 (487) 1.91% 9.9 Effect of other behavioral

assumptions - - (3) 2.10% 0.1 190 2.35% 3.3

See comments below.

- 115 -

Comments:

* Excluding balance sheet balances of derivative financial instruments, fair value of off-balance sheet financial instruments and fair value of complex financial instruments. After the effect of deployment for periods of on-demand deposits.

** Amounts to receive and pay for derivative, complex and off-balance sheet financial instruments, following the effect of employee rights obligations. Complex financial instruments are designated for periods based on the effective average life of each instrument, as exposure to their interest rates cannot be reflected by sorting by maturity and cash flows or the closest date of renewal of interest rates.

*** Weighted average at fair value of effective average life.

General notes to the table: 1. Further details regarding the exposure to changes in interest rates in each segment of the financial assets and financial liabilities, according to the various balance sheet items, will be provided upon request. 2. In this table, the data by period represent the present value of future cash flows of each financial instrument (except non-monetary items) and of other amounts receivable and payable, after the effect of employee benefit liabilities and spreading over periods of on-demand deposits, as explained in note 3 below, capitalized at the interest rates that discount them to the fair value included in respect of the financial instrument in Note 30A to the Financial Statements as at December 31, 2019, in consistency with the assumptions used to calculate the fair value of the financial instrument. For further details regarding the assumptions used to calculate the fair value of the financial instruments, see Note 30A to the Financial Statements. 3. The present value of cash flows derived from on-demand deposits was calculated according to assumptions regarding term to maturity used by the Bank in the management of interest-rate risks. 4. The internal return rate is the interest rate for discounting of the expected cash flows from the financial instrument to the fair value included in respect thereof in Note 30A to the Financial Statements. 5. The effective average duration of a group of financial instruments constitutes an approximation of the change, in percent, in the fair value of the group of financial instruments, which would be caused by a small change (an increase of 0.1%) in the internal return rate of each of the financial instruments.

- 116 -

Shares Risk

The Bank is exposed to the risk of volatility in the rates of the shares in respect of holdings in the banking portfolio and in the trading portfolio. The Bank's Board of Directors defined separate risk limits in terms of volume and in terms of both VAR for the Maof index, ETFs and shares. In addition, the accounting risk is measured for fluctuations in profitability in the banking portfolio, while setting a designated limit. The risk is measured in terms of price change. The risk derives from investment in a variety of shares, mostly tradable, in the Israeli Stock Exchange through the Bank's Proprietary Unit within the trading portfolio and the available for sale portfolio, the investments of the subsidiary, Union Investments and Enterprise (A.S.Y.) Ltd., which invests in companies active in various areas of activity, not in the banking field and complementary fields. These activities are performed under limitations and volume of frames approved by the Board of Directors of the Bank, and their aim is to improve the Bank's yield.

Table 25 – Capital requirements for groups of shares Disclosure According to Pillar 3 Balance Capital Balance Capital Sheet Fair Requirements 2 Sheet Fair Requirements 2 Balance Value (12.89%) Balance Value (12.88%) NIS Millions As at December 31, 2019 As at December 31, 2018

Shares 108 108 14 72 72 9 ETFs on shares ------ETFs on Index-tracking funds ------Hedge funds/venture-capital - - - funds/private-equity funds - - - Others ------Traded by the Public 108 108 14 72 72 9

Shares 17 17 2 53 53 2 ETFs on shares ------ETFs on Index-tracking funds ------Hedge funds/venture-capital funds/private-equity funds (3) 127 127 19 84 84 11 Others ------Held Privately (4) 144 144 21 137 137 18 *Reclassified

See comments below. - 117 -

Comments:

(1) The fair value of securities available for sale is determined based on market prices quoted in the primary market. When there are several markets in which the security is traded, the assessment is performed according to the market price quoted in the most useful market. In such cases, the fair value of the Bank’s investment in securities is the number of units multiplied by the quoted market price. The quoted price used to determine fair value, as noted above, is not adjusted for the size of the Bank's holding or for the size of the position relative to the trading volume (the holding size factor). If no quoted market price is available, the fair-value estimate is based on the best available information, with maximum use of observable inputs, taking into consideration the risks inherent in the financial instrument (market risk, credit risk, non-tradability, etc.). (2) The supervisory capital ratio the Bank will be required to meet, plus a capital requirement in respect of exposure to the housing loan portfolio at a rate that expresses 1% of the balance of the portfolio. (3) The capital requirements in respect of venture-capital funds and private-equity funds are calculated in accordance to risk-weighted assets in the amount of 150% of the fair value of the holding. (4) Non-tradable.

- 118 -

Liquidity Risk

Disclosure According to Pillar 3

Liquidity Coverage Ratio (LIQ1)

Proper Conduct of Business Banking Directive 221 on "Liquidity Coverage Ratio" (LCR) adopts the recommendations of the Basel Committee regarding the liquidity coverage ratio in the banking system in Israel. The liquidity coverage ratio examines a horizon of 30 days in a stress scenario and is meant to insure that the banking corporation has an inventory of high-quality liquid assets which answers the need of the corporation's liquidity needs in this time horizon according to the scenario inherent in the directive.

The directive establishes the manner of calculation of the liquidity coverage ratio including the definition of characteristics and operational requirements for a "high quality inventory of assets" (numerator) and the security coefficients in respect thereof. In addition, the net leaving cash flow expected in the stress scenario, defined in the directive for the following 30 calendar days (denominator), was defined. This flow includes, inter alia, a certain withdrawal of deposits of various types according to the coefficients in the scenario, a certain utilization of the line of credit that the Bank gave etc., after deduction of repayments of credit that the Bank granted in certain coefficients during the year etc. The classification of the bonds, the types of deposits, the types of lines etc. and their coefficients were determined in the directive. Accordingly, a change in the volume or composition of the liquid assets, a change in the volume of the deposits in each of the types of deposits defined in the directive, changes in the volume of the lines of credit and the guarantees, for which liquidity must be maintained, and so on, can bring about a change in the ratio. The calculation of the ratio is performed on the level of the total currencies and by separating the shekels from the other currencies.

The minimal requirement is set on 100%. However, in a time of financial pressure, a banking corporation will be allowed to fall below these minimal requirements. The requirements apply both to the total currencies and to the foreign currency separately, and they are both at the level of a banking corporation "solo" and at the consolidated level, and the calculation of the ratio is done accordingly. A banking corporation that does not meet the minimal ratio is required to immediately report to the Supervisor of Banks and after three days of deviation, to submit a plan to comply with the minimal requirement. The liquidity coverage ratio measures daily. The total average LCR ratio during the fourth quarter of 2019 was calculated based on 72 daily observations and amounted to 130% compared to a minimum require of 100%.

- 119 -

Due to the announcement of the shareholders holding the controlling interest of the Bank from July 30, 2017 regarding their intention to act to sell their holdings in the Bank and their announcements regarding their engagement with Mizrahi Bank and due to the uncertainty in which the bank is operating, the Board of Directors of the and has decided to keep the liquidity coverage ratio (LCR) higher in this period - from December 1, 2019 a target (risk appetite) of 120% (risk tolerance of 115%) was set. This ratio will be examined from time to time in accordance with the developments and will be updated when necessary. During the fourth quarter, a negligible deviation was observed which was dealt with immediately, faced with a stringent board limit to a total LCR ratio of 115%, and a single exception to an internal limit to the LCR ratio in foreign currency.

It should be notes that the measurement of the liquidity coverage ratio according to Proper Conduct of Banking Business Directive No. 221 is different from risk measurement according to the internal models that apply at the Bank, as further detailed in this chapter.

Table 26: Liquidity Coverage Ratio (LIQ1)

For three For three months ended months ended at December at December 31, 2019 31, 2018 Liquidity Coverage Ratio1 130% 126%

Minimum Liquidity Coverage Ratio required by the supervisor of banks 100% 100%

(1) Calculated based on simple averages of daily observations during the last reported quarter.

- 120 -

Additional disclosures in respect of liquidity coverage ratio (LIQA) Table 27: liquidity coverage ratio (additional disclosures – LIQA) Disclosure According to Pillar 3

As at December 31, 2019 As at December 31, 2018 Total Total Total Total unweighted weighted unweighted weighted value Value value Value (average)1 (average)2 (average)1 (average)2 NIS millions Total high-quality liquid assets Total high-quality liquid assets (HQLA) 10,120 10,022 11,173 11,066 Cash outflows Retail deposits from individuals and from small business customers, of which: Stable deposits 4,168 298 4,332 217 Less stable deposits 9,448 1,045 9,527 1,063 Deposits for a period greater than 30 days 4,514 135 4,519 136 (Section 84 of Proper Conduct of Banking Business Directive 221) Unsecured wholesale financing, of which: Operational deposits (all counterparties) and 0 - 0 0 deposits in networks of cooperative banks Non-operational deposits (all counterparties*) 9,816 5,621 11,308 7,028 Unsecured debts 183 183 3 3 Secured wholesale financing 4 0 153 0 Additional liquidity requirements, of which: Outflows related to derivative exposure and other 2,494 2,494 3,557 3,557 collateral requirements Outflows related to loss of funding on debt 0 0 0 0 products Credit and liquidity facilities 6,735 828 6,336 679 Other contractual funding obligations 771 771 607 607 Other contingent funding obligations 5,879 131 5,466 160 Total cash outflows 44,012 11,416 45,808 13,450 Cash inflows Secured lending (e.g. reverse repos) Inflows from fully performing exposures 1,380 1,260 1,506 1,366 Other cash inflows 3,240 2,435 4,154 3,277 Total cash inflows 4,620 3,695 5,660 4,643 Total adjusted Total adjusted value3 value3 A Total high-quality liquid assets (HQLA) 10,022 11,066 B Total net cash outflows 7,721 8,807 A/B Liquidity coverage ratio (%) 130% 126% See comments below. - 121 -

Comments: (1) Un-weighted values will be calculated as unpaid balances which are about to be repaid or can be repaid by the holder within 30 days (regarding incoming and outgoing cash flows). (2) Weighted values will be calculated after activating appropriate safety coefficients or incoming and outgoing cash flow rates (regarding incoming and outgoing cash flows). (3) Adjusted values will be calculated after activating (1) safety coefficients and incoming and outgoing cash flow rates and (2) all of the relevant limitations (meaning a limitation on high-quality liquid assets at a level of 2B and at a level of 2 and a limitation on the incoming cash flows).

Fluctuations in the liquidity coverage ratio mainly arise from changes in the volume of the cash outflow and from changes in the volume of the liquidity cushion. In the short term, the cash outflow is primarily influenced by the volume and mix of the deposits. The ratio is mainly characterized by monthly cycles, according to customers’ business activity – primarily salaries, VAT, and credit-card payments. Fluctuations in cash inflow mainly arise from activity in foreign-currency derivatives. In the long term, the ratio is influenced by the structure of the Bank's balance sheet, according to changes in the structure of assets and liabilities.

As at December 31, 2019, the ratio amounted to 130% compared to 126% at the end of the previous year. The increase in the ratio was recorded despite a decrease in the liquidity cushion as a result of depositors mix changes, while a decrease in the rate of deposits of financial customers from the total depositors, which resulted in a decrease in the outflow in a similar volume.

Draft new Proper Conduct of Banking Business Directive on the Net Stable Financing Ratio

On January 15, 2020, the Banking Supervision Department issued a draft of a new Proper Conduct of Banking Business Directive aimed at reducing funding liquidity risk through a requirement to finance the activity with stable funding sources, following the global financial crisis, and adoption of international standards on liquidity at the Basel Committee. As noted, the draft directive adopts the recommendations of the Basel Committee for the NSFR standard, aimed at reducing funding liquidity risk through a requirement to finance the activity with stable funding sources. This ratio is in addition to the LCR, which was adopted in Israel in 2015. Pursuant to the draft, banking corporations are required to perform a quantitative impact survey regarding the requirement for this ratio. The QIS results will serve as the basis for the final formulation of the requirement in the directive. Pursuant to the draft, the NSFR will apply as of July 1, 2021. The Bank is monitoring the process of publication of the new directive. - 122 -

Additional information on liquidity risk and financing risk

The composition of the Bank's high-quality liquid assets is based mainly on Tier 1 assets, which are characterized by a high level of negotiability and a low level of risk. These include cash and deposits with the Bank of Israel, Israeli government bonds in shekels and foreign currency, and foreign sovereign in foreign currency bonds, which, in accordance with the terms of Proper Conduct of Banking Business Directive 203, receive a 0% risk weight, as detailed in the following table:

Table 28: Composition of High quality liquid assets Disclosure According to EDFT

As at As at December 31, December 2019 31, 2018 NIS millions Tier 1 assets

Coins and bills of exchange 566 605 Total reserves in the central bank (after deducting the liquidity 4,476 7,343 requirement) Qualified marketable securities with risk weight 0% 5,851 3,551 Debt instrument issued in local currency of sovereign or local central bank whose risk weight is not 0% A debt instrument issued in foreign currency of a local sovereign or central bank whose risk weight is not 0%

Total Tier 1 assets 10,893 11,499

Tier 2a assets

Qualified marketable securities at risk weight 20% 0 0 Corporate debt instruments and bonds by the international rating AA- or 0 0 higher Tier 2b assets Corporate debt instruments with an international rating of A + to A-, or 95 105 a local rating of AA- or higher Total Tier 2b assets 95 105

Total High quality liquid assets 10,988 11,604

- 123 -

Liquidity risk Management

Liquidity risk is the risk to the profits and stability of the banking corporation arising from ITS inability to supply its liquidity needs and repay its liabilities on time, without incurring exceptional losses. Liquidity risk includes the following risks:  Liquidity Raising Risk – Liquidity raising risk is the risk arising from damage to the ability of the Bank to raise liquidity, as a result of a loss of confidence in the Bank by the market, which may result from events of damage to its goodwill or damage to the market in which the Bank operates.  Market Liquidity Risk – The risk that the Bank will be unable to easily get rid of or offset a certain position at the market price, due to insufficient market depth or disruptions in the market.

Banks characteristically operate as providers of long-term loans financed through short-term deposits, making them vulnerable to liquidity risk – both risk specific to each bank and risk affecting the markets in general. Liquidity risk management is aimed at ensuring that the Bank has the ability to finance an increase in assets and to repay liabilities on schedule, without incurring unacceptable losses. In general, the Bank prefers the reduction of liquidity risks over short-term profitability considerations.

The Bank manages the liquidity risk based on the following principles:  Establishment of a liquidity management framework, ensuring sufficient liquidity in high-quality liquid assets to withstand stress events.  Formulation of risk appetite and risk tolerance, in accordance with corporate strategy.  Identification, measurement, monitoring, and control processes.  A financing strategy to diversify resources for various periods of time.  Maintenance of a safety cushion of high-quality liquid assets.  Integration of the costs, the benefits, and the risks in pricing and measuring the performances and in approval of products.  Practices for liquidity management, information reviews, and reporting to the Board of Directors.  Monitoring the exposures by business lines and currencies.  A financing strategy to diversify sources for various periods of time.  Active intraday management of the liquidity risk.  Management of the positions of the collaterals.  Performance of stress tests and integration of the results into routine management process.  A financing plan for emergencies.  Maintenance of a cushion of high-quality liquid assets.

- 124 -

The Bank evaluates its liquidity profile from a broad perspective, which includes the use of various risk indicators and additional parameters to evaluate the various aspects of liquidity risk, including daily and intraday liquidity, liquidity up to one month (liquidity ratio based on an internal model and the LCR), long- term liquidity (stable financing ratio), various measurements and limitations in relation to the mix and structure of sources (rate of deposits of up to one month, rate of core deposits, depositor's concentration indices, rate of financing sources from capital market, etc.), analysis of liquidity gaps for various time ranges, and more. The Bank has set limits on these parameters, and most are monitored on a daily basis.

The concept guiding liquidity risk management is that the risk taker is directly responsible for management of the risk. The first line of defense consists of the risk-taking business lines at the Bank, which are responsible for the routine management of the risks. Business lines that create liquidity risk in the Financial Management Division are the ALM Unit, the Proprietary Unit, and the Dealing Room. The control units are the Capital Market Operations Sector and the Middle Office in the Financial Management Division unit. Note that credit-granting activity at the Bank, which is performed in the Business Division and in the Retail Division, affects the Bank’s exposure to liquidity risk, but this risk is overseen and managed at the Financial Management Division. All of the business units whose activity may affect liquidity are familiar with and compliant with the established policies, procedures, limits, and controls. In addition, responsible functions for the application of internal controls have been established, independent of the risk manager, with the appropriate training, skills, and authority to challenge the information provided and the assumptions in the models used by the business lines.

The organizational structure used to implement liquidity risk management policy consists of three lines of defense, as described above.

The management of the Bank places special emphasis on rigorous management of the liquidity risk, while receiving regular reports. In general, the Bank prefers to reduce liquidity risks to short-term profitability considerations. In order to examine if the policy is updated, and for the early identification of possible development of liquidity stress scenarios, external (macro) indicators and internal indicators (positioning of the Bank and behavior of depositors), are monitored on a monthly basis, and reported in the management forum on financial matters.

The Board of Directors of the Bank delineates the risk profile, within discussions of strategy, work plans, and the policy document.

- 125 -

Limits were set on diversification of sources, while maintaining a mix of sources that derive from the capital market and deposits of the public, with monitoring of the development of the weight of the various depositor groups and depositor diversification at the Bank and within each group. As at the date of the report, the volume of deposits of the three largest depositor groups totaled NIS 1,373 million, and constitutes 4.3% of the total deposits of the public. For details regarding the composition of deposits, see Note 17, "Deposits by Size" to the financial statements as at December 31, 2019.

The Board of Directors monitors key indicators in the area of liquidity, within the quarterly risk document and the monthly CEO review, and conducts quarterly discussions on the overall liquidity situation, and management of liquidity in foreign currency based on developments in the markets and the need derived from it, among other things, through the Risk Management Committee of the Board of Directors (which gathers at least quarterly). The risk development is also monitored monthly within the board's ad-hoc committee. The overall and individual frameworks established for the management of liquidity surpluses at banks in foreign currency are discussed at least once annually, according to need and market developments. In addition, the Board of Directors discusses and approves the models used to measure the risk, the stress scenarios, and the relevant limits.

Internal Liquidity Model

The Bank manages its liquidity level also based on an internal model (in addition to LCR), which is derived from its liquidity risk management policy. The internal measurement is examined in a routine scenario and in a stress scenario. In addition, the overall liquidity situation of the Bank is examined and indicators that point to a possible development of crisis conditions in relation to the Bank or the banking system. The objective of the internal liquidity model is to examine the Bank’s ability to withstand the repayment of deposits, even if no substitute depositors are added, or when the realization of assets is difficult. The ratio of liquid cushion to net outflow in accordance with directive requirement 342 is calculated. The model takes into account the cash in hand and deposits with banks, the actual realization capacity of the Bank’s bond portfolio while distinguishing between the different types of bonds and their liquidity, and assumes a withdrawal forecast based on recent withdrawal history while distinguishing between types of depositors in the incision of deposits for different periods and ability to repay "on call" credit from all of the customers. The basic assumptions of the liquidity model are established, while referring to the realization ability of the assets comprising the liquidity pillow and examining the historical conduct of depositors. The models' assumptions are examined in the frequency required by the validation model and according to developments

- 126 -

in the markets and/or at the Bank, and are discussed and approved at the Risk Management Committee of the Board of Directors and at the Board of Directors' plenum. The liquidity ratio according to the internal model is measured and reported daily to the managements of the Bank, examined weekly by the Management Forum on Financial Matters, and is included in the monthly report to the Board of Directors in addition to the monthly report regarding the deposits concentration and significant changes in the liquidity situation. In addition, compliance with the limits for stress scenarios is tested.

Stress Scenarios for Liquidity The Bank examines the liquidity risk, inter alia, by examining the effect of various stress scenarios on its internal liquidity model. Stress scenarios include systemic scenarios, scenarios focused on the Bank, integrated scenario and reverse scenario (which examine the intensity of an event that brings the liquidity ratio beyond the lowest risk tolerance). The scenarios include a business description, quantification of the effect of the scenarios on the cash flows and on the liquidity ratio, the responsibility for identifying the development of a crisis situation, and ways of coping in the event of materialization of a stress scenario. In addition, a measurement of stress scenarios, for periods of up to a month and above a month, is executed. Such stress scenarios are measured on a daily basis, and are presented to the Management Forum on Financial Matters as background material for its weekly meeting. In addition, a discussion is conducted each quarter by management, by the Risk Management Committee of the Board of Directors and by the plenum of the Board of Directors regarding the results of stress scenarios, actual to the limits established, as part of the discussion on the risk document. The systemic scenario includes a decline in public confidence of the stability of the banking system, which creates, inter alia, difficulties in repayment of credit by borrowers, heavy liquidity pressures in the system and it strengthens the incentive to transfer assets abroad. The scenario is bank focused and reflects a state of concern among the Bank's interested parties in relation to its financial stability and doubt concerning its ability to meet its obligations specifically. The combined scenario refers to a significant change for the worse in the capital markets, which causes an increase in the concerns of the Bank's interested parties in relation to its financial stability and an increase in the doubts regarding its ability to meet its obligations, specifically, beyond the overall concern for the stability of the system and difficulty in recruiting sources in foreign currency. In addition, the overall liquidity situation of the Bank is examined, and indices pointing to the possible development of crisis conditions concerning the Bank or the banking system. During 2019, a single liquidity ratio deviation was observed in the stress scenario, which was addressed immediately. - 127 -

Financing Plans in Emergencies The Bank has an emergency plan, in which the courses of action for handling a realization of a stress scenario are described, including various actions that will be taken by the Bank's management and branches.

Financing Risk Disclosure According to EDFT

Liquidity risk management is aimed at ensuring that the Bank has the ability to finance an increase in assets and to repay liabilities on schedule, without incurring exceptional losses. Efficient management of liquidity risk helps ensure that the Bank can meet its cash-flow liabilities that involve uncertainty, as they are influenced by exceptional supply and demand situations in the financial markets, exogenous events, and the behavior of other factors. The Bank manages liquidity risk in a manner that supports routine financing of the Bank's activity and allows customers to withdraw liabilities routinely, under ordinary market conditions, and upon the development of extreme conditions. The Bank recognizes that when a crisis develops, resources raised through the capital markets may be more volatile than traditional retail deposits. The Bank therefore ensures that its financing sources are sufficiently diversified in order to ensure their availability at the required times and at reasonable cost. The Bank has established limits on the structure of its sources of financing, addressing depositor concentration, percentage of core deposits, and more. The Bank does not rely on the assumption that the markets are absolutely functional and liquid, as the asset and financing markets may dry up in times of stress. Within liquidity management, the Bank assumes that a lack of liquidity in the markets may cause difficulty in raising sources of financing (“liquidity raising risk”) or in the realization of assets in order to obtain liquidity (“market liquidity risk”).

Table 29 - Summary of Pledged and Non-Pledged Assets Disclosure According to EDTF December 31, 2019 December 31, 2018 Pledged Non-Pledged (2), (3) Pledged Non-Pledged (2), (3) NIS millions Cash and other liquid assets (1) 12 - 10 - Securities 132 4,827 167 )1( 3,250 Borrowed securities (5) 2 - 588 - Total 145 4,827 745 3,250

See comments below.

- 128 -

Comments:

(1) Pursuant to the Bank's agreement with the Maof Clearing House and the TASE Clearing House, and in accordance with the resolutions of the Board of Directors of the Maof Clearing House and the bylaws and outline of the Maof Clearing House, the Bank deposits securities in an account in the name of the Maof Clearing House as collateral in favor of the Maof Clearing House, as well as cash in an account opened in its name at another bank, to serve as payment to the clearing houses for any amount that the Bank may owe them in respect of transactions in Maof and in Israeli securities for which the Bank may be liable to them, against a commitment by the clearing houses to remit this amount to the Bank in accordance with the agreement. To secure these charges, on March 31, 2004, the Bank placed a fixed lien and a first-tier floating lien at an unlimited amount on these accounts in favor of the Maof Clearing House In addition, on April 13, 2005, the Bank created a first-degree fixed pledge and assignment by means of a pledge, in an unlimited amount, in a securities account in the name of the clearing house and all of its secondary accounts, and in a monetary account managed in the name of the clearing house at another bank, all in accordance with the Bank's agreement with the TASE Clearing House, as a guarantee for the full and exact fulfillment of all liabilities of any type and kind of the Bank to the clearing house, whether existing or future, renewable or contingent, or limited or unlimited, as they may be from time to time. The collateral serves as a guarantee for the fulfillment of all liabilities of the Bank to the TASE Clearing House, as relevant, in accordance with the articles of the TASE and the instructions based on the auxiliary rules of the clearing house and the resolutions of the Board of Directors of the clearing house. In addition, on March 26, 2017, the Bank created a first-degree fixed pledge in an unlimited amount on all rights of any type and kind in each of the collateral accounts at the Bank of Israel managed in the name of the Maof Clearing House and the TASE Clearing House, respectively, and used to generate collateral for the members of the Maof Clearing House and the TASE Clearing House, respectively, in favor of the aforesaid clearing houses, including the rights to receive the moneys deposited or recorded to the credit of the collateral accounts at the Bank of Israel and all profits thereof, as they may be from time to time, all in accordance with the mortgage and bond agreements of the Bank with the Maof Clearing House and the TASE Clearing House, respectively. The collateral serves as a guarantee for the fulfillment of all liabilities of the Bank to the Maof Clearing House and the TASE Clearing House, as relevant, in accordance with the articles of the TASE and the instructions based on the auxiliary rules of the clearing houses and the resolutions of the boards of directors of the clearing houses. As at December 31, 2019, amounts are deposited with the Maof Clearing House and the TASE Clearing House beyond the collateral requirements.

(2) To secure credit of any kind, in foreign or Israeli currency, received by the banks, including Union Bank, from time to time, from the Bank of Israel, insofar as credit is extended by the Bank of Israel, and the Bank’s consequent liabilities towards the Bank of Israel, in August 2010 the Bank entered into an agreement to place a first-rank permanent pledge and an assignment by way of a pledge, with no amount limit, on all assets and rights in all accounts maintained at the TASE Clearing House Ltd. and at the Euroclear Bank (hereinafter: the

- 129 -

“Collateral Accounts”) in favor of and in the name of the Bank of Israel, which are designated for deposit and/or recording of collateral by the Bank in favor of the Bank of Israel, including on money and securities deposited or recorded, or to be deposited or recorded, in the Collateral Accounts, including the profits thereof and the monetary consideration of the sale or realization thereof. For reasons of caution, the assets pledged in the collateral account at Euroclear Bank, or in any other collateral account maintained with a clearing house outside Israel, shall also be pledged, in addition to the first-rank permanent pledge, in a first-rank floating pledge, with no amount limit. The pledges described above shall serve as a continual and renewing guarantee for the liabilities secured by such pledges, and shall remain in effect until the Bank of Israel approves the cancellation thereof, in writing. In addition to the foregoing, the Bank has granted the right to offsets and liens of all assets owed to it by the Bank of Israel, to secure the settlement of the secured liabilities. The management of the pledged assets, including with regard to the execution of deposits and withdrawals of money and securities in the Collateral Accounts, and the revaluation thereof, are as stipulated in the collateral management documents of the clearing house where the collateral account is maintained. The system of agreements required in order to operate the pledge includes an agreement to operate the system of collateral by the TASE Clearing House for the Bank of Israel, in accordance with an agreement signed between them, and the authorization of the TASE Clearing House to execute the orders of the Bank of Israel in connection with the Israeli securities deposited, and/or to be deposited from time to time, in the relevant collateral account designated for the deposit of collateral by the Bank, and an agreement to regularize the operational aspects of the management of the collateral (foreign securities) at Euroclear Bank. As at December 31, 2019, no collateral was provided. (3) In order to secure the clearing of intraday credit transactions allocated or to be allocated to the Bank by the Bank of Israel from time to time, within its activity on the RTGS (Zahav) system, the Bank placed a current lien in favor of the Bank of Israel on its stock of state bonds and short-term notes. (4) The Bank is a member of the Euroclear Bank of Brussels, which clears securities traded in international markets. The Bank has pledged securities for the purposes of its activity through this clearing house and to secure the credit actually used by the Bank at that clearing house from time to time. The credit facility against which pledged amounts to approximately USD 6 million. (5) Securities received in transactions of securities borrowing against cash.

- 130 -

Operational Risk

Disclosure According to Pillar 3

Management of the Operational Risks

Operational risk is defined as the risk of loss that may arise of inadequate or failed internal processes, human or system failures, or external events. This risk includes legal risk and compliance risks but does not include strategic risk or goodwill risk. The management of operational risk at the Bank is implemented in accordance with Proper Conduct of Banking Business Directive 350, and in accordance with the relevant directives with regard to legal risk, compliance risks, information-technology risk management, cloud computing, cyber defense and data security, banking communication and business continuity. These matters are anchored in dedicated and individual policy documents. The managements of the business units bear responsibility for the identification and management of risks in the business activity. The Controls and Risk Management Division constitutes the second line of defense for operational risk.

Main principals of operational risk management:  The Bank has a working framework for the management of an operational risk, which is fully integrated with its overall risk-management processes.  The Bank maintains a strict environment of controls, using policies, procedures, systems, adequate internal controls, and adequate strategies to reduce or transfer risk, including the use of supplementary tools to reduce risks, such as insurance policies.  The operational risk is managed from a comprehensive systemic perspective, which includes the subsidiaries.  The operational risk management is based on an active process of identifying, assessing, measuring, monitoring, reporting, and controlling, performed in all of the Bank's business lines.

Identification and assessment of operational risks at the Bank is performed through three-year risk surveys, through the collection of failure events and lessons learned from such failures as well as additional tools. The methodology for performing the surveys and addressing the gaps identified is formulated in cooperation with external consultants, and is discussed and approved by the Board of Directors and by management. Surveys performed at the Bank include, inter alia:  Surveys of operational risks in the principal work processes.  Surveys of operational risks in the activity of the principal independent information systems of the Bank.  Business continuity surveys – a business impact analysis (BIA) survey. - 131 -

The results of the operational risk surveys help the Bank's management and Board of Directors evaluate the degree of exposure to these risks and to determine the volume of capital required under Pillar 2. In addition, the Bank examines the exposure to an operating risk by stress scenarios in order to address a variety of events.

The goal of the Bank's policy is to minimize operational risks to the extent possible. Within the discussion of the Bank's overall risk appetite, the risk appetite and risk tolerance for operational risks were defined, while addressing the types of activities, the increase in the volume of activity, and the possible exposures. Exposure limits were set to residual risk (risk after considering controls), including determining the prioritization manner, the treatment and the schedule based on the established policy, for the management of the operational risk.

Dedicated quarterly discussions are held at the Bank, in accordance with the corporate-governance structure in the area of risk management. The management forum receives reports on the extent of cumulative damages from actual failure events, discusses material failure events and lessons learned, and the monitoring of the treatment of the findings of the operational risks surveys in a high ranking. Failure events of more than NIS 0.5 million are reported to the Board of Directors of the Bank. The operational risk forum of the Resources Division, headed by the Chief Risk Officer, discusses risks that are under the direct responsibility of the division due to their complexity. In addition, an operational risk management forum, headed by the head of the operational risk management sector, with the participation of divisional operational risk management trustees, which is a venue for knowledge sharing, and r matters within the management of the risk. Once a year, the Risk-Management Committee of the Board of Directors discusses the annual review, in operational risk policy updates, in updating risk appetite and risk tolerance, and in monitoring the work plan of the surveys and discussing material findings.

The verdict of the Competition Tribunal from November 28, 2019, according to which the appeals filed by the controlling shareholders of the Bank, the Bank, and Bank Mizrahi, were accepted, exposes the Bank to an additional increase in the operational risk, which may intensify as the merger approaches. As a result, the Bank is reviewing plans for thickening controls in the various divisions and across the three lines of defense, mainly dealing with the emerging risks for the period in general, and embezzlement risks in particular. The main principles of the program implements on an ongoing basis.

- 132 -

Information Systems and Information Technology at the Bank

The activity at the Bank is heavily reliant on the information systems and technology tailored to its needs. The IT activity is characterized by, inter alia, cross-organization processes, while significantly influencing the Bank's conduct. The Bank precisely maintains the quality of the systems and their proper functioning and invests extensive resources in developing and adapting information systems and technologies (software, hardware, communication etc.) for its use and its' customers' use, as well as in managing an appropriate system of information security, in emergency preparedness and in business continuity.

The Bank has a material long-term contractual engagement to receive principal IT and operational services from Bank Leumi LeIsrael Ltd., which exposes the Bank to the outsourcing risks. The current IT and operations agreement was signed for a period of ten years, which ended on December 31, 2016. From this date, a period of three years begun, during which the project of terminating the contractual engagement will be carried out. The contractual engagement with Bank Leumi is backed by the required regulatory approvals. The Bank is dependent upon Leumi, as there is no immediately available alternative to the systems that it provides, and damage to these systems may therefore cause material exposure or damage to the Bank. As the end of the term of the engagement with Leumi approached, the Bank began to examine the options available to it. Within this process, the Bank contacted various suppliers in order to receive proposals for IT and operational services, and, from the end of 2016 and up to the first quarter of 2018, examined their initial proposals, with the assistance of external consulting services, under the supervision of a dedicated committee of the Board of Directors (the Committee for Information Technology and Technological Innovation). However, following the notification of the controlling shareholders of the Bank regarding their contractual engagement with Bank Mizrahi, this process was delayed, due to the uncertainty concerning the independent future of the Bank. In light of the continuation of the state of uncertainty and the delay in the schedule of the project for replacement of the IT systems of the Bank, the Board of Directors of the Bank, on March 29, 2018, approved the proposal of Bank Leumi, received at the Bank on that date, the main points of which are that in view of the transaction of the controlling shareholders, Bank Leumi would agree, to postpone the end of the separation period for a period of up to eighteen additional months, provided that, in any case in which the Bank seeks to move the end of the separation period to an earlier date, Leumi is given advance notice of at least 24 months prior to the end date of the separation.

- 133 -

In view of the parties’ request for the Competition Commissioner to approve an exemption for a restrictive arrangement with respect to the extension of the contractual engagement between the Bank and Leumi, the Bank was informed by the Competition Commissioner that the parties’ request appears to be a joint venture, suitable for examination of the parties according to the Restrictive Trade Practices Directives (Type Exemption for Joint Ventures) (Temporary Order), 2006, and therefore does not require the approval of the Competition Commissioner. The Bank also received affirmation from the Banking Supervision Department that it does not object to the extension of the period of providing IT services to the Bank by Leumi until June 30, 2021.

In addition, due to the continuation of the state of uncertainty in which the Bank is operating, as noted above, and in order to prepare for continuity in the receipt of services in connection with the core systems of the Bank and the replacement of the IT services provider, if the Bank remains an independent bank, taking into consideration the schedules for conversion of the core systems, which may take several years, in early 2019 the Bank renewed the process of examining, updating, and improving the proposals it received from providers for the provision of IT and operational services, as noted. Within this process, the board of directors of the Bank resolved on July 2, 2019, to focus the process on the examination and improvement of the proposal of Tech Mahindra, and to promote talks with it with regard to its proposal, while clarifying that the contractual engagement would not be executed or could be discontinued if the Bank does not remain an independent bank, and with no action of any kind that creates an obligation or liability of the Bank to Tech Mahindra to be performed without the specific advance approval of the board of directors of the Bank. In light of the verdict of the Competition Tribunal of November 28, 2019, which accepted the appeals filed by the controlling shareholders of the Bank, the Bank, and Bank Mizrahi of the ruling of the Acting Supervisor of Competition objecting to the merger of the Bank and Bank Mizrahi, and the consequent increased feasibility of the merger of the Bank, on the one hand, and in view of the uncertainty concerning the fulfillment of the conditions established by the Supervisor of Competition for the merger of the banks and the completion of the acquisition offer proceedings by Bank Mizrahi, on the other hand, the Bank has suspended the advancement of the negotiations that had commenced with Tech Mahindra, and has not yet reached a decision regarding its further actions with regard to this matter. Accordingly, the foregoing and the conclusions thereof constitute forward-looking information, as defined in the Securities Law, 1968, which may conclude without a contractual engagement between the Bank and Tech Mahindra, or may materialize differently than expected, and there is no certainty that it will occur in practice.

- 134 -

In view of the need to ensure the continued receipt of the IT services by the Bank after the end of the period of extension of the agreement with Leumi, on June 30, 2021, whether the Bank is merged or remains independent (in the latter case, these services would be required until completion of the project of replacement of the IT systems, if performed by the Bank, or within the receipt of IT services in the long term from Bank Leumi, if the talks with Leumi come to fruition in the future), the Bank is conducting talks with Bank Leumi in order to find a solution for the continued receipt of IT services from Bank Leumi in a manner that would allow continuity in the receipt of IT services by the Bank, in any relevant alternative for the Bank's future. As at the date of this report, the talks conducted with Bank Leumi up to this point for the purpose of extending the period of receipt of IT services from Bank Leumi have not generated results. Given the inputs required in order to execute the project of replacing the IT systems, if the Bank remains an independent bank and if the project is executed, and the expenses and investments that will be required of the Bank simultaneously, both to carry out the project of replacing the IT systems and to continue receiving services from Bank Leumi, in the event of execution of the aforesaid IT project a significant increase is expected in the Bank’s IT expenses, for a limited period (which includes the period of the project of replacing the systems as well as the first years of activity of the system after the replacement, due to accelerated charging of amortization expenses in respect of the new system) and, accordingly, significant damage to the profitability of the Bank is also expected, which the Bank cannot estimate at this stage. There will also be an impact on the extent of the Bank's exposure to various risks, first and foremost to information-technology risk and strategic risk. In the alternative of continued receipt of services from Bank Leumi for the long term, there may also be a significant increase in the IT expenses of the Bank, which may affect the profitability of the Bank in a manner that the Bank is unable to estimate at this stage.

In addition, see "Top and Emerging significant Risks" section and Note 32 - “Events during the reporting period and after the balance sheet date” to the financial statements as at December 31, 2019, in the context of the consequences of the announcement of the shareholders holding the controlling interest in the Bank from July 30, 2017, regarding their intention to sell their holdings in the Bank and their engagement with Mizrahi Bank from November 27, 2017, and other events in connection with these announcements.

In addition to IT services from Bank Leumi, the Bank operates independent IT systems developed in-house and/or through software companies (see below, "List of Principal Suppliers and Dependence on Suppliers").

IT activity at the Bank is based on the information-technology management policy document of the Bank, which approves annually by the Board of Directors. Following lessons learned from failures and malfunctions that occurred in the banking system, the Supervisor of Banks instructed banks to take steps to reduce the potential for materialization of risks arising from failures in the information-technology system.

- 135 -

In addition, the Supervisor of Banks instructed banks to reexamine processes of management of changes and management of malfunctions, in order to strengthen and improve these processes. The Bank prepares and operates routinely in accordance with these instructions. However, despite the resources invested in this area by the Bank, given that complex systems are involved, it is not possible to absolutely prevent the materialization of risks arising from malfunctions in such systems.

Principal Suppliers and Dependence on Suppliers - The Bank has several suppliers in the area of information systems and technology. The main suppliers are listed below; each supplier upon which the Bank is dependent is explicitly noted:

A. Bank Leumi – Supplies core banking systems and related operational services. The Bank is dependent upon Leumi, as there is no immediate available alternative to the systems, which it provides, and malfunction, damage or downtime to these systems may cause exposure or material damage to the Bank.

B. FMR – Supplies of various software systems and services, including software services for execution and trading control of securities. The Bank is dependent upon the service supplied by FMR, because it is a material supplier of this service in Israel.

C. Matrix – Supplies a CRM (Customer Relation Management) system and maintenance and development services for the Bank’s mortgage system, as well as for the control system of Union Bank Trust Company Ltd.

D. Taldor – Activates service and support service for terminal equipment.

E. Sivron – Supplies software services for securities trading.

F. Bloomberg – Supplies foreign exchange trading systems, financial information and software services for securities trading.

G. Bezeq International - Accommodation a computer facility on its site in Jaffa

Union Bank receives a report from Bank Leumi at the end of each year regarding controls integrated into Leumi's operational system (including IT) and regarding tests of the effectiveness of the controls (ISAE 3402 type 2), based, inter alia, on the Agreed Upon Procedures (AUP) process regarding the examinations performed within the framework of procedures agreed upon with the Bank. The report includes, inter alia, an accountant's opinion (hereinafter: the "Opinion") as to whether the controls and control objectives set by Bank Leumi were properly planned and whether they operate with sufficient effectiveness in order to provide reasonable assurance that the control objectives, which were defined by Bank Leumi, were achieved during

- 136 -

the year for which the report is produced. In addition, exceptional events relevant to Union Bank or to the Leumi control environment, which serves Union Bank only, are noted. According to the Opinion on the report for 2019, the controls examined, and which the accountant believed were essential to the achievement of the defined control objectives, operated effectively during 2019. The Opinion addresses, inter alia, the controls implemented in order to reduce the potential exposures and to strengthen defense against cyber- attacks on the information systems of Leumi, through which Leumi provides services to Union Bank and to its customers.

Cyber Risk Management and Information Security

Cyber risk is defined as the risk of materialization of a cyber-event, which is an event during which IT systems and/or computer-embedded systems and infrastructures are attacked by, or on behalf of, (external or internal factors to the bank). Cyber risk management at the Bank is implemented in accordance with the Proper Conduct of Banking Business Directives 361, and with the relevant directives such as: the management of information technologies and of operational risk. The bank has outlined a policy for cyber protection strategy that defines the strategic directions required to strengthen the entire defense system. The managements of the business units participate, as part of the cyber surveys, in the identification and management of risks in business activity. Cyber defense management is under the responsibility of the head of cyber defense in the resource division. The controls and risk management division serves as the second line of defense for this risk. This framework includes a cyber-risks forum, headed by the chief risk officer. Note that on February 2019, an organizational change was carried out at the Bank, in which cyber activity was imposed on the first line of the Information Systems System, concurrently with the reinforcement of the defense system on the second line. Potential negative consequences for the bank as a result of cyber-attacks include, inter alia,: theft of financial assets, damage to intellectual property or other sensitive information of the Bank, its customers, or its business partners; disruption of the activity of the bank; recovery costs; increased costs of protection and information security; loss of income due to unauthorized use of proprietary information or due to the failure to retain or recruit customers as a result of the cyber-attacks; legal claims; damage to goodwill, etc.

Manager of Cyber Protection is working to plan and realize the principles approved in the strategy documents and cyber protection management policy. As part of the cyber protection policy, The Bank implements an information security Concept, according to which, it conducts a wide range of activities in the areas of technology, operations, and processes. The Cyber Protection policy has been adjusted to Proper Conduct of Banking Business Directive 361, which deals with the cyber protection management.

- 137 -

Information security activities in aggregate Integrated in cyber protection activities are aimed at responding to the dynamic range of threats present in the technological environment in which modern-day banking information systems operate, and at allowing compliance with regulatory directives. The activity is carried out according to ISO 27001 2013 standard, and was audited by the Standards Institution of Israel.

The Bank’s cyber protection system is based on the following components:  Continuous, ongoing mapping and management of cyber risks.  Assessing the ripe of the cyber protection controls.  Mapping, managing and controlling cyber risk in the supply chain  Development, installation, and maintenance of a variety of automated tools for the security of the computer and data systems of the Bank, using tools for the analysis, control, and identification of exceptional events in the area of information security.  Increasing and assimilating the awareness to cyber threats in the Bank through training of the employees.  A continuous process for gradual treatment of the defects and conducting safety cyber surveys.  Periodic examination of the ability of the Bank's information systems to withstand various types of cybernetic attacks, and update of the protective systems as necessary. This examination includes resilience surveys, drills, and consultation with professionals, to ensure technological precedence.  Cyber risks are handled within the framework of the various insurance policies in which the Bank has entered, including a special policy for cyber risk.  Operation of the Information Security Operations Center (ITC), which regularly monitors computer systems for identification and rapid response to a cyber incident, as well as receiving monitoring services from Leumi for the computer systems operated by them. This activity is a significant tier in preparedness for dealing with cyber-attacks.

During the past year, there were no material cyber events that occurred or, affected its Independent Systems, and consequently the activity segments supported by these systems. Furthermore, the Bank has not identified any event that would prevent it from adequately recording, processing, summarizing, or reporting information. In the opinion of the Bank, the cyber, in the context of its independent systems, had no material effect on the financial statements for 2019.

- 138 -

In addition, see "Top and Emerging significant Risks" section and also Note 32 - “Events during the reporting period and after the balance sheet date” to the financial statements as at December 31, 2019, in the context of the consequences of the announcement of the shareholders holding the controlling interest in the Bank from July 30, 2017, regarding their intention to sell their holdings in the Bank and their engagement with Mizrahi Bank from November 27, 2017, and other events in connection with these announcements.

As stated, the computer systems operated by Leumi are monitored by them.  Bank Leumi, like other banks, is a target for various attackers. Its computer systems, communication networks, and customers' devices exposed to cyber-attacks such as via viruses and malware, phishing attacks, and additional exposures aimed at damage to service and/or data and even financial theft.  Leumi sees the Banks' information and its customers' information as a principal asset and invests efforts in implementing standard control and defense mechanisms and processes.  In 2019, Leumi did not report any material cyber incident.

Business Continuity - Emergency Preparedness

Events of various types may damage and/or cause shutdowns of material activities of the Bank and its customers, harm the continuity of its business, expose the Bank to a various risks, and cause significant damage to the Bank and/or to its customers. The Bank has emergency business continuity plans which detail the manner of operating emergency services and the resources required during a business continuity event, in order to efficiently and quickly return to a routine including proper management of information technology assets, that support processes which have a material effect on the conduct of the Bank's business. In addition, see the report on an increase in operating risk in light of the uncertainty. These plans ensure the Bank's ability to continue ongoing activities and to minimize losses in the event of a realization of a business continuity scenario, internal or external, in accordance with the business continuity policy in emergencies. In order to assimilate the business continuity plan and to routinely validate it, the Bank holds a multi-year practice plan for the emergency array, which includes the business units and the computer systems. In addition, the Bank is preparing with suppliers that support essential services and processes in order to ensure the survivability of the services received from them in cases of emergency.

- 139 -

Head of the Resources Division was appointed to be in charge of activity in emergencies, and as such, she is the Head of a Crisis Management Team, including management members of the Bank. The business continuity management, emergency preparedness and the contact with the various regulatory factors are conducted within a designated unit in the planning and organization Array in the Resources Division. The Bank has a business continuity management strategy, which defines the operational guidelines for implementing the business continuity policy in times of emergency. This strategy is based on the requirements of compliance service level targets as defined in Proper Conduct of Banking Business Directive 355, and in accordance with the analysis of the business implications and timeliness and recovery targets in the time and scope parameters defined in the Business Impact Analysis (BIA) process. In addition, the Bank's emergency management chain is defined as well as the operating concept and guidelines for the operation of the Bank's emergency units which takes into account all of its banking services, based on an analysis of the behavior of environmental variables such as employees, customers, authorities, national infrastructures, etc., under various scenarios, internal and external. Within this strategy, banking services have been prioritized and recovery targets have been established, using parameters of time and volume. The Bank is authorized to amend business continuity standard ISO 22301 by the Standards Institute and passes a certification exam every year. In addition to the establishment of the business continuity management framework, projects were carried out for the improvement of the Bank's preparedness for emergencies. This includes the protection of buildings at the Bank's core branches and other branches and the adjustment to working continuously during times of emergency. The Bank activates a backup site for the Bank's central computer in a booth space far from where the central computer is located and a site intended for use of the Bank's headquarters in emergencies. The facility meets strict shielding regulations and the shielding requirements detailed in Proper Conduct of Banking Business Directive 355.

- 140 -

Other Risks

Disclosure According to EDTF

Compliance Risk Compliance risk is defined as the risk that a corporation may be subject to a legal or regulatory sanction or may sustain material financial loss or damage to its goodwill as a result of its failure to comply with laws, regulations, internal procedures, or ethical codes. Compliance-risk management is implemented in accordance with the directives of the law applicable to the Bank, including Proper Conduct of Banking Business Directive 308, Compliance and the Compliance Function at the Banking Corporation, the updated version of which took effect on January 1, 2016. The compliance risk management policy presents the manner in which compliance risk is managed, and defines the roles of the functions involved in the management of the risk, in the three lines of defense. The policy defines the principles for management of the risk, and the division of duties and authority for mapping and minimizing compliance risks at the Bank, including the working interfaces between the Chief Compliance Officer of the Bank and additional compliance risk managers in the second line of defense. In addition, the policy establishes processes for reporting on compliance risks and exposures, methodology for the assessment thereof, and ways of addressing compliance violations, if and as identified. The compliance risk management policy is discussed and approved by the Board of Directors on at least an annual basis. The Chief Legal Advisor is head of the Legal Advice and Compliance Division serves as the head of Internal Enforcement at the Bank and its subsidiaries. The Chief Compliance Officer, who is head of the compliance sector, serves as the Compliance Risk Manager subject to the Chief Legal Advisor of the Bank and is responsible for the implementation of the Money Laundering and Terrorism Financing Prohibition Law at the Bank. In addition, the Chief Compliance Officer serves as Ombudsman. Pursuant to Proper Conduct of Banking Business Directive 308, in December 2015, the Board of Directors of the Bank also approved the charter of the Chief Compliance Officer and of the employees of the compliance function at the Bank. It was determined that the Chief Compliance Officer of the Bank would also serve as the responsible officer pursuant to Section 8 of the Money Laundering Prohibition Law, 2000. The compliance sector is responsible for helping the Bank's employees and managers comply with and maintain the legal directives applicable to the Bank, both in the area of bank-customer relationships and in other areas relevant to the Bank's work. As part of its role, the compliance sector examines and improves compliance processes at the Bank on a transverse basis, through routine interfaces with other units and divisions of the Bank.

- 141 -

The following units are subject to the compliance sector:

A. The Prohibition of Money Laundering and Terrorism Financing Unit – Works to enforce the duties imposed upon the Bank in this area and supervise the fulfillment of such duties, according to the compliance risk management policy document and to the Banks' procedures in this area. The Prohibition of Money Laundering and Terrorism Financing Unit routinely provides consulting to the branches and subsidiaries of the Bank and conducts continuous monitoring of banking activity in customers' accounts, with the aim of identifying activities that appear to be unusual and taking the necessary steps according to the law, concerning these activities. In addition, the unit accompanies the treatment of the FATCA, the CRS and the QI at the Bank, including, cross border risks and compliance with the tax laws in Israel.

B. Compliance Unit – Responsible for the compliance with the necessary in order to comply with the legal directives applicable to the Bank, as noted above, including legal requirements derived from the Law for Increased Efficiency of Enforcement Procedures at the Israel Securities Authority (Legislative Amendments), 2011 (hereinafter: the "Enforcement Procedures Efficiency Law"), which apply to the Bank as a corporation operating in the area of securities and as a public company. The Bank has an internal enforcement plan in the field of securities and it operates in this field according to a designated policy document, which was adopted also by the relevant subsidiaries. The policy document is updated from time to time, as necessary, and is discussed on an annual basis at the Banks' Board of Directors.

C. The Public Complaints Unit - Deals with the treatment of customer's inquiries on all subjects relating to bank-customer relations. The unit inquires about complaints and requests of customers who turn to it directly or through the Public Complaints Unit of the Bank of Israel. The Chief Compliance Officer is the Ombudsman and is involved in the treatment of complaints that arrive at the unit, while making sure that they receive proper treatment, including legal counseling, as required, and if necessary, the complaints are forwarded to the attention of the Bank's Legal Advisor.

- 142 -

The Bank's compliance risk profile derives of its duty to comply with regulatory requirements and Israeli provisions of law such as: the directives of the Supervisor of Banks, guidelines of the Securities Authority etc., as well as with requirements of foreign countries, such as the implementation of the FATCA and CRS directives and other international directives which have direct or indirect applicability to it. There are a number of changes in the regulatory environment, which may affect the Bank's exposure to the compliance risk:  Monitoring exposures to various international sanctions.  Legislation and regulation concerning the FATCA, CRS and QI.  Foreign compliance directives such as: Dodd Frank and Emir.  A circular of the Supervisor of Banks from November 23, 2016 on preparedness for managing compliance risks in view of the determination of tax offenses as an offense of origin.

The Bank's compliance risk is managed while maintaining high levels of control, enforcement policy and organized operating procedures. The Bank makes sure to comply with the compliance directives and enforces the required level of compliance. This is how the Bank minimizes the compliance risks in the Bank and its subsidiaries.

Legal Risk Legal risk is the risk of loss as a result of the inability to legally enforce an agreement, and it includes, but is not limited to exposure to fines or penalties as a result of supervisory activities (punitive damages) as well as individual arrangements. The Legal Advice and Compliance Department of the Bank is responsible for managing the legal risk in the Bank and it provides support and response to all the legal aspects of the activities of the Bank and its' Group. The Legal Advisor of the Bank serves as a Legal Risk Manager of the Bank. The routine management of legal risk mainly takes the form of legal advice regularly provided by the Legal Advice and Compliance Department to the authorized organs of the Bank and to its various units and subsidiaries on the various topics related to the activity of the Bank; the preparation of contractual documents and banking agreements; writing of procedures in areas under the responsibility of the Department; legal support for the preparation and update of procedures under the responsibility of other parties within the Bank; management of legal knowledge at the Bank, including updates to the relevant parties in the organization regarding changes in the various types of legal and regulatory directives that affect the work of the Bank; routine instruction on various legal matters, including lessons learned from various events; adaptation of the system of agreements and procedures to such changes; routine updates of the system of agreements and documents generally used by the Bank; and oversight of legal claims against the Bank and supervision of professional parties processing such claims on behalf of the Bank. - 143 -

The legal risk management is in accordance with a policy document in which, the principles for the legal risk management, distribution of the roles and the authorities for treatment of mapping and minimizing the legal risks at the Bank, the reporting processes regarding risks and legal exposures and their assessments, including through the Legal Risk Management Committee which operates in the Legal Advice Division and convenes on a periodic basis, were defined. The legal risk management policy is updated from time to time, as necessary, and is discussed by the Bank's Board of Directors on an annual basis.

Goodwill Risk

Goodwill is a collection of the perceptions, opinions and beliefs of stakeholders concerning the corporation, based on their experience and expectations. Goodwill risk is the risk to the corporate's profits, stability or ability to achieve its objectives as a result of damage to its goodwill which may derive from the corporation's conduct, financial situation or negative publicity (true or false) and might be expressed in a negative perceptions by customers, counterparties, shareholders, investors, bond holders, analysts, other relevant parties, or regulators, which may have a negative effect on the public’s confidence in the Bank and on the Bank’s ability to retain existing business relationships or to create new relationships, and to sustain continuous access to financing sources (such as through interbank markets or securitization markets). Goodwill risk is characterized by multidimensionality and reflects the perceptions of other participants in the market. Moreover, the risk is present throughout the organization, and by essence is a function of proper internal risk management processes at the Bank, as well as of the manner and efficiency of response of management to external effects.

The framework for the management of the goodwill risk:  The Goodwill Risk Manager at the Bank is the Head of the Retail Banking, Customer Assets and Investment Advice Division. The Goodwill Risk Manager is the first line of defense for the goodwill risk and takes part in the formation of a risk management policy document and submits recommendations including: the risk management perception, definition of responsibility and authority lines, while referring to those responsible for the measurement and monitoring of the exposure to risk while formulating action plans for the treatment of the realization of the risk.  In the framework of the goodwill risk management, monitoring and control processes were established, following the exposure to the goodwill risk, transversely to the various units of the Bank.

The Bank continues to examine and monitor the impacts of the notification of the Controlling Shareholders of the Bank regarding their contractual engagement with Bank Mizrahi on goodwill risk.

- 144 -

For further details in this context, also see "Top and significant emerging risks" section as well as Note 32 “Events during the reporting period and after the balance sheet date” to the financial statements as at December 31, 2019, in the context of the consequences of the announcement of the shareholders holding the controlling interest in the Bank from July 30, 2017, regarding their intention to sell their holdings in the Bank and their engagement with Mizrahi Bank from November 27, 2017, and other events in connection with these announcements.

Strategic Risk

The strategic risk is a current risk or a future risk for the Bank's profits, capital, goodwill or status, which may originate from erroneous business decisions, improper implementation of decisions, or failure to respond to sectorial, economic, or technological changes. This risk is created from the compliance degree of the strategic objectives set by the Bank, to its capabilities and to the economic environment in which it operates, from the applicability of the work plan and the objectives defined in order to reach them, from the resources defined for compliance with the plans and from the quality of the implementation of the components of the programs. The members of the Bank's management are responsible for the management of the risk, each in his field.

The risk factors in the management of the strategic risk might be: an insufficient strategic plan with erroneous decisions, a missing or delayed response to the market trends, to customer's preferences and to competitor's activities, lack of coordination between the strategic plan to the work plans, to the capital planning and to the budget, material lack of compliance with targets, lack of clarity in the components of authority and responsibility, risks management processes which are not of the proper quality, lack of skilled employees, lack of critical resources and more. The materialization of these risk factors may expose the Bank to business losses, financial damage, and a decline in goodwill. The Board of Directors sets the main guidelines for the establishment of the multi-year strategic plan. These guidelines are transformed into a detailed work plan by management, which presented for the approval by the Board of Directors.

As aforesaid, due to the announcement of the shareholders holding the controlling core of the Bank from July 30, 2017 regarding their intention to sell their holdings in the bank, and given the uncertainty within which the Bank is operating as a consequence, the level of uncertainty regarding the realization of the Bank's strategic plan has decreased, while the strategic risk has commensurately increased. Accordingly, the bank’s work plan has been adjusted to the uncertainty state in which the bank is operating, so at this stage, and until

- 145 -

the situation becomes clearer, it does not include long-term objectives and projects derived from the strategic plan.

In light of the verdict of the Competition Tribunal from November 28, 2019, which accepted the appeals filed by the controlling shareholders of the Bank, the Bank, and Bank Mizrahi, strategic risk may decrease. If there is no merger, there is a potential for strategic risk increase. The Bank's management and Board of Directors are closely examining and monitoring the impact of the Competition Tribunal's decision, as detailed above, on strategic risk, including through a dedicated Board Committee to monitor the development of risks for the period and the implementation of mitigation measures. The Bank will continue to monitor and review the necessary steps. In addition, regulatory initiatives in the consumer credit field may affect the extent to which the Bank's long- term goals will implemented. In particular, an improvement in the capabilities resulting from the use of a credit database that allows each entity to obtain aggregate information about each client in the banking system, and the Open API, which enables service providers to connect with the bank's systems and retrieve up-to-date real-time information about the customer, are expected to increase competition among retail customers, including against non-banking entities. In addition, the continued low interest rate environment affects the ability to improve profitability and short-term returns.

For further details in this context, see "Top and significant Emerging Risks" section, "The Bank's IT and computing systems" section and Note 32 - "Events during the reporting period and after the balance sheet date" to the financial statements as at December 31, 2019.

Environmental Risk

Environmental risk is defined as the risk of loss as a result of directives related to the protection of the environment, and the enforcement thereof. Banks can be exposed to environmental risks through various aspects of their activity. Such risks can also be encompassed by other risks (such as credit risk, market risk, operational risk, legal risk, and liquidity risk). Exposure to goodwill risk is also possible, as a result of the possibility of attributing to the Bank a connection with a party causing an environmental hazard. Credit risk arising from environmental risk is defined as the risk of damage to the credit repayment capability of a borrower as a result of violation of a law leading to the imposition of significant monetary fines, unexpected costs for compliance with legal requirements, damage to profitability and goodwill of the borrower due to the results of the environmental aspect of the borrower's activity, exposure to legal claims against the financing bank, etc. Credit risk also includes the risk of exposure of collateral – the risk of damage to the value of collateral as a result of various environmental hazards.

- 146 -

Awareness of the potential exposure of financial institutions to risk arising from environmental hazards and from noncompliance with environmental directives has grown progressively in recent years, globally and in Israel. In June 2009, the Supervisor of Banks issued a letter regarding environmental risks at banking corporations, pursuant to which banking corporations must act to implement environmental risk exposure management within overall risks.

The Bank recognizes that the identification and assessment of environmental risk are part of an appropriate process of assessment of the risks to which the Bank is exposed.

Responsibility for management of the credit aspects of environmental risk exposure at the Bank rests with the Head of the Corporate Division/ Retail Banking, Customer Assets and Investment Advice Division, according to the entity handling the individual borrower. The aspects of environmental risks involving the operation of the Bank are under the responsibility of the Resources Division.

The Bank's environmental risks management policy, credit aspects, is detailed in the commercial and corporate credit management policy document. Within the policy, risk levels, specific populations and sectors, threshold amounts, and a process for obtaining an opinion regarding borrowers whose occupation is a potential material environmental risk, was established. As part of the preparations for environmental risk management, the Bank was aided by an external firm in preparing an opinion on the examination of the potential for environmental risks with regard to such borrowers.

- 147 -

Remuneration

Pillar 3

Set out below is the disclosure of the Bank, pursuant to the Basel Pillar 3 disclosure requirements concerning remuneration, as stated in the Public Reporting Directives of the Supervisor of Banks.

On October 6, 2016, further to the approval of the Board of Directors on August 31, 2016 and the approval of the Remuneration Committee, the Bank's general meeting approved an updated remuneration policy for Senior Officers of the Bank (hereinafter: "The Remuneration Policy for Senior Officers"), which replaced the remuneration policy approved by the Bank's general meeting on February 6, 2014 and the bonus formula included in it1. The updated remuneration policy of the Bank was prepared taking into account the provisions of the Companies Law 1999 (hereinafter: "The Companies Law"), the provisions of the Compensation Law for Senior Office Holders in Banking Corporations (Special Approval and Disallowing of Expenses for Tax purposes Due to Exceptional Remuneration) 2016 (hereinafter: "Remuneration Limit Law") and the Proper Conduct of Banking Business Directive 301A. For details regarding the remuneration policy, employment terms of Senior Officers and considerations and principles that guided the Remuneration Committee and the Board of Directors when determining the remuneration policy, see by reference, the report on summoning of a general meeting from August 31, 2016 (reference 2016-01-115039) and the report on the results of the general meeting from October 6, 2016 (reference 2016-01-060357). On November 4, 2019, the general assembly of the Bank approved, among other matters, an update of the remuneration policy for officers of the Bank. The new remuneration policy for officers of the Bank took effect on the date of approval thereof by the general assembly, and will apply from January 1, 2020, to 2022 (inclusive). The principal changes, from the previous remuneration policy to the new remuneration policy, are the following: For reasons of caution, a section was added pursuant to which the terms of service and employment of officers, including salary and other fixed components, as well as variable bonuses, are to be determined such that total remuneration for officers complies with the directives of the Remuneration Limit Law. Added authority was granted to the remuneration committee and to the board of directors to approve, in exceptional cases, a variable bonus amount in respect of special events, for any officer, not to exceed two average monthly

1 The new remuneration policy for the Senior Officers of the Bank entered into force on the day of the approval of the general meeting and shall apply until 2019 (including).

- 148 -

salaries of the officer, due to an exceptional event such as the completion of a one-time project, a material structural change, or special contribution to the achievement of the objectives of the Bank. The special bonus is subject to the rules set forth in the directives of the law concerning the payment of bonuses. In the section, “Insurance, indemnity, and liability exemption for officers of the Bank,” the framework of terms at which the Bank is authorized to purchase an officer insurance policy for officers and directors of the Bank and its subsidiaries was updated, taking into consideration the increased insurance coverage of the Bank beginning in 2018, and in view of the great responsibility borne by the officers of the Bank and the risks to which the Bank is exposed, usually, and in particular in view of the risks arising from the uncertain conditions in which the Bank is operating, with due attention to the relevant legislation and regulation. An added reference also addresses the authorization of the Bank to purchase an insurance policy for the run-off liability of directors and other officers at the Bank and its subsidiaries, prior to the sale, transfer, merger, or formation of control of the Bank by any entity or person, in any way. A condition was added pursuant to which the maximum rate of enlarged severance pay for officers whose employment at the Bank is terminated due to a structural change at the Bank, including a merger and/or acquisition offer, shall not exceed 250%, in the event of termination or resignation. Clarification was added to the section in the existing policy allowing the Bank to include up to six months’ non-competition in agreements, pursuant to which during the non-competition period the officer may be entitled to a salary and benefits. Clarification was added pursuant to which the terms of service and employment of the chairperson of the board of directors shall be established such that the total remuneration of the chairperson of the board of directors complies with the directives of the Remuneration Limit Law.

For additional details, see also the description of the remuneration policy and the bonuses plan in Note 21.E - "Employee Benefits - Policy Regarding Terms of Service and Employment of Senior Officers" to the Financial Statements of the Bank as at 2019. For details regarding remuneration given to interested parties and Senior Officers of the Bank, see "Remuneration of Senior Executives" Section and Note 21.F – "Employee Benefits- Personal Contracts" to the Financial Statements.

- 149 -

Qualitative Disclosure of Remuneration (REMA) Information Regarding the Entities that Supervise the Remuneration

The Board of Directors of the Bank is the entity authorized to approve the remuneration policy for Senior Officers of the Bank (subject to approval of the general meeting, as detailed below) and to employees of the Bank, in accordance with the directives of the law, after considering the recommendations of the Remuneration Committee appointed by the Board of Directors. The terms of employment of Senior Officers of the Bank and of Senior Executives (who are compensated according to a variable remuneration mechanism) that are not in accordance with the terms of the collective agreement of the employees of the Bank, are presented to the Board of Directors for approval. The Board of Directors also approves the remuneration principles and agreements of employees of the Bank who are not Senior Officers, following the recommendation of the Remuneration Committee. In addition, the Board of Directors supervises the implementation of the remuneration policy and examines, from time to time and at least once annually, the need to adjust this policy to Directive 301A (if any material changes have occurred in the circumstances that prevailed when the policy was established, or for other reasons). The main entity authorized by the Board of Directors to supervise remuneration is the Remuneration Committee, which is authorized, inter alia, to discuss and make recommendations to the Board of Directors regarding remuneration policy for employees and Senior Officers of the Bank, and examine the compliance of the policy with legal directives, the effect of the remuneration policy on the Bank's risk profile, and its congruence with the risk appetite of the Bank, on at least an annual basis. The Remuneration Committee also discusses the approval of remuneration mechanisms for key employees and Senior Officers, and contractual engagements with officers of the Bank concerning their remuneration, with reference to matters specified in the remuneration policy, in order to ensure that the agreements are appropriate and do not jeopardize the robustness and stability of the Bank; its recommendations are presented to the Board of Directors for approval. The committee consists of external directors and independent directors only; all of the external directors appointed in accordance with the Companies Law who serve on the Bank's Board of Directors, are members of the committee. As mentioned above, by 2019, the remuneration policy approved on October 6, 2016 was in effect, and on November 4, 2019, a new remuneration policy for the Bank's executive officers, which takes effect from 2020, was approved. In addition, on May 2019, the Board of Directors of the bank has approved, after considering the recommendations of the Remuneration Committee, an update of the remuneration policy which applies to all of the employees of the Bank, including, in relation to the terms of office and employment

- 150 -

of other key employees (as detailed below) who are not Senior Officers at the Bank, this is in accordance to Proper Conduct of Banking Business Directive 301A: "Remuneration Policy in a Banking Corporation", on its updates. Within the remuneration policy for all of the employees of the Bank, a list of positions of key employees, whose activity may have a material effect on the risk profile of the Bank, is defined, pursuant to Proper Conduct of Banking Business Directive 301A. Heads of arrays at the Bank were defined as key employees (in addition to the Senior Officers of the Bank, as defined in Directive 301A) as long as they are not employed under the collective agreement applicable to managers at the Bank and certain dealers in proprietary and in the dealing room. It was also clarified that the remuneration policy regarding those key employees, whose whole remuneration is established in a collective agreement, will be the collective agreement itself. The principles of the remuneration policy for the employees of the Bank apply also to remuneration of employees at the Bank's subsidiaries, and the policy's reference to divisional performance targets will apply with the necessary changes to the subsidiaries as well. Without detracting from that, the Bank's remuneration policy for the Bank's employees determines that subsidiaries, which must receive the approval of remuneration policy according to directive 301A, will adopt a remuneration policy while taking into account the principles set in the remuneration policy regulated in this document. With regard to key employees (including Senior Officers), the remuneration policy applies to the terms of service and employment to be approved for these employees as of the date of approval of the remuneration policy by the authorized organs of the Bank. The remuneration policy shall not harm contractual engagements (or remuneration formulas for employees or groups of employees) that exist at the date of approval of the remuneration policy, between the Bank and the aforesaid employees, with respect to the terms of their service and employment at the Bank, subject to the provisions of the law (including the established in Remuneration Limit Law and Proper Conduct of Banking Business Directive 301A). The remuneration policy documents for the Senior Officers and for the employees of the Bank are presented for discussion and approval before the Bank's authorized organs once every three years. The Bank's Board of Directors and Remuneration Committee supervise and monitor, at least once a year, the actual implementation and examine the need to adjust it, if there was a material change in the circumstances that existed when it was established or for other reasons, including the promoting of goals and objectives which it is supposed to fulfill.

- 151 -

Table 30 – Concentration of the Key Employees of the Bank Pillar 3

Key employees at the Bank Amount (as at December 31) 2019 2018 Directors (including the Chairman) 9 10(1) CEO, management members, Legal Advisor and 9(2) 9 Internal Auditor Other key employees 6 8 Total 24 27

(1) The list of directors included Dr. Zalman Segal, who completed his term on February 8, 2019. (2) Dr. Akiva Sternberg ended his service as Chief Internal Auditor on January 31, 2020.

Planning and Structure of Remuneration Processes Pillar 3

The goals and principles that form the foundation for the remuneration policy for Senior Officers and employees of the Bank include the creation of a system of incentives for the Bank's employees, within the existing wage arrangements at the Bank. Remuneration arrangements for officers of the Bank are established based on their actual performance and on their contribution to the achievement of the goals set by the Board of Directors of the Bank in the Bank's work plan and long-term strategy, as well as on their skills, professional experience, and their accomplishments. All of the foregoing is applied while strictly adhering to the risk appetite, and refraining from taking exceptional risks beyond the Bank's risk tolerance, and while maintaining a robust capital base, and incentivizing employees in control and supervision roles, taking into consideration the importance and sensitivity of these positions. In establishing the remuneration policy, the Bank's wish to retain and develop its management tier and the employees existing at the Bank, while maintaining an appropriate remuneration structure, was taken into consideration, all while considering organizational factors, such as the costs of remuneration and the desired gaps in remuneration between different ranks at the Bank; the nature of the Bank's activity; the work plan; the Bank's risk-management policy; its business results over time; the competition in the banking industry; and the size of the Bank in comparison to the banking system. Furthermore, in formulating and updating "the Policy on Terms of Service and Employment of Senior Officers," at the Bank, members of the Remuneration Committee and the Board of Directors also considered the matters detailed in Section 267B(a) and in the First Addendum A to the Companies Law, including matters required to be addressed in the remuneration policy and directives required to be established in the

- 152 -

remuneration policy, all with congruence of the principles of the remuneration policy with the goals and objectives which the Bank's remuneration policy is designed to achieve, the size of the Bank, the scope of its operations, the nature of its business, and its results over time. The members of the Remuneration Committee and of the Bank's Board of Directors also considered and referred, within the approval of the remuneration policy for Senior Officers and employees of the Bank, as applicable, to relevant regulation updates for the determination of the remuneration policy, inter alia, to directive 301A to the directives of the Supervisor of Banks and the provisions of the Remuneration Limit Law and the rules and limits set forth therein and also to the overall existing employment terms of the Senior Officers at the Bank, including the maximum extent of the fixed and variable remuneration components and to the relations between them, the relations between all of the remuneration of the Senior Officers and the remuneration of other employees of the Bank including contract workers.

With regard to Senior Officers engaged in auditing and control, including the Internal Auditor, the Chief Risk Officer, and the Chief Legal Advisor of the Bank, a mechanism for variable remuneration has been established which ensures independence of the amount of remuneration in the business which they oversee, since their variable remuneration does not depend on the business results of the business fields, on whose activity they supervise, but on their compliance with relevant parameters to their field of their activity and responsibility (subject to the overall results of the Bank complying with threshold terms determined in the remuneration policy). To each of the aforesaid Senior Officers a maximum bonus scope was attributed (which was defined by a number of maximum salaries to each of those Senior Officers). The actual approval of the bonus, subject to the maximum number of salaries defined in the policy, is subject to the discretion of the Remuneration Committee and the Board of Directors after they consider various parameters relating to the functioning and conduct of the Senior Officers as detailed in the remuneration policy and the rules of the policy.

With regard to other employees, who are not Senior Officers, who deal with risks and compliance, the remuneration policy for employees of the Bank states that the criteria for remuneration of such employees shall take into consideration the importance and sensitivity of the duties with which they are entrusted, and shall include remuneration incentives granted based on the attainment of objectives that contribute, inter alia, to the effectiveness of controls at the Bank and to the ability to recruit and retain talented employees, and shall not depend upon the business results of the business areas whose activity they monitor, audit, or supervise, all with the aim of fulfilling the business objectives of the Bank, in a manner that does not impair their independence and subject to the budget established in the collective agreements. These principles shall be implemented in the bonus plans to be approved from time to time for employees who deal with risks and compliance who are not employed under the terms of the collective agreement for executives at the Bank.

- 153 -

Description of the Ways in Which Present and Future Risks are Taken into Consideration in The Remuneration Process Pillar 3

The Bank's Board of Directors set within the framework of the remuneration policy for Senior Officers at the Bank, a target for the Bank to comply with of a minimal rate of return on equity regarding the payment of a bonus, which will be predetermined by the Bank's Board of Directors, when approving the work plan and a target of meeting the risk tolerance to the capital adequacy ratio of the Bank, as approved by the Bank's Board of Directors in the work plan for the relevant calendar year, as a threshold term for the eligibility of the Senior Officers to bonuses. The remuneration policy determines that to the extent that the Bank will comply with the aforesaid threshold terms, the Remuneration Committee and the Board of Directors may approve a bonus to any of the Senior Officers, after they considered a number of parameters. These parameters include, along with the degree of durability of the Senior Officer and the unit under its management with the main targets under his responsibility, as will be defined in the work plan derived from the Bank's strategic plan, inter alia, also parameters of compliance with the provisions of the law, the regulation and the Bank's procedures, no deviations from limits and rules determined by the Board of Directors within the policy documents approved by the Board of Directors and also audit reports given in the area of responsibility of the Senior Officer. Thus, the threshold conditions for payment of bonuses to Senior Officers, as well as the parameters and indices for assessing Senior Officers of the Bank, and on the basis of which the granting of the bonus to the Senior Officers and the amount of the bonus, include indices that are meant to ensure stability and compliance with the risk tolerance for risks, and inter alia, the compliance of the Senior Officers with limits and rules, including with risk appetite and risk tolerance, determined by the Board of Directors within the policy documents, which the Board of Directors approved, compliance with the risk tolerance to compliance risks to the provisions of law and findings of audit reports that address their activity and area of responsibility, including in the fields of risks management under their responsibility.

With regard to key employees - remuneration indices, which include compliance with risk-management limits; internal audit scores; and compliance with laws, regulations, and regulatory directives, were incorporated into individual remuneration plan. In the remuneration policy for the Bank's employees and Senior Officers, provisions in accordance with directive 301A to the directive of the Supervisor of Banks, are included. According to which, every variable remuneration to a Senior Officer or to a key employee will be granted and paid subject to conditioning that all or part of the variable remuneration is recoverable upon fulfillment of criteria for return which are detailed in the remuneration policy, this is for a period of up to five years from the day they are granted (and regarding a Senior Officer up to seven years under exceptional circumstances defined in the policy). This directive - 154 -

applies to the variable remuneration for Senior Officers and key employees (subject to the transitional directives determined in relation thereto). According to the remuneration policy for Senior Officers, a Senior Officer will return the variable remuneration amounts paid to him, if they were paid on the basis of data that turned out to be wrong and were restated in the financial statements of the Bank, in a manner that will be determined by the Remuneration Committee. In the remuneration policy for the employees if the Bank and the Senior Officers, it was clarified that the remuneration policy does not constitute an undertaking of the Bank to grant bonuses and that the Board of Directors has the authority to decide to reduce the amounts of the bonuses to which the Senior Officers or key employees of the Bank are entitled, and to set the rate of the reduction, and in exceptional cases of a general crisis in the economy, the system, or the Bank, to determine that bonuses will not be granted to Senior Executives in the relevant year. The remuneration policy for Senior Officers includes rules regarding deployment and/or deferral of bonuses, according to the determined in it. In accordance with the updated deferral mechanism set forth in the remuneration policy for Senior Officers of the Bank, after the calculation and the approval of the amount of bonus in respect of a certain year, the bonus will be paid to the Senior Officer. However, in cases in which the total annual variable bonus to the Senior Officer in respect of a calendar year, will exceed 40% of his fixed remuneration for that year, then half (50%) of the total bonus to which he is entitled in respect of that year, shall be deferred and paid to the Senior Officer in equal installments in each of the three consecutive years following the calendar year in which the bonus was approved. The deferred payments are linked to the consumer price index from the date of the approval of the bonus. The relevant deferred annual bonus installment in each deferred year will be paid (vested) provided that the Bank's annual return on equity shall be at least 2%. If the Bank does not comply with this vesting term then the relevant deferred annual bonus installment will be deferred to the following date in which the Bank will comply with these terms. In the remuneration policy for key employees a deployment mechanism is also set forth if the extent of the variable remuneration shall exceed a minimal rate determined within its framework, and regarding bonuses to part of the key employees, the deferred payments are subject to reduction mechanisms and / or freezing of deferred payments (with the possibility of canceling entitlement to deferred and frozen grants) according to the terms detailed in the bonus plans approved to them. The remuneration policy also limits the extent of the variable remuneration that may be paid to the Senior Officers and the key employees while it states that the variable remuneration for Senior Officers and key employees shall not exceed 100% of the fixed remuneration of the Senior Officer in that year (other than exceptions, in accordance with Directive 301A). In addition, there is a conditioning in the remuneration policy, according to which, the remuneration policy and the terms of service and employment are subject to rules and limits set forth in the Remuneration Limit Law. - 155 -

Pursuant to the remuneration policy, actual payment of remuneration in respect of the termination of employment, which is not a fixed component (i.e. which constitutes a variable component), shall be subject, in part, to a deferral mechanism of three years after the end of the officer's employment at the Bank, and to the application of mechanisms for retroactive adjustment to performance, in order to ensure that such remuneration does not encourage excessive risk-taking.

Description of the Ways in Which the Banking Corporation Creates a Connection between the Performance, during the Performance Measurement Period, and the Levels of Remuneration

Pillar 3

As detailed above, the Remuneration Committee and the Board of Directors shall be allowed to approve bonuses to any of the Senior Officers of the Bank, subject to the fulfillment of the threshold terms that refer to the Bank's performance (the Bank's return rate and its compliance with the risk tolerance for the capital adequacy ratio that the Board of Directors approved), and also after weighting additional parameters which examine the performance of the Senior Officers (inter alia, the compliance degree of the Senior Officer and the unit under his management with key goals under his responsibility as shall be defined individually within the framework of the work plan of the Bank, which derives from the strategic plan of the Bank, compliance with provisions of the law, the regulation and the Bank's procedures, lack of deviation from limits and rules determined by the Board of Directors within policy documents that the Bank's Board of Directors approved and audit reports given in the area of responsibility of the Senior Officer and with due consideration to the comparison of the Bank's results with the banking system) and also on the basis of the personal evaluation of the Senior Officer, so that the remuneration of the Senior Officer and its amount is contingent upon the Bank's performance and the performance of the Senior Officers. The bonus plans for other key employees also examine the employee's performance, based on predefined criteria, according to the area of activity and responsibility of the employee, taking into consideration parameters that refer to the performance of the Bank and of the unit in which the employee operates during the performance evaluation period, combined with scores on tests in the area of control (risk management, compliance, and auditing), which can reduce the employee's evaluation to the point of denial of a bonus, in extreme cases. The maximum total bonus for an employee is limited to a predefined ceiling.

In the event of weak performance, to the point of failure to meet the threshold terms or indices established in the remuneration plans, the Senior Officers or key employees shall not be entitled to bonuses. A directive has also been established in the bonus plan, applicable to part of the key employees, regarding a the freezing of grants that were deployed and the cancellation of entitlement to receive the part that was rejected from the

- 156 -

grant in the event of performance that falls below the threshold defined in the applicable bonus plans. In the remuneration plan for Senior Officers, a rule for the deferral of payment of bonuses deployed (in accordance with the rules of the policy), was determined, for cases in which the Bank's annual yield falls below the threshold defined in the remuneration policy. In addition, pursuant to the remuneration policy for employees and Senior Officers of the Bank, as noted above, the Board of Directors has the authority to decide to reduce the amounts of the bonuses to which the officers or key employees of the Bank are entitled, and to set the rate of the reduction, and in exceptional cases of a general crisis in the economy, the system, or the Bank, to be explained in the decision, to determine that bonuses will not be granted to Senior Executives in the relevant year.

Description of the Ways in Which the Banking Corporation Adjusts Remuneration in order to Take Longer-Term Performance into Consideration Pillar 3

As noted above, a bonus payment deferral mechanism has been established in the remuneration policy, taking into account the scope of the bonus in relation to the fixed remuneration in that year. In addition, with regard to bonuses for part of the key employees (who are not Senior Officers), it has been determined that they are subject to reduction mechanisms and freezing of deferred payments and even cancellation of entitlement to receive them, in accordance with the terms specified in the applicable bonus plan. In addition, under exceptional circumstances defined in the remuneration policy, key employees may be required to repay variable remuneration paid to them, during a period of up to five (5) years from the granting date, taking into consideration the rank of the key employee, and subject to the transitional directives established in relation to the directive (and under exceptional circumstances, defined in the remuneration policy for Senior Officers, the recoverable period may be extended in relation to the Senior Officer, by two additional years). In addition to that, in the remuneration policy for Senior Officers at the Bank, it is determined that a Senior Officer shall reimburse the Bank for sums of variable remuneration paid to him, if the sums were paid based on data later found to be erroneous and restated in the financial statements of the Bank, in the manner and method to be determined by the Remuneration Committee. Furthermore, pursuant to the remuneration policy, actual payment of remunerations in respect of the termination of employment, which are not a fixed component (i.e. which constitutes a variable component), shall be subject to a deferral mechanism of three years after the end of the Senior Officer's employment at the Bank, as well as to the application of mechanisms for retroactive adjustment to performance, in order to ensure that such remuneration does not encourage excessive risk-taking, subject to the rules set in the policy. - 157 -

The remuneration policy determines that the variable remuneration for Senior Officers and key employees will not exceed 100% of the fixed remuneration of the same year. Under exceptional terms and subject to provisions of law, the Bank may determine that the variable remuneration in respect of a calendar year will be up to 200% of the fixed remuneration, and this is subject to the rules of the law and to receiving a detailed and reasoned decision of the Board of Directors and subject to the approval of any other organ of the Bank as required by the law.

Description of Forms of Variable Remuneration used by the Banking Corporation and of the Considerations in the use of such Forms of Variable Remuneration

The Bank does not have variable remuneration plans involving shares or share-based instruments.

The following is a quantitative disclosure of the remuneration policy for key employees (including Senior Officers) during the reporting year:  The Remuneration Committee convened 9 times during the reporting year, and remuneration in the amount of NIS 63,750 (not including VAT) was paid to its members.  16 key employees received variable remuneration during the reporting year.  During the reporting year a promised bonus, non-depended on performances, was granted in the amount of NIS 0.1 million.  During the reporting year, a signing bonus was not granted.  During the reporting year, compensation payments over 100%, in the amount of NIS 0.9 million, paid to a central employee.  The total deferred remuneration paid in the reporting year is approximately NIS 1.0 million.  The total amount that has not been paid yet of the balance of deferred remuneration and the held remuneration, which is exposed to adjustments in hindsight explicit or implicit: NIS 7.2 million. During the reporting year, there were no reductions due to explicit or implicit adjustments in hindsight.

- 158 -

Table 31 – Additional Details of the Remuneration Amount in Respect of the Reporting Year for Senior Officers and Other Key Employees (REM1)

Pillar 3

December 31, 2019 December 31, 2018 Other Key Other Key Senior Officers * Executives Senior Officers * Executives Un- Un- Un- Un- deferred Deferred deferred Deferred deferred Deferred deferred Deferred NIS millions

Fixed Remuneration Cash based 18 - 5 - 21.5 - 7.0 - Shares and share- based instruments - - - - Others - - - - Variable Remuneration Cash based - 1.9 - 2.1 - - - 1.7 Shares and share- based instruments - - - - Others - - - -

*Including the Chairman.

For detail of the remuneration to stakeholders and Senior Officers, in accordance with regulations 21 and 22 to the Securities Regulations (Immediate and Periodic Reports) 1970, see section on corporate governance, audit and additional details on the banking corporations' business and their management.

- 159 -

Table 32 – Special Payments (REM2)

Guaranteed bonuses Grants at signing Compensation payments No. of No. of No. of employees* Total employees Total employees Total NIS millions December 31, 2019 Senior Officers 11 0.7 1 0.9 Other key employees 5 0.4 December 31, 2018 Senior Officers 12 0.4 Other key employees 7 1.6

*Referring only to those received "special payments", including officers and key employees, who have ceased their service.

- 160 -

Table 33 – Deferred Remuneration (REM3)

A B C D E

Of which: Total Total Total Total unpaid amount of amount of amount of amount of deferred and retained revision revision deferred Total unpaid remuneration, which made during made during remuneration amount of exposed to the year due the year due which paid deferred retrospective to explicit to implied out during Deferred and retained remuneration adjustments, explicit retrospective retrospective the reporting remuneration balance* and / or implied adjustments adjustments year NIS Millions As at December 31, 2019 Senior Officers 1.9 0.7 Cash Shares Time-based instruments Other Other Key Employees 2.1 0.4 Cash Shares Time-based instruments Other

Total 4.0 1.1

*The actual bonuses payments for this year will perform subject to the approval of bonuses payments regarding 2019 to the Banks employees.

______Zeev Abeles, Shevy Shemer Shira Redoven Chairman of the Board of Directors CEO Chief Risk Officer

Date of approval of the financial statements: - 161 -

Addendum A - Relations between financial statements and regulatory amounts

Differences between the accounting consolidation basis and the supervisory consolidation basis, and the mapping of the financial statements according to the supervisory risk categories (LI1)

Table 34: Differences between the accounting consolidation basis and the supervisory consolidation basis, and the mapping of the financial statements according to the supervisory risk categories (LI1)

A B C D E Balance sheet balances of items which: Balance Not subject sheet to capital balances as requirements reported or subject to in the Subject Subject to a deduction published to a counterparty Subject to a from financial credit credit risk market risk the capital statements risk limit limit limit base NIS millions December 31, 2019 Assets

Cash and deposits with banks 6,907 6,761 146 - -

Securities 8,404 7,119 132 1,285 - Securities borrowed or purchased under 2 2 - - - agreements to resell Credit to the public 26,119 26,119 - - - Allowance for credit losses )246( - - - )246( Net credit to the public 25,873 26,119 - - )246( Buildings and equipment 228 228 - - -

Assets in respect of derivative instruments 526 526 287 - Other assets 527 527 - - - Assets held for sale - - - - -

Total assets 42,467 40,756 804 1,572 )246(

Liabilities

Deposits from the public 31,668 - - - 31,668 Deposits from banks 322 - - - 322 Bonds and subordinated notes 4,818 - - - 4,818 Liabilities in respect of derivative instruments 650 - 650 338 - Other liabilities 2,371 - - - 2,371 Total liabilities 39,829 - 650 338 39,191

- 162 -

Addendum A - Relations between financial statements and regulatory amounts (Cont'd)

Differences between the accounting consolidation basis and the supervisory consolidation basis, and the mapping of the financial statements according to the supervisory risk categories (LI1) (Cont'd)

A B C D E Balance sheet balances of items: Balance Not subject sheet to capital balances as requirements reported or subject to in the Subject Subject to a deduction published to a counterparty Subject to a from financial credit credit risk market risk the capital statements risk limit limit limit base NIS millions As at December 31, 2018 Assets

Cash and deposits with banks 9,440 9,430 10 - -

Securities 5,583 4,902 167 681 -

Securities borrowed or purchased under 568 568 - - - agreements to resell Credit to the public 24,408 24,408 - - - Allowance for credit losses (256) (18) - - )238( Net credit to the public 24,152 24,390 - - )238( Buildings and equipment 241 241 - - -

Assets in respect of derivative instruments 642 - 642 490 - Other assets 622 610 - - 12 Assets held for sale 68 68 - - -

Total assets 41,316 40,209 819 1,171 )226(

Liabilities Deposits from the public 31,905 - - - 31,905 Deposits from banks 319 - - - 319 Bonds and subordinated notes 3,637 - - - 3,637 Liabilities in respect of derivative instruments 482 - 482 315 - Other liabilities 2,475 - - - 2,475 Total liabilities 38,818 - 482 315 38,336

- 163 -

The relationship between the balance sheet and regulatory capital components (CC2)

Table 35: Composition of the regulatory balance sheet (CC2) Disclosure According to Pillar 3

References to components of supervisory December December capital 31, 2019 31, 2018 NIS millions Assets Cash and deposits with banks 6,907 9,440 Securities 8,404 5,583 Of which: investments in capital of financial corporations that do not exceed 10% of the share capital of the financial corporation E - Of which: investments in capital of financial corporations that - exceed 10% of the share capital of the financial corporation, and do not exceed the deduction threshold F - Of which: other securities 8,404 5,583 Securities borrowed or purchased under agreements to resell 2 568 Credit to the public 26,119 24,408 Allowance for credit losses )246( )256( Of which: collective allowance for credit losses included in )246( Tier 2 capital J-1 )238( Of which: allowance for credit losses not included in - supervisory capital )18( Net credit to the public 25,873 24,152 Credit to governments - - Buildings and equipment 228 241 Assets in respect of derivative instruments 526 642 Other assets 527 622 Of which: deferred tax assets 327 300 Of which: deferred tax assets attributed to timing differences, 31 which were deducted from capital G 15 Of which: additional other assets 200 322 Assets held for sale - 68 Total assets 42,467 41,316

- 164 -

References to components of supervisory December December capital 31, 2019 31, 2018

Deposits from the public 31,668 31,905 Deposits from banks 322 319 Deposits from the government - - Bonds and subordinated notes 4,818 3,637 Of which: subordinated notes not recognized as supervisory 4,275 2,971 capital Of which: subordinated notes recognized as supervisory 543 capital 666 Of which: qualifying as supervisory capital components 520 518 Of which: not qualifying as supervisory capital components 23 and subject to transitional directives I+H 148 Liabilities in respect of derivative instruments 650 482 Of which: in respect of own credit risk D 7 1 Other liabilities 2371 2,475 Of which: collective allowance for credit losses included in 21 Tier 2 capital J-2 26 Total liabilities 39,829 38,818 Shareholders’ equity 2,638 2,498 Of which: ordinary share capital and premium A 952 952 Of which: retained earnings B 1,635 1,566 Of which: Accumulated other comprehensive income C 25 )46( Of which: capital reserves C 26 26 Total common equity 2,638 2,498 Total liabilities and capital 42,467 41,316

- 165 -

Main sources of differences between supervisory exposure amounts and balance sheet balances in the financial statements (LI2)

Table 36: Main sources of differences between supervisory exposure amounts and balance sheet balances in the financial statements

A B C D E

Items to which the following apply: Credit Counterparty risk Securitization credit risk Market Total limit limit limit risk limit NIS millions December 31, 2019 Amount of balance sheet balance of assets according to supervisory consolidation base 43,132 40,756 - 804 1,572 Amount of balance sheet balance of liabilities according to supervisory consolidation base 988 - 650 338 Total net amount according to supervisory consolidation base 42,144 40,756 - 154 1,234 Off-balance sheet amounts 2,658 2,658 - - - Additional differences caused by different netting rules, excluding those in row 2 343 - - 343 - Differences caused by provisions - - - - - Exposure amounts taken into account for supervisory purposes 45,145 43,414 - 497 1,234

December 31, 2018 Amount of balance sheet balance of assets according to supervisory consolidation base 42,199 40,209 - 819 1,171 Amount of balance sheet balance of liabilities according to supervisory consolidation base 797 - - 482 315 Total net amount according to supervisory consolidation base 41,402 40,209 - 337 856 Off-balance sheet amounts 2,754 2,754 - - - Additional differences caused by different netting rules, excluding those in row 2 384 - - 384 - Differences caused by provisions - - - - - Exposure amounts taken into account for supervisory purposes 44,540 42,963 - 721 856

- 166 -