Risk Management and Information Security The Board also recognizes that, as a financial institution, FNB takes on a certain amount of risk in every business decision, transaction and activity. Our Board oversees the management of our risk appetite to optimize long- term shareholder value while supporting our employees, customers and communities. Risk management policies and procedures would not be complete without an inclusive cyber-security program to protect our employees, clients, communities and infrastructure. FNB’s Information Technology department is vested with the responsibility to provide a secure information technology infrastructure, and FNB has a team of employees solely dedicated to Information Security. FNB provides our employees with annual training to provide education about information security policies and the importance of safeguarding sensitive information including phishing awareness. FNB deploys various critical safeguards to monitor, detect and protect our systems and sensitive information against unauthorized intrusions including, but not limited to: • � Significant investment in technology, cybersecurity, fraud and risk management personnel and systems • � Postings on our website to inform customers of current cybersecurity risks and to educate them on the best practices to avoid various threats and schemes • � Annual internal and external penetration tests to identify potential vulnerabilities to our system and applications • � Continuous internal and external vulnerabilities risk assessment • � Firewalls to protect FNB systems from unauthorized access • � Threat intelligence systems for protection against emerging threats • � Data Loss Prevention techniques to mitigate sensitive information or system compromise • � Security Information and Event Monitoring – correlating network activity to determine anomalous behavior with real-time alerting and investigation Business Ethics FNB directors and employees are subject to a comprehensive and strict Code of Conduct, Code of Ethics and Insider Trading Policy, which significantly mitigate the risk of loss or legal proceedings associated with fraud, insider trading, anti-competitive practices and requirements and applicable regulatory standards. The Company’s Audit Committee has established complaint procedures for accounting and auditing matters. The complaint procedures provide for reporting to direct supervisors and/or managers; key executives with oversight for Audit, Risk, Legal and Human Resources; and reporting to a hotline, either by phone or web-based report submission. Any employee of the Company may submit a complaint regarding accounting and auditing matters, unethical, discriminating or hostile behavior, or illegal or unsafe behavior in the workplace without fear of dismissal or retaliation of any kind. Hotline reports are confidential, and callers also can remain anonymous, if they desire. FNB assures that it will not retaliate for any information provided. FNB will not discharge, demote, suspend, threaten, harass or in any manner discriminate against any employee in the terms and conditions of employment based upon any lawful actions of such employee with respect to good faith reporting of complaints regarding accounting matters or other suspected inappropriate activity. Complaints related to accounting and auditing matters are investigated at the direction of the Audit Committee, by Internal Audit and other parties as deemed appropriate for the situation. Any formal actions against employees require Human Resources and/or Legal involvement to ensure the basis of any such actions are not retaliatory. In addition, the Code of Conduct strictly prohibits retaliation in any form, subjecting anyone determined to have retaliated in violation of the Code to disciplinary action up to and including termination. Oversight of FNB’s Corporate Responsibility strategies that are central to FNB’s diversity, social, employee welfare and environmental initiatives are guided by the Nominating and Corporate Governance Committee, which provides regular updates to the Board on environmental, social and governance (ESG) activities. The FNB Corporate Responsibility Committee is responsible for developing strategies, tactics and policies relative to ESG and other activities to promote solutions for social, welfare, and environmental challenges facing our communities. 24 25 �