Santander US - EthicsPoint · Santander US and BSNY strictly prohibits retaliation against Employees and Directors for reporting or assisting in an investigation regarding conduct

Classification: INTERNAL | Page 1

Santander US

CODE OF CONDUCT

Santander US Code of Conduct

Date Last Approved: 12-15-2020 Version Number 7.0

Classification: INTERNAL

| Page 2

Table of Contents

1. INTRODUCTION ............................................................................................................................................. 4

1.1 PURPOSE AND SCOPE .................................................................................................................................. 4 1.2 YOUR RESPONSIBILITIES UNDER THE CODE ...................................................................................................... 4 1.3 DUTY TO REPORT/TIMELINESS ...................................................................................................................... 5 1.4 DISCLAIMER OF EMPLOYMENT ...................................................................................................................... 5 1.5 DOCUMENT APPROVAL AND MAINTENANCE .................................................................................................... 6 1.6 CORPORATE BEHAVIOR AND ETHICAL PRINCIPLES .............................................................................................. 6

2. CODE ............................................................................................................................................................. 8

2.1 POLICY STATEMENT .................................................................................................................................... 8 2.2 EQUAL OPPORTUNITY AND SAFE WORKPLACE .................................................................................................. 8 2.3 CONFLICTS OF INTEREST ............................................................................................................................... 9

UNDERSTANDING CONFLICTS OF INTEREST: PERSONAL INTERESTS ........................................................................... 9 RELATIONSHIPS........................................................................................................................................... 10 DISCLOSURE OF PERSONAL INTERESTS ............................................................................................................. 14

2.4 OUTSIDE ACTIVITIES ................................................................................................................................. 14 SERVING AS DIRECTOR, OFFICER, OR EMPLOYEE OF A NON-SANTANDER ENTITY ...................................................... 15 OUTSIDE ACTIVITIES THAT REQUIRE WRITTEN APPROVAL ................................................................................... 16 POLITICAL ACTIVITY/ GOVERNMENT OFFICIAL/ LOBBYING ................................................................................... 17

2.5 GIFTS AND BUSINESS EVENTS AND ENTERTAINMENT ........................................................................................ 20 GIFTS ....................................................................................................................................................... 20 BUSINESS EVENTS AND ENTERTAINMENT ......................................................................................................... 21 TRAVEL AND BUSINESS EXPENSE .................................................................................................................... 22 GIVING, SOLICITING AND ACCEPTING THINGS OF VALUE TO OR FROM INTERNAL SOURCES ......................................... 23 CORPORATE SPONSORSHIPS AND PHILANTHROPY OPPORTUNITIES ........................................................................ 23

2.6 FAIR DEALING ......................................................................................................................................... 24 PRODUCT DESIGN CONSIDERATIONS ............................................................................................................... 24 ADVERTISING AND MARKETING ..................................................................................................................... 24 SALES PRACTICES ........................................................................................................................................ 25 TIED BUSINESS DEALINGS ............................................................................................................................. 25 PRODUCT USE AND TERMINATION ................................................................................................................. 26 COMPETITION LAW ..................................................................................................................................... 26

2.7 COMMUNICATIONS .................................................................................................................................. 27 PUBLIC COMMENT/SPEAKING, ENGAGEMENTS ................................................................................................. 27 SOCIAL MEDIA ........................................................................................................................................... 27

2.8 SANTANDER ASSETS: USE OF CORPORATE ASSETS ........................................................................................... 29 2.9 FINANCIAL CRIME PREVENTION AND DETECTION ............................................................................................. 31

ANTI-MONEY LAUNDERING .......................................................................................................................... 31 ECONOMIC SANCTIONS AND ANTI-BOYCOTT .................................................................................................... 31 ANTI-BRIBERY / ANTI-CORRUPTION ............................................................................................................... 32 FRAUD ...................................................................................................................................................... 34




| Page 3

INSIDER TRADING ........................................................................................................................................ 35 THE FX GLOBAL CODE ................................................................................................................................. 36

2.10 PRIVACY / CONFIDENTIALITY / INFORMATION SECURITY ................................................................................... 36 CONFIDENTIAL INFORMATION ACQUIRED WHILE SERVING AS A SANTANDER EMPLOYEE OR DIRECTOR ......................... 37 CONFIDENTIAL INFORMATION ACQUIRED FROM A PREVIOUS EMPLOYER OR ROLE .................................................... 37 CONFIDENTIAL SUPERVISORY INFORMATION (“CSI”) ......................................................................................... 37 PRIVACY AND SAFEGUARDING ....................................................................................................................... 37 INFORMATION SECURITY .............................................................................................................................. 39

2.11 RECORDKEEPING ...................................................................................................................................... 39

3. REPORTING ................................................................................................................................................. 41

3.1 REPORTING EMPLOYEE MISCONDUCT OR VIOLATIONS ...................................................................................... 41 3.2 NON-RETALIATION ................................................................................................................................... 41 3.3 WHISTLEBLOWER – ALLEGED MISCONDUCT ................................................................................................... 41 3.4 REPORTING TO SANTANDER AND PERSONAL DISCLOSURES ................................................................................ 42 3.5 FAILURE TO REPORT ................................................................................................................................. 43 3.6 INVESTIGATIVE PROCESS ............................................................................................................................ 43 3.7 ADDITIONAL GUIDANCE AND REPORTING REQUIREMENTS ................................................................................. 43

4. GOVERNANCE AND ACCOUNTABILITY ......................................................................................................... 44

4.1 CODE GOVERNANCE ................................................................................................................................. 44 4.2 SUBSIDIARY GOVERNANCE ......................................................................................................................... 44 4.3 EXCEPTIONS ............................................................................................................................................ 44

5. DOCUMENT HISTORY AND VERSION CONTROL ........................................................................................... 46

5.1 OWNERSHIP AND AUTHORSHIP ................................................................................................................... 46 5.2 SIGN OFF ............................................................................................................................................... 47

6. APPENDIX .................................................................................................................................................... 48

6.1 APPENDIX A — RELATED POLICIES AND PROCESS AND ADMINISTRATIVE DOCUMENTS ............................................ 48




| Page 4

1. Introduction

1.1 Purpose and Scope

The Santander US Code of Conduct (“Code”) outlines principles of honesty, integrity, accountability, and trust that all employees, and members of the Board of Directors (“Directors”) of Santander Holdings USA, Inc. (“SHUSA”) and its Subsidiaries1 (collectively, “Santander US”) and employees of Banco Santander, S.A. (“Santander”), New York Branch (“BSNY”) must understand and follow. These principles align with the core values set forth by SHUSA’s parent company Santander.

Employees and Directors professional conduct should align to the Code’s principles to ensure that Santander’s reputation remains intact.

As used in this Code, “Employees” are defined as an individual(s) who has/have been hired by any Santander US entity or BSNY in the capacity of a regular full-time or part-time, occasional, seasonal, interim, or periodic worker whose pay is recorded on IRS Form W-2.

This Code is expected to be adopted and adhered to by all entities of the combined U.S. operations of Santander (“CUSO2”), as defined in the Santander US Governance Framework.

1.2 Your Responsibilities Under the Code

You are required to adhere to this Code and all other applicable Santander US policies that set forth the ethical and professional conduct that Santander US and BSNY expects from you, including but not limited to Compliance, Legal and Corporate Affairs (“LCA”) and Risk policies; whether on Santander’s, a client’s, or a supplier’s premises, as well as when working offsite, remotely or from home. All such policies are available for your review on policyIQ. Additionally, Human Resources (“HR”) has documentation (e.g., Team Member Handbook, and other policies) that may provide additional guidance for certain areas covered by the Code (please reference Appendix A).

You are expected to understand and comply with the laws and regulations under which Santander US operates. If any provision of this Code conflicts with the law, the law will prevail. If a Subsidiary or BSNY has policies or procedures more restrictive than this Code, you must follow the more restrictive Subsidiary or BSNY policy or procedure, as applicable.

Use good judgment. Remember: if a situation doesn’t feel right, it likely isn’t. Refer to the applicable Santander US or BSNY policy for guidance, or consult with your manager, local Compliance, or LCA. If you

1 Defined in the Santander US Governance Framework, as amended from time to time. 2 Santander’s combined U.S. operations under Federal Reserve System Regulation YY, Enhanced Prudential Standards for Bank Holding Companies and Foreign Banking Organizations.




| Page 5

know of or suspect that a violation of this Code or any misconduct has taken place, or if you have any employee relations concerns, you should report them immediately to your manager, HR Employee Relations, local Compliance or the EthicsLine or Portal3 (see Section 3 of this Code for further guidance).

It is important to note that nothing within this Code is intended to or be construed as interfering with Employees’ exercising their Section 7 rights under the National Labor Relations Act4.

1.3 Duty to Report/Timeliness

You are responsible for reading, reviewing, and understanding this Code. You must also complete the annually required training and attest to an understanding of and adherence to your individual obligations to comply with this Code and the laws and regulations referenced herein.

It is not only the right, but the duty of every Santander US and Employee and Director and BSNY Employee to speak-up and share their concerns when they suspect something illegal or unethical is occurring. You are required to report any known or suspected violations of applicable law, regulations, internal policies or the Code promptly. Reporting is required whether the violation involves you or others subject to the Code. You may be held responsible for not reporting the actions of others if you knew, or should have known, that they were in violation of any applicable law, regulations, SHUSA policy or the Code. It is important that all allegations reported are truthful and honest in nature of what you are reporting. Please refer to section 3.1 of this Policy for more information regarding reporting.

Santander US and BSNY strictly prohibits retaliation against Employees and Directors for reporting or assisting in an investigation regarding conduct that is reasonably believed to relate to unethical acts, a regulatory or legal violation, or fraud. You will not be discriminated or retaliated against regarding compensation, terms, conditions, location, or privileges of employment due to your submission, or the submission by a person acting on your behalf, of a report, whether verbal or written, of alleged wrongdoing. If you have any concerns, you should raise them to your manager, HR, or the EthicsLine.

1.4 Disclaimer of Employment

While this Code highlights Santander US Employee and Director and BSNY Employee expectations, it does not confer any rights, privileges or benefits on any Employee or Director, create an entitlement to continued employment, establish conditions of employment or create an employment contract between Employees or Directors and any of the Santander US entities or BSNY. In general, employment at

3 The EthicsLine can be contacted by phone at 844-592-8452 and electronically by Portal at santanderUS.ethicspoint.com. 4 Section 7 of the National Labor Relations Act guarantees employees "the right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection," as well as the right "to refrain from any or all such activities."

http://santanderus.ethicspoint.com/




| Page 6

Santander US or BSNY is expressly “at-will” and may be terminated at any time by Santander US or BSNY, with or without cause and with or without notice. The contents of this Code do not modify the at-will status of employment with Santander US and BSNY.

1.5 Document Approval and Maintenance

The Code is owned by the SHUSA Chief Compliance Officer (“CCO”). It is recommended by the SHUSA Compliance Committee (“CC”) to the SHUSA Enterprise Risk Management Committee (“ERMC”) and the SHUSA Board Risk Committee (“Risk Committee”) for final recommendation to the SHUSA Board of Directors (the “Board”) for review and approval at least annually.

At least annually the CCO reviews and updates this Code, as necessary, to ensure that it remains applicable to Santander US’s strategy and current and planned activities. Ad-hoc reviews of this Code may be performed at the CCO’s discretion. The ERMC, Risk Committee, and Board may also initiate updates to this Code in response to changing conditions. The Board must approve all material changes or updates to this Code.

Each Subsidiary and BSNY is expected to submit this Code to its Board of Directors (“Subsidiary Board”), designated Subsidiary Board committee(s), or appropriate management committees (where there is no local Board) for formal review and adoption in accordance with the Santander US Enterprise Risk Management (“ERM”) Framework and the processes described in the Santander US Policy Administration Operating Policy.

1.6 Corporate Behavior and Ethical Principles

The corporate behaviors and ethical principles are the main pillars of the Code. In line with the Santander Simple, Personal and Fair culture, the corporate behaviors reflect this attitude and should guide the way of working and living the Santander brand. These Corporate Behaviors are:

• Show Respect

• Truly Listen

• Talk Straight

• Keep Promises

• Support People

• Embrace Change

• Actively Collaborate

• Bring Passion




| Page 7

Our Ethical Principles are:

Equal opportunities, diversity and non-discrimination

We guarantee access to jobs and promotions without discrimination on the basis of gender, sexual orientation, race, religion, age, marital status or social class.

Respect for people

We encourage relationships based on respect for the dignity of others and equality, fostering a respectful and positive work environment.

Occupational risk prevention

The health and safety of our Employees is essential to achieving a comfortable, safe working environment.

Work-life balance

We encourage a work atmosphere that is compatible with personal development and family life to improve the lives of Employees and their families.

Environmental protection and social and environmental responsibility

We undertake to comply with legislation on social and environmental matters and general principles of action in the area of human rights and climate change.

Collective rights

We respect the legally recognized rights of unionization, association and collective bargaining.




| Page 8

2. Code

2.1 Policy Statement

Santander US and BSNY are committed to ensuring that all Employees and Directors maintain the highest standards of ethical behavior. Thus, all policies and procedures shall conform to applicable laws and regulations, and you have a duty to fully comply with the laws and regulations governing Santander US and BSNY activities. You are expected to exercise good judgment, act with integrity, and uphold ethics of the highest standard. You are expected to act professionally, thus fostering a positive, inclusive and productive work environment. You are required to act with integrity at all times. If a situation doesn’t feel right, you should consult with your manager, local Compliance, or LCA.

Failure to comply with this Code

You are responsible for understanding and complying with this Code’s requirements, as well as Santander US and BSNY policies, standards and procedures that are relevant to your role. You have a duty to promptly report any known or suspected violations of applicable law, regulation, internal policy or this Code (collectively referred to as “Code Violations”) using the steps described in Section 3 – Reporting. Employees who violate this Code will be subject to disciplinary action, up to and including termination of employment, as well as possible referral to applicable regulatory or law enforcement authorities.

2.2 Equal Opportunity and Safe Workplace

Santander US and BSNY value equal opportunity and an inclusive and diverse workforce and as such, are committed to providing equal opportunity in access to employment, professional development, advancement, and all other terms and conditions of employment. All employment decisions at Santander US and BSNY are based on legitimate business considerations without regard to age, race, color, sex, gender, national origin, citizenship status, sexual orientation, religion, religious affiliation, pregnancy, maternity, marital status, gender identity or expression, genetic information, disability, veteran status or any other status protected under federal, state or local law.

This commitment to non-discrimination applies to the entire employment process, including recruitment, hiring, promotion, compensation, transfer and termination. Furthermore, you should conduct yourself in a professional manner, ensuring that you do not use discriminatory language (including any comments that indicate a bias against other people based on factors listed in the above paragraph).

In addition, Santander US and BSNY are committed to a safe and injury-free workplace free from inappropriate workplace behavior (e.g., harassment, intimidation, physical or verbal abuse, and workplace aggression). You must comply with work, health and safety standards, take care to protect your own health and safety and consider the health and safety of others. Employees have a responsibility to report inappropriate behavior before it escalates to violence in the workplace. All instances of threats, threatening behavior, or acts of violence must immediately be reported to your manager, HR Employee




| Page 9

Relations or SanResponse5. If you are in a managerial role, you must promptly report all suspected violations of the standards set forth in this section to your Employee Relations contact or the Employee Relations Hotline6 to ensure that such issues are promptly addressed.

2.3 Conflicts of Interest

A conflict of interest exists when your personal or financial interests—or the interests of an Employee’s and Directors Immediate Family Member; (which for purposes of this Code include a spouse, domestic partner, parents, children, siblings, mothers and fathers-in-law, sons and daughters-in-law, brothers and sisters-in–law, and anyone [other than domestic employees] who lives in your household), or anyone with whom you have a significant relationship—interfere, could interfere or appear to interfere in any way with your ability to serve the best interests of Santander US and BSNY, its customers, and/or its stakeholders. A conflict of interest also exists if you enter into personal relationships that would compromise or appear to compromise your impartiality as an Employee or Director. You may not derive or seek to derive personal benefit from business opportunities that arise from your role at Santander US or BSNY.

This section outlines situations that might give rise to a conflict of interest and is not meant to be all inclusive.

Understanding Conflicts of Interest: Personal Interests

“Conflicts of interest” and “personal interests” must be construed broadly. Your personal interests or the personal interests of your Immediate Family Members or anyone with whom you have a significant relationship may refer to anything that directly or indirectly benefits you or them.

In identifying and addressing conflict of interest issues, you must remember that the benefits do not have to be financial in nature; they can be intangible, such as charitable gifts or donations made in your name intended to enhance your reputation. Furthermore, you must be aware that the interests of Santander US and BSNY, its customers, and/or stakeholders may be damaged even when there is no financial harm. Please see the Santander US Reputational Risk Enterprise Policy for further details regarding the management of reputational risk at Santander in the U.S.

You must abstain from participating in or influencing decisions that may affect Employees or entities with which there may be a conflict of interest, or in which your objectivity or ability to adequately fulfil your obligations to Santander may be compromised. Additionally, you must also abstain from accessing important information that may have an impact on the conflict. Whether a conflict of interest exists

5 Contact SanResponse at 1-888-467-7088. Option 1 for Safety & Security Incident and Option 2 can be used to report all incidents of potential or actual fraud directly to Fraud Prevention & Loss Management. Additionally, the “In Case of Crisis” app is available for download on all major app stores. 6 The Employee Relations Hotline can be contacted by phone at 1-800-210-1426 Option 4.




| Page 10

depends on the specific facts and circumstances of a given situation, but in each instance, it may cause you to fall short of exercising sound and objective business judgment.

Relationships

This section discusses broad categories of relationships where conflicts of interest may arise. The information provided is not intended to cover all possible situations that might lead to a conflict of interest. You should consult with your manager, local Compliance, or LCA if you need further guidance.

Customers/Clients

In dealing with Santander US and BSNY customers and clients, you must use prudent judgment and act in good faith. You must be honest, transparent, professional, and act independently of your personal interests. The following examples should serve as guidance, but they are not exhaustive.

You must:

• Not invest in a customer or client’s business, take part in a joint venture with a customer, or take advantage of your position with Santander to invest or participate in a customer or client’s business unless you have made full disclosure and received prior written approval from your local Compliance and LCA.

• Not personally accept fiduciary appointments, mandates, or powers of attorney from customers or clients unless they are an Immediate Family Member, or you have made full disclosure and received prior written approval from your manager and local Compliance.

• Not encourage a transaction or other conduct by one customer or client for the benefit of another, unless all potentially affected customers or clients are aware of their different positions and expressly agree to the transaction or other conduct.

• Not divulge the confidential information of one customer or client for the benefit of another without the first customer’s or client’s consent.

• Inform customers and clients of the potential for a conflict of interest and avoid entering into personal relationships with customers and clients where a conflict exists.

• Not solicit or accept gifts, entertainment, or other things of value, including travel expenditures, from customers, clients, or other business partners, except as permitted herein; refer to section 2.5 Gifts and Entertainment.

• Not participate in any transactions on behalf of Santander US that are related in any way to personal or family interests.




| Page 11

• Avoid making specific recommendations to customers and clients regarding professional services such as real estate or insurance agents, stockbrokers, attorneys, or accountants. In some Subsidiary business units, there may be an approved referral list with several names or agencies listed, without any indication of preference, which may be given to a customer or client.

• Avoid any discussion or interaction that could be interpreted as providing investment, legal, tax, or accounting advice to customers and clients, unless your role requires you to provide such advice and, to the extent applicable, you are duly licensed to perform the work.

You are permitted to have individual business and personal relationships with Santander US and BSNY customers, clients, third parties, and others who do business with Santander US and BSNY, provided that any such business relationship is on customary terms, for proper and usual purposes, and pre-approval is obtained7 if required. You must not solicit or accept any special favors in recognition of your relationship with Santander.

Various individuals, including Santander US and BSNY Employees, Directors, and advisors, including outside counsel, may refer potential customers/clients to Santander US. Under no circumstance is such a referred potential customer or client to be given preferential treatment of any kind with regard to rates, fees, and other terms, including customer service, beyond that given to any other customer or client.

Santander Affiliates and Subsidiaries

Conflicts of interest must be considered with respect to internal lines of business, across US-based businesses and Subsidiaries, as well as with respect to Banco Santander, S.A. and other non-US affiliates. Conflicts that arise that may impact US-based businesses and Subsidiaries must be resolved recognizing the primacy of certain U.S. laws and regulations.

• Conflicts between Banco Santander, S.A., and the US – This type of conflict may arise when SHUSA or a US Subsidiary intends to put its interests before the interests of Banco Santander, S.A., the parent company; for example, in the scenario where Santander Bank, N.A. (“SBNA”) has identified a global commercial client beneficial interest that is to the detriment of a broader BSSA client relationship. In these instances, Banco Santander, S.A., as the parent company, must be notified (via escalation from SHUSA LCA) and will work to and resolve these conflicts of interest with the applicable Subsidiary by applying the resolution mechanism set forth in the Group-Subsidiary Governance Model and Guidelines for Subsidiaries.

• Conflicts between Banco Santander Affiliates – This type of conflict may arise when one Affiliate intends to put its interests before the interests of another Santander Group subsidiary; for example, in the scenario where SHUSA or a US Subsidiary has identified a beneficial interest that

7 Please refer to the Outside Activities and Gifts & Entertainment standards




| Page 12

is to the detriment of a non-US Affiliate. In these instances, Banco Santander, S.A., as the parent company, must be notified (via escalation from LCA) and will work to resolve these conflicts of interest with the applicable Santander Affiliates by applying the resolution mechanism set forth in the Governance Model.

• Conflicts between two US Subsidiaries – This type of conflict may arise when one US Subsidiary intends to put its interests before the interests of another US Subsidiary; for example, in the scenario where SBNA has identified a beneficial interest that is to the detriment of Santander Consumer USA Holdings, Inc. In these instances, Compliance or LCA must be notified and will facilitate the escalation and resolution of these conflicts through the Executive Risk Committee.

Competitors

You may not have any agreement, understanding, or arrangement with any competitor with respect to the pricing of services, interest rates, customer relationships, geographic coverage, or marketing policies unless you receive prior written approval from LCA. Additionally, please refer to Competition Law section 2.6.6 of this Code.

You must take all appropriate steps to prevent any disclosure of confidential and proprietary information to Santander US competitors or other third parties. Please refer to Section 2.10, Privacy/ Confidentiality/ Information Security of this Code for more guidance.

Suppliers and Third-Party Services

You must avoid any type of interference or influence that could appear partial or lacking in objectivity if you are involved with suppliers’ contracts or services or have input into the economic terms of such contracts. Employees may not engage in procuring products or services for Santander with companies or individuals with whom they have economic or family ties and are prohibited from entering into side agreements with suppliers and/or third parties. You must use established procedures to enter into contracts with external suppliers and third parties and must avoid exclusive business arrangements. All contracts or arrangements must be approved by LCA. For additional details, please refer to the Santander US Enterprise Third Party Risk Management Enterprise Policy. Additionally, please see the Santander US Supplier Code of Conduct regarding basic principles and expectations for suppliers’ professional conduct.

If you have access to confidential and proprietary information belonging to Santander US’ suppliers/third parties, you must treat such information the same as you would treat Santander US’ information, by:

1. Using such information and property for authorized purposes only;

2. Maintaining the confidentiality of such information and property in accordance with the requirements of Section 2.10, Privacy/ Confidentiality Information Security of this Code; and




| Page 13

3. Adhering to other data security procedures as may be implemented by Santander US and BSNY from time to time.

Subject to certain permitted transactions and exceptions described in Section 2.5, Gifts and Business Events and Entertainment of this Code, you may not solicit and/or accept gifts or entertainment, including travel and accommodations, from suppliers or third parties with whom Santander US does or intends to do business.

Other Employees

Santander will consider for hire or internal transfer an Employee’s relative if the hiring does not present a conflict of interest or compromise internal control measures as determined by the hiring manager in conjunction with Human Resources.

You may maintain friendships and other personal relationships with Employees outside of work, however a conflict of interest applies when a “significant other” relationship develops between Santander Employees. While there is no prohibition on Employees dating other Employees, it is inappropriate for Employees involved in personal relationships to report to each other at work or have the ability to influence each other’s performance of their duties, responsibilities, or compensation. An Employee cannot functionally report to one’s relative or significant other. If such conflict establishes itself after being hired, one of the two Employees will have to be moved to another department.

You must disclose any relationships with Employees that may result in an apparent, actual, or potential conflict of interest to your manager and/or HR. Failure to do so may result in discipline, up to and including termination of employment.

You are also generally prohibited from participating in personal financial transactions with other Employees, unless they involve a nominal amount, or the other Employee is an Immediate Family Member or close personal friend.

Employee Loans from other Resources

You are prohibited from borrowing money from customers or suppliers of Santander US and BSNY; exceptions may be made when those customers or suppliers are Immediate Family Members.

You may not borrow under any other circumstance that appears inappropriate or that might cause a potential conflict of interest.

Nothing in this Code precludes you from obtaining loans from another financial institution, provided that such loans are, under all facts and circumstances, at fair market value and at terms no more favorable to you than those available to the general public.




| Page 14

Loans to Insiders

Regulation O restricts extensions of credit by a bank to any director, executive officer, or principal shareholder of the bank or certain of its affiliates (collectively, “Regulation O Insiders”) and requires that certain extensions of credit to Regulation O Insiders be disclosed.

Subsidiaries that are subject to Regulation O may not, directly or indirectly, including through any subsidiary, extend or maintain credit, arrange for the extension of credit, or renew an extension of credit in the form of a personal loan to or for any Regulation O Insider or to certain affiliate Regulation O Insiders, except as provided by Regulation O, and the policies and procedures developed at the Subsidiaries to ensure compliance with Regulation O.

Civil monetary penalties may be imposed against Subsidiaries and Directors, Employees and agents that participate in activity that violates a provision of Regulation O. To the extent Regulation O is applicable to your Subsidiary, please refer to your local Regulation O Policy for more information.

Disclosure of Personal Interests

If you are unsure whether a conflict of interest exists, you must consult with your manager and local Compliance. You must also refrain from taking any action that may give rise to an actual conflict of interest until the facts of the situation are properly addressed by local Compliance, which may determine that you cannot engage in a certain activity while at Santander US.

Some examples of personal interests that should be disclosed are:

• Any personal or Immediate Family Member website(s) that relates to the financial services industry and/or related to the job you perform on behalf Santander must be disclosed;

• Being designated as a signer/ co-signer or having signature authority on any Santander product or service that is related to a business account, that business must be disclosed; and

• Becoming an angel/seed investor.

Should you choose to participate in an activity as described above, please refer to section 2.4, Outside Activities below for further information; each Employee and/or Director must contact their local Compliance or LCA prior to acting in such to ensure there is no conflict of interest.

2.4 Outside Activities

Santander encourages your involvement in outside activities as long as there is no conflict of interest and your role at Santander US or BSNY is not impacted negatively by the outside activity; including the amount of time spent on the activity and the improper use of Santander assets/resources. Accordingly, you are generally prohibited from engaging in certain outside activities (including business opportunities) that restrict, compete, or interfere with Santander US or BSNY business activities and interests. There are




| Page 15

prohibitions on certain real estate activities (e.g. investment properties). For further information regarding prohibited outside activities, please refer to the Santander US Outside Activities Oversight Standard.

Employees must disclose all outside activities in which that they wish to be involved, at least 30 days in advance of starting the activity. New Employees must disclose all outside activities they are involved in within 30 days of their start date. Employees may be asked to resign from an activity if the position directly affects Santander’s interests or is deemed to create a conflict of interest.

Some Subsidiaries may have stricter Outside Activity requirements; please see your local Outside Activities Oversight Standard for further guidance. Annually, Employees will complete a confirmation of previously approved outside activities as well as complete the Code of Conduct attestation. You must also refrain from taking any action that may give rise to an actual conflict of interest until the facts of the situation are properly addressed by your local Compliance, which may determine that you cannot engage in a certain activity while at Santander US or BSNY.

Serving as Director, Officer, or Employee of a Non-Santander Entity

For-Profit Entities

You are generally prohibited from serving as a director, officer, or employee of another financial services company including, but not limited to, an unaffiliated bank, thrift, and trust or depository institution.

Before you begin serving as an officer, director, or employee of a for-profit business that’s in the financial services industry or related to your field of work, you must discuss the proposed service with your manager and then your local Compliance, make full disclosure of the nature of the contemplated activity, and obtain written approval.

You are also prohibited from performing any other service as a director, officer, or employee of Santander US and BSNY or for-profit business that is or appears to conflict with the interests of Santander US or BSNY. Typically, this includes, but is not limited to, owning, operating, or working for an organization in competition, directly or indirectly, with Santander US or BSNY.

Directors who accept appointments to serve as directors, officers, or employees outside of Santander US shall, in cases where such appointments have not previously been disclosed, must promptly disclose such appointment to the Board Chairman and the Corporate Secretary (in the case that it is the Chairman disclosing, the disclosure should go to the SHUSA Nominations & Executive Committee). In addition, Directors must comply with any limitations imposed on such service by the relevant Board of Directors.

If you are approved to serve as a director, officer, owner, or employee of any non- Santander US or BSNY for-profit business, you must inform your local Compliance of any potential conflict of interest that may arise at any time during that service. If warranted, you must abstain and recuse yourself from any discussion or vote related to or arising from potential conflicts of interest. In addition, if requested by local




| Page 16

Compliance, you must resign from the position or otherwise terminate your affiliation with the non-Santander business in order to continue your employment at Santander US or BSNY.

Not-for-Profit Entities

Before serving as a director or committee member (including on an Audit, Finance, or Investment Committee) of a not-for-profit entity which poses either a perceived or actual conflict of interest, you must disclose the proposed service to your manager and then your local Compliance8, which will either grant or deny permission to serve. For example, you must seek Compliance approval when:

• The entity is a Santander US or BSNY customer, client, or third party; or

• Your service could pose reputational risk9 to Santander.

During your service, if changed circumstances cause perceived or actual conflicts of interest (including changes to your role within Santander or the not-for-profit) you must request Compliance’s permission to continue serving. Additionally, please refer to the Santander US Corporate Social Responsibility Enterprise Policy for clarification relating to organizations affiliated with SHUSA and Subsidiary Directors.

Employee or Owner of a Non-Santander Entity

Before serving at any level of, or owning certain for-profit business(es), you must discuss the proposed service and seek pre-approval from your manager. This includes disclosing any businesses to which you are a signer/co-signer, as well as having signature authority or transaction authorization (active or passive) on a Santander product or service that is related to a business account.

Outside Activities that Require Written Approval

Employees who engage in certain outside activities are required to obtain written approval from their manager and local Compliance, while Directors outside activities require written approval from the SHUSA CLO. Outside activities that require pre-approval include, but are not limited to:

• Acting as a member or officer of a board of directors/trustees (including advisory boards) of a professional association, unless Santander US asks you to so serve;

• Acting as a general or managing partner of a partnership or otherwise actively managing a business;

8 This includes appointments where the SHUSA Corporate Social Responsibilities function requests an Employee join a Board or Community Organization as a representative of Santander; refer to the Santander US Corporate Social Responsibility Policy for additional detail. 9 For further information on reputational risk, consult the Santander US Reputational Risk Enterprise Policy.




| Page 17

• Engaging in an activity in return for compensation or reasonable expectation of future compensation if the activity is performed in the financial services industry or related to your field of work (e.g., getting paid for outside auditing work if you are an auditor for SHUSA);

• Acting as an instructor in areas in which Santander US or BSNY has a business interest (e.g., retail or commercial banking);

• Providing advice on investments, legal, tax or accounting matters;

• Writing, endorsing, publishing, speaking, blogging, maintaining business or informational websites, participating in online business referral networks or other similar activities involving the financial services industry or related to your field of work at Santander US or BSNY in print or online; or

• Testifying as an expert witness.10

It is not a SHUSA requirement that all Outside Activities for which an Employee receives compensation needs pre-approval (e.g., part time retail sales jobs, restaurant/bar service jobs, ride share driver employment etc.). However, local Compliance may implement additional disclosure requirements or restrictions on acceptable activities based on risk or regulatory guidance; you must adhere to the more restrictive requirement.

Please refer to the Santander US Outside Activities Oversight Standard for further guidance.

Attending Conferences/Seminars

If you are attending a professional conference, seminar or other similar event (infrequently), where your presence may be construed as being on behalf of Santander US (whether paid for by Santander or personally), please see section 2.7.1 below for guidance on requirements related to requests for Public Speaking/Engagement.

Political Activity/ Government Official/ Lobbying

Santander respects your right to engage in personal political activities using personal resources and personal time. Depending on your role there may be certain conditions, limitations or requirements placed on personal political contributions and activities. For example, because government and other public entities as well as labor unions are current and potential customers of Santander US and BSNY, Employees of certain business units may be subject to certain legal and/or policy restrictions. You must ensure that all activities are lawful and compliant with any legal restrictions and requirements, which includes not making any personal contributions intended to influence the award of business or

10 Any subpoena for testimony as it is related to Santander and/or your job at Santander should be reported to LCA.




| Page 18

promulgation of legislation or rulings favorable to Santander US or BSNY. This responsibility includes compliance with any legal limitations on political contributions and refraining from actions that may be misconstrued as being conducted on behalf of Santander US or BSNY.

You cannot use of any Santander US or BSNY facilities, equipment, supplies, personnel, or name, as well as use of Santander US or BSNY funds to purchase tickets to political dinners, fundraisers, or the like unless you received specific authorization from the LCA Executive Director of Government Relations. Please refer to Section 2.9.3, Anti-Bribery/ Anti-Corruption of this Code.

Personal Political Contributions

Covered Employees for purposes of Political Contributions include:11

• Executive Officers of SHUSA or a Subsidiary;

• Employee Directors of SHUSA or a Subsidiary

• Any other Employees of SHUSA, BSNY or a Subsidiary who:

o Because of their job function is classified as a Covered Employee; and

o Compliance or SHUSA LCA has notified the individual as a Covered Employee for purposes of the Santander US Political Contributions Standard.

To help ensure Santander US and BSNY comply with various political contribution restrictions, Covered Employees must obtain advance clearance from local Compliance for all personal political contributions they wish to make. Covered Employees must also obtain prior written approval from Compliance before they solicit or coordinate political contributions. Santander US Independent or Non-Employee Directors must obtain advance clearance from the SHUSA CLO or SHUSA Corporate Secretary.

Please see the Santander US Political Contributions Standard for further information (including classification of Covered Employees) regarding political activities.

Corporate Political Contributions

Federal law and many state laws prohibit corporate political contributions. Any activity involving potential corporate political contributions including causing Santander US or BSNY to use corporate resources (personnel or otherwise), assets, or facilities in connection with Fundraising or other political activities,

11 Please refer to Appendix D of the Santander US Political Contributions Standard for a description of who may be determined to be a Covered Employee.




| Page 19

requires advance clearance from the SHUSA LCA Executive Director of Government Relations prior to causing Santander US or BSNY to make a corporate political contribution.

Under no circumstances may Santander US, BSNY or a Santander US PAC reimburse an individual or entity for a Political Contribution.

Political Action Committee (“PAC”)

Covered Employees and Employees that are Directors are prohibited from establishing, controlling or holding a management position or serving on the board of directors of a PAC, or any other entity that makes political contributions. This does not apply to the Santander US PAC; pre-clearance is not required for political contributions to the Santander PAC. Please contact the LCA Executive Director of Government Relations if you have any questions.

Lobbying

The SHUSA Government Relations and Public Policy team is solely responsible for conducting government-related advocacy activities on behalf of Santander US and BSNY. You must be aware of the restrictions that apply to a particular situation and must comply with all applicable laws, regulations, policies, and standards. For more information, consult with Government Relations.

Political Positions

An Employee’s candidacy, election, or appointment to a government position may prohibit or otherwise create restrictions on Santander US or BSNY business activities with the government office or related organizations. Any outside activity that involves a government position, whether paid or unpaid, elected or appointed, must be pre-approved, in writing, by your direct manager, local Compliance, as well as the head of the Subsidiary functional area.

Assuming any elected or appointed public office, including positions with any local, municipal, county, state, or federal government, board, commission, or agency requires a legal opinion from the government entity stating that your involvement will not restrict Santander US business activities. This requirement may be waived in certain cases in which LCA approval is requested and is received. This requirement does not apply to elected or appointed positions within a political party (e.g., a local election committee).

Political Related Volunteering

Covered Employees who wish to volunteer for a federal, state, or local candidate campaign, political party committee, PAC, inaugural effort, transition effort, or Ballot Measure Campaign must obtain prior written approval from your Subsidiary LCA.




| Page 20

2.5 Gifts and Business Events and Entertainment

Giving, soliciting or accepting anything of value from customers, prospective customers, third parties, government officials or public sector employees in connection with any Santander US or BSNY business, transaction, or service is generally prohibited by a number of laws, regulations, and this Code. Violations of any of these prohibitions can result in fines, regulatory sanctions and imprisonment, as well as termination of your employment with Santander US or BSNY.

In instances where an activity occurs outside of the United States or with individuals from another country, there should be a heightened awareness that there is the possibility of increased risk. Under all circumstances, you must exercise good judgment to ensure that any gift and/or business events/entertainment is reasonable for the occasion, is not lavish or frequent, does not create any appearance of impropriety, and could not be perceived to be compensation.

Employees registered with the Financial Industry Regulatory Authority (“FINRA”) may be subject to a more restrictive set of rules than those described in this section. Contact your local Compliance for more information regarding FINRA Associated Persons Gifts and Entertainment (“G&E”) rules.

If you believe that Employees or third parties are not following the policy requirements, you should escalate your concerns to your Compliance or Legal functions or contact the EthicsLine or Portal12. Santander US and BSNY third parties are reminded in the Santander US Supplier Code of Conduct that Santander policies prohibit Employees from soliciting or accepting gifts, entertainment or gratuities from its third parties and third parties may not offer, solicit or provide any gifts, entertainment or gratuities to Employees.

Gifts

A gift is anything of value given to an individual for no cost or below market value without a direct business purpose. Usually a gift is a tangible item (e.g., gift basket, tickets to an event), but it also can be an intangible benefit such as services, access, or special advantage that is not generally available to the public. A gift may also include payment or reimbursement of travel or other expenses.

Gift Requirements

• You may not give a gift to or accept a gift from any representative/employee of any regulator or other governmental entity, third party or prospective third party, customer/client or prospect.

12 The EthicsLine can be contacted by phone at 844-592-8452 and electronically by Portal at santanderUS.ethicspoint.com





| Page 21

o However, you may be able to give or accept a gift only if you receive your manager and local Compliance approval in writing in advance.

o If someone offers you a gift, you must decline or obtain manager and local Compliance approval before accepting.

o If you receive an unsolicited Gift, you must return it or obtain local Compliance approval or other direction.

Permitted Exceptions

You may accept a non-cash gift of Insignificant Value13 if the gift is given in connection with an occasion on which modest gifts customarily are provided and you do not accept gifts frequently. Please refer to the Santander US Gifts and Entertainment Oversight Standard for further information regarding Subsidiary specifics concerning Insignificant Value.

Business Events and Entertainment

A business event is a meeting, conference, seminar, program or similar event where the primary purpose, activity, discussion, etc. is directly related to approved Santander business matters, community-related initiatives, trade association or other industry matters, or employee professional development.

Business Entertainment refers to entertainment in the form of any social event, hospitality event, charitable event, sporting event, entertainment event, meal, leisure activity or event of like nature or purpose, as well as any accommodations and transportation.

Receiving Business Entertainment and Attending Business Events Requirements

You may not receive business entertainment or attend a business event sponsored by, a non-Santander entity or representative (excluding industry or professional conferences/seminars), including a regulator or other governmental entity, unless your manager and local Compliance approve in advance. If receipt or attendance is approved, Santander US or BSNY must cover the costs as business expenses pursuant to applicable policies (e.g., Santander US Travel and Entertainment Operating Policy) and subject to required approvals for such activity.

13 Generally are usual and customary promotional or recognition materials such as hats, shirts/jackets, pens, pencils, note pads, key chains, calendars, bags and backpacks, umbrellas, phone chargers and similar items bearing “Insignificant Value” generally refers to an organization or other promotional logo; and tokens recognizing transactions or significant projects such as framed photos, “tombstones,” and plaques and similar commemorative items. In addition, items of Insignificant Value can include gift baskets, food and candy, beverages and similar items with a fair market value not exceeding $100.




| Page 22

Permitted Exceptions

You may attend industry or professional conferences or other events where Santander US or BSNY pays the Employee’s expenses, or the organization pays some or all expenses because of Santander’s or your role with the organization (e.g., Santander is a trade association member or you are a board member of the organization), subject to applicable Santander US and BSNY policies and approvals (e.g., manager and record/log).

You may attend meetings and other events associated with Santander business transactions or initiatives directly related to your job responsibilities that are hosted and attended by a counterparty, other than a third party or prospective third party, subject to applicable Santander US and BSNY policies and approvals (e.g., manager and record/log). This is intended to cover actual business meetings, closing dinners, charitable benefits where Santander is a donor/sponsor, etc.

Providing Business Entertainment Requirements

You may provide appropriate business entertainment for prospective or existing clients/customers, counterparties and others in accordance with applicable Santander US or BSNY policies and only if you or another Santander US or BSNY Employee attends. The request may need to be approved in advance by your direct manager and then Compliance as well as any other party as defined in other department policies. For all business entertainment provided you must:

• Not provide entertainment to any individual or organization in excess frequency.

• Purchase all tickets to events through the Corporate Ticket Program.

• Comply with applicable policies (e.g., Santander US Travel and Entertainment Operating Policy).

For further guidance regarding request requirements for which pre-approval is required, please refer to the Santander US Gifts and Entertainment Oversight Standard.

Permitted

Travel and Business Expense

You must exercise judgment with regard to all business expenditures and comply with the contents of the Santander US Travel and Entertainment Operating Policy as well as any standards and procedures. Manager approval is required prior to booking business travel arrangements or organizing customer entertainment. Managers are responsible to ensure that sufficient budget is available in the cost center prior to making or approving travel arrangements or customer entertainment. Travel for non-Santander Employees (e.g., potential job candidates) must follow the requirements in forth in the Santander US Travel and Entertainment Operating Policy. HR will support the process for booking any required travel for interviews and the recruiter will secure the expense report from the candidate with appropriate approval authority and evaluate the reimbursement for reasonable business-related expenses.




| Page 23

Failure to submit expense reports timely may result in denial of payment. Falsification of expense reports may result in disciplinary action up to and including termination of employment. Violations of your expense policy will be brought to your attention and the attention of your direct manager. Repeat offenses will be escalated to HR and may result in disciplinary action, up to and including termination of employment.

Giving, Soliciting and Accepting Things of Value to or from Internal Sources

You may not give, solicit or accept items of value from any other Santander US or BSNY Employee in connection with SHUSA’s, the Subsidiary’s, or BSNY business, other than nominal incentive programs (e.g., gifts/tickets given out as part of an employee incentive program) and earned salary, wages, fees (e.g., company paid memberships), or other compensation paid in the usual course of business. Internal gifts of appreciation are permitted as long as these gifts are not excessive, lavish or frequent. It is recommended that gifts be tangible, (e.g., flowers/candy/cookies [or similar items], paid lunch/dinner, team party) but cannot be cash or cash equivalent (e.g., any gift cards to a store or Visa/American Express gift card); as other Gifts may be considered income and taxable. Furthermore, these types of gifts must be given with management approval. Any further questions can be directed to HR or local Compliance.

Gifts or business entertainment based on family or personal relationships (such as those with an Immediate Family Member, close personal friend, or co-worker) when the circumstances make it clear that there is a family or personal relationship, rather than the business of Santander US or BSNY, are the motivating factors and personal funds are used are permissible. However, Santander US and BSNY resources cannot be used to pay for personal gifts or business entertainment.

Corporate Sponsorships and Philanthropy Opportunities

Santander US and BSNY support local communities, among other ways, through financial charitable support. The Santander US Corporate Social Responsibility Office oversees charitable giving, sponsorships and memberships to nonprofits, while partnering with the Government Relations Office for oversight of industry and trade association memberships. Contributions to organizations affiliated, directly or indirectly, with government officials or public sector employees have the potential to present additional risk to Santander US and BSNY and may, in some instances, be illegal. Prior to making any charitable contributions, including event or program sponsorships, to a not-for-profit entity, all questions and requests should be directed and coordinated with the Santander US Corporate Social Responsibility Office to mitigate risks related to charitable donations and philanthropic opportunities. All questions regarding contributions to organizations affiliated with government officials should be directed to LCA, including the Santander US Corporate Social Responsibility Office. Additionally, you can refer to the Santander US Corporate Social Responsibility Enterprise Policy.




| Page 24

2.6 Fair Dealing14

Product Design Considerations

Santander US’s and BSNY’s commitment to fair dealing begins with conscientious product and service design and continues throughout the product/service lifecycle. New products, changes in business practices (mergers and acquisitions), and related initiatives must be designed, implemented and maintained to mitigate the potential for customer harm. Please refer to the Santander US Product Governance and Monitoring Operating Policy for further details regarding continual governance and monitoring of products and services to ensure they are delivered as originally intended. If you are involved in the design or development of products or services, you should consider the following factors:

• Customer needs: The target market should be clearly defined in the product design phase, including consideration of customers’ needs.

• Complexity: Products should be as simple as possible, so they are not difficult for the target customer to understand.

• Pricing: Pricing should be competitive and fair, with the costs and benefits to the customer balanced appropriately.

• Infrastructure: Products and services must be adequately supported, technically and otherwise.

• Third-Party Selection: Third parties must be selected in accordance with regulatory guidance, the Santander US Third Party Risk Management Enterprise Policy, and any related Subsidiary policies and procedures.

For further detail regarding evaluating and managing the risks associated with new, expanded, or modified products, services, and business initiatives, consult the Santander US New Products and Business Activities Operating Policy, and related Subsidiary documents.

Advertising and Marketing

Santander US strive to adhere to the highest ethical standards of marketing in compliance with all applicable laws and regulations. Product and service marketing must be factually supported and must communicate the costs, benefits, availability and other terms about information of products or services in a manner designed to ensure understanding by the customer. If you are engaged in developing advertising for Santander US products and services, you must avoid presenting product information in a manner that might be perceived as confusing, deceptive, or unfair to a customer.

14 There may be Subsidiary specific policies that should be referenced with this section.




| Page 25

Sales Practices

You are required to act with integrity, fairness and professionalism toward all customers in the sale of Santander US products and services. You must not take unfair advantage of anyone through manipulation, concealment, deception, abuse of privileged or confidential information, misrepresentation or omission of material fact, or any other unfair or unethical act or practice.

Accordingly, you must:

• Ensure that you do not enroll a customer in a product or service without the customer’s clear and affirmative consent;

• Impartially and accurately inform customers about the different products and services available to them;

• Accurately explain the terms and conditions of the various products and services being offered to the customer, including limitations or penalties. Furthermore, any forecast or prediction, if permitted under applicable policy, should be reasonably justified and accompanied by necessary explanations to provide clarity and help avoid misunderstandings;

• Not offer or sell products or services if there is no perceived or actual customer benefit and the sole aim is to generate commissions or income;

• Provide customers with all required disclosures and notices in a timely manner;

• Adhere to approved scripts; and

• Respect a customer’s indication that they do not want a product or that they want to cancel or withdraw.

Note: You must consider whether your activities could in any manner be perceived as unfair, deceptive or abusive. If you have doubts, you must seek additional guidance from your manager, local Compliance or the LCA. For additional information and guidance on fair dealing, refer to your local policies related to sales to or servicing of prospects and customers/clients as well as any applicable sales-related policies and procedures.

Tied Business Dealings

While you are encouraged to promote Santander US and BSNY products and services, you are required to also know and adhere to guidance on anti-tying restrictions.

Section 106 of the Bank Holding Company Act Amendments of 1970 (“Section 106”) generally prohibits “anti-competitive practices which require bank customers to accept or provide some other service or product or refrain from dealing with other parties in order to obtain the bank product or service they




| Page 26

desire.” For example, Section 106 prohibits a bank from requiring a customer who seeks a mortgage loan to purchase homeowners’ insurance (the tied product) from the bank or an affiliate of the bank as a condition to granting the mortgage loan or a discount on the loan. A tied business dealing has two elements:

1. The arrangement must involve two or more separate products: the product that the customer wants, and one or more separate products attached to the product that the customer wants; and

2. The bank must require the customer to obtain (or provide) the tied product(s) from (or to) the bank or an affiliate in order to obtain the customer’s desired product(s) from the bank. For a detailed explanation of practices to avoid, please contact your local Compliance for additional guidance.

Product Use and Termination

Our commitment to fair dealing continues through the duration of the customer relationship.

• Execution: The execution, management and administration of product operations and services should align with reasonable customer expectations.

• Communication: Customers should receive sufficient information concerning their positions in products and services to enable them to make informed decisions.

• Barriers: There should be no unreasonable barriers to cancellation of or withdrawal from the product or service. The prices, costs, or other consequences of cancellation should be presented to the customer in a clear, demonstrable way prior to entering into the customer relationship.

• Complaints Handling: Customer complaints should be documented, processed and handled in accordance with Santander US Complaints Management Operating Policy.

Competition Law

Santander US and BSNY have a responsibility to comply with U.S. federal antitrust laws which are to maintain effective competition by prohibiting certain agreements and practices that prevent, distort, or restrict competition. Competition law impacts nearly every aspect of Santander’s business dealings and strategic activities. Please refer to the Santander US Competition Law Standard for further guidance.

You should consider competition law implications when interacting with competitors, customers and suppliers, even in a social setting. Penalties for violating antitrust laws can be severe. You are required to recognize situations where competition law issues may arise and work with LCA and your local Compliance to resolve any such issues.




| Page 27

2.7 Communications

Public Comment/Speaking, Engagements

Only those Employees who are authorized to speak on behalf of Santander US or BSNY are permitted to do so as it relates to Santander US, the financial services industry generally, or any Santander US or BSNY business lines or products. This includes media interviews or quotes (even if not for attribution), participation in industry or regulator conferences or seminars, analyst meetings, and any other opportunity where you may be representing Santander US or BSNY or be seen as doing so to the media, industry, regulators or the general public. This is to ensure that communication about Santander US and BSNY is accurate, properly reflects Santander US and BSNY views, and does not undermine the confidentiality of Santander US or BSNY proprietary information or that of our customers and business partners (e.g., marketing plans, customer information). If you are unsure whether you are authorized to speak on behalf of Santander US or BSNY, please contact your Corporate Communications team.

If you are not authorized to speak on behalf of Santander US or BSNY and have an opportunity to do so, you must obtain pre-authorization prior to accepting the opportunity. Written approvals are required from your direct manager, your local Compliance, your line of business LCA partner, your line of business/function leader (direct report of Santander US Leadership Team executive) and your Santander US/BSNY Leader Team Executive (direct report of Santander US CEO). When all required written authorizations are obtained, work with your line of business Corporate Communications partner to obtain final approval from the Santander US Chief Communications Officer.

The contents of any speeches or materials that you want to share externally at a seminar or conference must be pre-approved through this process as well. In some instances, your request may be submitted for review and approval by LCA.

All pre-approval requests should follow your local outside business activity approval process. Also, it is possible that public engagement authorizations may be contingent on certain conditions outlined by your local Compliance. Please contact your local Compliance with any questions.

You must not transmit to the media or other third parties, either on your own initiative or if requested, any information or news concerning Santander US or BSNY, and you must refer all media inquiries to Corporate Communications.

Social Media

Santander respects the rights of its Employees and understands that their time outside of work is their own to engage in various activities including social media activity. The nature, complexity and variety of social media means that the lines between personal activities and opinions on these networks and the official activity or positions of Santander may become blurred. The massive reach of social networks means this can generate operational, legal and other risks, especially reputational risk. Therefore, all Employees are personally responsible for the content they post online in a personal capacity. You should




| Page 28

be mindful that your social media activity, even if done off premises and while off-duty, could affect Santander’s legitimate business interests. Consequently, you should always treat social networking sites and activities as if they were publicly accessible and be cognizant of appropriate conduct when engaging in social media activity that identifies an affiliation with Santander or relates in any way to Santander business, Employees, customers, suppliers, or competitors.

If referencing Santander on your personal media channels, please refer to the Santander US Employee Personal Use of Social Media Operating Policy for appropriate use and guidelines.

Social Media Activity

Social media activity includes all types of postings on the Internet, including but not limited to, social networking sites (e.g., Facebook©, or LinkedIn©); blogs and other on-line journals and diaries; bulletin boards and chat rooms; microblogging, such as Twitter©; and the posting of video on YouTube© and other similar media. Employees may participate in social media activity that they deem appropriate, provided that they do so using the guidelines set forth in the Santander US Employee Personal Use of Social Media Operating Policy whenever social media activity identifies you as a Santander Team Member or relates in any way to Santander business, Employees, customers, suppliers, or competitors.

You should refrain from defamatory and discriminatory comments, insults and any other comment that could be interpreted as harassment or intimidation, incitement to hatred or abusive to another person; obscene language or inappropriate images.

If you are not authorized to act as an official spokesperson, you may not act as such or make any public statements in Santander’s name. While this does not mean you have to hide your employment relationship with Santander, you should always act under general principles of prudence. Messages must not be posted on social networks using the name, logo or official images of Santander in such a way that it might be construed that personal comments have Santander’s support.

Any social media activity or personal website related to an outside business activity which is related or could be perceived as related to Santander, the financial services industry, or your role at Santander must be disclosed to your manager followed by your local Compliance for review (e.g., Zillow website as a Mortgage Officer, IT blogger on WordPress).

Messaging Applications

Channels of communication, which could include the sending of text messages and voice calls, as well as video calls, and other media and documents through social media or mobile applications (e.g., WhatsApp) must be approved by your local Compliance prior to usage for any business purposes.




| Page 29

2.8 Santander Assets: Use of Corporate Assets

You must use Santander US and BSNY assets for legitimate business only whether on Santander’s, a client’s, or a supplier’s premises, as well as when working offsite, remotely or from home. You also must safeguard Santander US and BSNY assets against cyber-related risk, theft, loss, damage, waste or abuse.

Although you have a responsibility to safeguard Santander US and BSNY property, at no time should you ever put yourself or others at risk to do so.

Corporate assets include:

• Physical assets, such as office furnishings, equipment, supplies, and fixtures, whether leased or owned by Santander US or BSNY;

• All records of the accounts of customers, and any other Santander US and BSNY records and books (e.g., internal finance and accounting records, merger/acquisition plans and product/service development plans);

• Technological assets, such as computer hardware, software and information systems;

• Intellectual property, such as copyrights, service marks, trademarks, patents, information about products, services, systems, courses, policies, manuals, programs, projects, and procedures, videos, surveys, reports, studies, marketing materials and, in general, all know-how, projects, and work developed for or created by Santander US, BSNY or created by third parties for Santander US/BSNY;

• Financial assets, such as cash, securities and credit cards; and

• The Santander US or BSNY name, brand, image and all customer relationships as well as data obtained as a result of those relationships.

Use of the Assets of Santander US or BSNY

You are allowed to reasonably use Santander US and BSNY communications devices, such as internet, e-mail and telephone, for responsible personal use. Responsible personal use means that your use of Santander US and BSNY assets must not interfere with the needs of the business, encumber Santander US and BSNY assets, and/or negatively impact or disturb your work or the work of other Employees.

Information that you create, send, receive, download, or store on Santander US electronic or telephonic equipment is Santander US property. Santander US reserves the right to monitor, review, access, record, and disclose data as appropriate and subject to applicable laws and regulations.




| Page 30

You shall:

• Refrain from using Santander US or BSNY assets in any way that would violate applicable laws or internal policies, such as use or sale of controlled substances, harassment, transmission of sexually explicit material, or gambling;

• Ensure that any spending of Santander US or BSNY funds is authorized and for proper business purposes;

• Return Santander US and BSNY assets when required or requested (e.g., at termination or when you leave Santander US/BSNY);

• Limit use of your Santander US or BSNY e-mail address to registration on professional or industry websites, and not use it to register elsewhere;

• Not use the Santander image, name, or brand other than for appropriate, approved, or professional use (use of the Santander logo on any personal website or social media site is prohibited);

• Not send, forward, reply or transmit Santander US or BSNY information to an external e-mail address, website, or similar platform without authorization (including from the information owner if appropriate), a non-disclosure agreement or an equivalent protective mechanism is in place, and proper precautionary measures have been taken (e.g., encryption or data classification label). For further information, please refer to the Santander US Acceptable Use Agreement and Santander US Data and Information Protection Standard;

• Not send, forward or transmit Santander US or BSNY information to your personal e-mail account, personal messaging application, or similar platform for any reason;

• Not use Santander US or BSNY assets – including, but not limited to, office supplies, space, and work hours – for personal or outside activities, unless they are approved charitable or philanthropic activities within Santander US or BSNY policy parameters or at the direction of the Corporate Social Responsibility Office;

• Only use Santander approved or installed platforms for web-based meetings, ensuring that a password is used on all web-based meetings when allowing others to join a meeting. Additionally, cloud-based listening devices (e.g., Amazon Alexa and Google Home) must be turned off when conducting business meetings to avoid unintended recording of sensitive information; or

• Not make audio or video recordings of meetings/discussions or photograph or copy Santander or customer information unless you have management approval and there is a legitimate business purpose.




| Page 31

Use of Non-Santander US Owned Device

Employees may be offered the opportunity to participate in a Santander US/BSNY-administered Bring Your Own Device (“BYOD”) program. Please refer to the Santander US Acceptable Use Agreement for further information regarding this program.

Purchase or Sale of Assets or Services to Santander US or BSNY

Other than pre-approved Employee benefits, you shall enjoy no advantage over the general public in the purchase or sale of any assets or services offered to the public including, but not limited to, Santander US or BSNY properties, real estate, securities, or any other real or personal property. The terms and conditions of these types of transactions with Employees shall not be less favorable to Santander US or BSNY than those offered to or by independent third parties. Services and assets shall be sold or purchased in accordance with normal business practices.

2.9 Financial Crime Prevention and Detection

This section provides guidance on your responsibilities with respect to a number of financial crimes. In many cases, references are made to other, more detailed policies that you are required to read and understand; all policies can be found on policyIQ.

Anti-Money Laundering

All Subsidiaries and their Employee and Directors must comply with anti-money laundering (“AML”) and counter-terrorism financing (“CTF”) laws and regulations, and guard against the use of Santander US and BSNY products and services for money laundering, terrorist financing, or other illegal activity. Accordingly, Santander US and BSNY have implemented appropriate internal controls and reporting mechanisms to identify, prevent, and respond to potentially suspicious transactions believed to be related to money laundering, terrorism financing, or other illegal conduct, and to report such activity to government authorities in accordance with applicable law.

You must adhere to the requirements established in the Santander US BSA/AML and OFAC Enterprise Policy. Furthermore, if your Subsidiary or BSNY has further requirements developed in accordance with the Santander US BSA/AML and OFAC Enterprise Policy, Santander US BSA/AML and OFAC Program and you must also adhere to Subsidiary or BSNY specific further requirements.

You may be personally liable if you fail to comply with AML and CTF laws and regulations, including being subject to possible fines and imprisonment for violations.

Economic Sanctions and Anti-Boycott

The Office of Foreign Assets Controls (“OFAC”) administers and enforces economic sanctions programs primarily against countries and groups of individuals such as terrorists and narcotics traffickers. Prohibited transactions are trade or financial transactions and other dealings in which U.S. persons may not engage




| Page 32

unless authorized by OFAC. Because each program is based on different foreign policy and national security goals, prohibitions may vary between programs.

Santander US and BSNY must comply with all applicable OFAC rules and regulations. You are required to become familiar and comply with OFAC regulations. Specifically, you are prohibited from conducting business with designated restricted countries, governments, entities, and individuals.

If you know or suspect that an activity violates OFAC rules and regulations, you are required to report the violation or suspicions immediately to your local Compliance or EthicsLine and Portal. For additional guidance, refer to the Santander US BSA/AML and OFAC Enterprise Policy and Santander US BSA/AML and OFAC Program.

Anti-Boycott Laws

Anti-boycott laws15 were adopted to prohibit or penalize cooperation with international economic boycotts in which the United States does not participate. These laws prevent U.S. firms from being used to implement the foreign policies of other nations which run counter to U.S. policy. The laws are directed at, among other things, prohibiting participation by a U.S. company in boycotts that ban entities from doing business with companies or individuals who have been “blacklisted” because of their relationship with a particular country.

A boycott request includes virtually any requirement to participate in or cooperate with a boycott. For example, boycott requests may appear in questionnaires, purchase orders, tender invitations, contracts and letters of credit.

You must report any boycott request to your local Compliance and LCA. LCA will work with local Compliance to collect information necessary to ensure timely reporting of boycott requests to the U.S. Treasury and/or Commerce Departments.

Anti-Bribery / Anti-Corruption

Santander US and BSNY are committed to complying with all applicable anti-bribery/anti-corruption legislation in the markets and jurisdictions in which it operates. Santander US and BSNY expect you, as well as any third parties with whom Santander US and BSNY conducts business, to comply fully when performing any form of service on Santander US’s and BSNY’s behalf.

Bribery is defined as giving, promising, offering or authorizing, directly or indirectly, anything of value to gain an advantage through the corruption and/or abuse of a position of trust. Bribery may include the

15 U.S. Commerce Department Regulations, 15 C.F.R. Part 760; U.S. Treasury Department Internal Revenue Code regulations, section 999




| Page 33

corruption of a government official as well as commercial bribery (e.g., bribery of a private individual to gain a business advantage).16 The term “anything of value” is not limited to cash or other cash derivatives, but includes gifts, entertainment, travel, favors, and job/business opportunities. Anything that is given or received with the intent to influence or be influenced can be considered bribery. This behavior is strictly prohibited, and Santander US and BSNY will not tolerate any type of bribery in any aspect of its business.

Bribery

You shall not hand over, promise, offer or authorize any type of payment, commission, remuneration, or anything of value, including gifts or entertainment, to any domestic or foreign authority, government official, employee or officer of a government-owned company or public body, or to any employee, officer, or director of another company or institution with the intention to obtain or retain business or secure an improper advantage, whether made directly or indirectly.

Such payments, promises, offers, or authorizations are strictly forbidden, whether made directly by any Santander US entity or Employee, or indirectly through partners, associates, agents, intermediaries, brokers, advisors, or any other interposed person.

This prohibition will generally not include the following:

• Items of Insignificant Value17; or

• Business entertainment considered reasonable according to customary local business practices and courtesies, in accordance with applicable law and the Santander Anti-Bribery and Anti-Corruption Operating Policy (i.e., not lavish or excessive and only with required pre-approvals).

You must follow Santander US or BSNY policies and procedures even when acting within the exceptions listed above. For further information concerning Gifts and Business Events and Entertainment please refer to Section 2.5, Gifts and Business Events and Entertainment of this Code. You must reject and inform your local Compliance of any request or offer by any third party for payment, commission, remuneration, or

16 For the purposes of this Code and the Santander US Anti-Bribery and Anti-Corruption Operating Policy, the definition of government official also includes the Immediate Family Members of the government official (e.g., spouse, parent, child, and sibling). The term ‘government officials’ also includes, for example, customs and immigration agents, tax officials, and judges. 17 Generally are usual and customary promotional or recognition materials such as hats, shirts/jackets, pens, pencils, note pads, key chains, calendars, bags and backpacks, umbrellas, phone chargers and similar items bearing “Insignificant Value” generally refers to an organization or other promotional logo; and tokens recognizing transactions or significant projects such as framed photos, “tombstones,” and plaques and similar commemorative items. In addition, items of Insignificant Value can include gift baskets, food and candy, beverages and similar items with a fair market value not exceeding $100.




| Page 34

anything of value, including gifts or entertainment. See the Santander US Anti-Bribery and Anti-Corruption Policy for further detail.

Fraud

You shall aid in the detection and prevention of fraud, which is a broad concept that refers generally to any intentional act committed to secure an unfair or unlawful gain. You are responsible for reporting any suspicious or fraudulent activity or violation of this Code.

Examples of fraud include, but are not limited to:

Internal Fraud

• Theft or misappropriation of Santander US and BSNY assets, including funds, securities, official checks, customer funds, and other Santander US and BSNY property;

• Expense fraud;

• Forgery or alteration of Santander US, BSNY or customer documents;

• Falsifying or misrepresenting employment information;

• Accessing company or customer data for personal gain without authorization;

• Establishing agreements with suppliers or in the management of invoicing for personal gain; and

• Misusing confidential information, including, without limitation, accessing Employee accounts or records without an appropriate business purpose and proper authorization.

External Fraud

• Payment kiting;

• Money laundering;

• Improper or fraudulent financial reporting;

• Counterfeit cash, checks and other monetary devices; Circumventing authentication; and

• Elder or vulnerable adult financial abuse.

Employees who engage in fraudulent activity will be held accountable to the fullest extent allowed under applicable law and may result in disciplinary action, up to and including termination of employment. To learn more about how to prevent fraud, please refer to the Santander US Fraud Risk Management Operating Policy and the Santander US Internal Fraud Standard.




| Page 35

Insider Trading

You may come across or gain access to material non-public information (“MNPI”) about Santander, Santander US and BSNY or their clients or third parties, or other companies. MNPI is certain nonpublic information pertaining to strategic planning, information prior to public disclosure, as in market valuations (share prices), merger, or acquisition information, IPOs, financial forecasts or results, security incidents, and other information such as nonpublic regulatory action that could result in serious financial or reputational loss to the firm if disclosed.

Federal and state securities laws prohibit the misuse of any MNPI, as described further below. Santander US and BSNY maintain policies and procedures designed to ensure compliance with these laws, to prevent the appearance of conflicts with these laws, and to otherwise protect MNPI from misuse. As a general rule, any individual who comes into possession of MNPI possesses “inside information” and, therefore, is immediately subject to the “insider trading” regulatory prohibitions. As a best practice, you should consider all non-public information about the securities, activities, or financial condition of Santander US or BSNY, its clients, its third parties, or other companies with which it does business as MNPI.

The Securities and Exchange Commission (“SEC”) defines illegal insider trading as the buying or selling of a security in breach of a fiduciary duty or other relationship of trust and confidence while in possession of MNPI about the security. Insider trading violations may also include “tipping” such insider information to another person, securities trading by the person “tipped,” and securities trading by those who misappropriate such insider information. You are prohibited from engaging in such activities through any account no matter how you obtained the MNPI.

Generally, you:

• May not buy or sell securities for your account or any account over which you exercise control (including for Immediate Family Members) when you are in possession of MNPI relating to those securities; and

• May not pass along MNPI or tip anyone to buy or sell securities while in possession of MNPI related to those securities.

Trading in securities while in possession of MNPI or communicating any insider information for trading in securities violates this Code, the Santander US Personal Securities Transactions and Material Non-Public Information Enterprise Policy, as well as federal and state law, and as such, you will be subject to disciplinary action up to and including termination of employment and/or civil or criminal prosecution.

In addition to the information contained in this section of the Code, Employees who order, process, execute or settle trades involving securities in the course of their professional activity, will be subject to the following restrictions:




| Page 36

• With the exception of U.S. Treasury obligations, Employees who work on a trading desk are not permitted to trade the same financial instruments or securities that their own trading desk trades.

• Abstain from practices that could distort the free formation of prices or cause, to their own benefit or the benefit of others, an artificial performance of prices;

• When processing groups of orders for their own account and for the account of others, ensure that the distribution of the bought or sold securities is made without prejudice to customers; and

• Abstain from trading in advance for their own account when they are aware of action to be taken by customers, or from influencing the action to be taken by the latter to their own benefit.

You must read and understand the Santander US Personal Securities Transactions and Material Non-Public Information Enterprise Policy and the Santander US Subject and Monitored Subject Person Standard to better understand the full range of prohibitions relating to securities trading.

The FX Global Code

The FX Global Code (“Global Code”) is a set of principles generally recognized as good practice in the wholesale foreign exchange market (“FX Market”). It was developed by a partnership between central banks and FX Market participants to provide a common set of guidelines to promote the integrity and effective functioning of the FX Market. Santander has agreed to adhere to the principles of the Global Code.

Santander US is committed to conducting its FX Market activities in a manner consistent with the Global Code’s 55 principles organized around six overarching themes: ethics, governance, execution, information sharing, risk management and compliance, and confirmation and settlement processes.

Following a review of each of the principles and analyses of their effects on the business and impacted functional areas (such as the requirements of applicable law and regulation to align Compliance, the Front Office, Middle Office, Market Risk, CR, Operations, Operational Risk and LCA), Santander has taken appropriate steps, based on the size and complexity of its activities and the nature of its engagement in the FX Market, to align to the principles. Santander has reviewed its policies, procedures and controls to ensure that these principles are covered. If you have questions concerning the Global Code, consult with local Compliance.

2.10 Privacy / Confidentiality / Information Security

Confidential information is information obtained (or derived) from non-public sources where a contractual or other expectation of privacy and/or confidentiality exists, including information considered proprietary. Disclosure of this information to unauthorized parties is considered a significant risk which could result, directly or indirectly, in adverse financial, reputational, regulatory and/or legal consequences. For more information on Santander US and BSNY data and information classification




| Page 37

including confidential information, please refer to the Santander US Data and Information Protection Standard. Requirements for the identification, escalation, and reporting of privacy breaches that occur in the course of doing business for Santander are detailed in the Santander US Privacy Data Breach Response Standard If you suspect a breach or violation as it relates to privacy please contact SHUSA Privacy.

Confidential Information Acquired While Serving as a Santander Employee or Director

You shall not disclose confidential information acquired while serving as an Employee or Director of Santander US or BSNY Employee. It is essential that you maintain this standard at all times. This confidentiality obligation continues even after your professional relationship with Santander terminates, whether voluntarily or involuntarily.

You shall not derive monetary gain or personal or professional benefit from confidential information that you obtained only by reason of your role with Santander US or BSNY, whether such information relates to Santander US or BSNY, their customers, or anyone with whom Santander US and BSNY have business relationships.

Confidential Information Acquired from a Previous Employer or Role

Employees must not bring, disseminate, or share (including via training or communications) confidential or proprietary information belonging to a previous employer or anyone else, to Santander US or BSNY. This includes information or documentation in all formats, whether written, digital, e-mail or otherwise.

Confidential Supervisory Information (“CSI”)

Regulators have supervisory authority over Santander US and BSNY. Non-public, confidential information and documents prepared by, on behalf of, or for the use of regulators must be kept confidential, not to be disseminated to the public and are subject to rules regarding the permissibility of sharing such documents. Such documents and the information contained therein, as well as other documents and information constituting CSI under the relevant regulator’s CSI regulations, constitutes CSI.

It is critical that all Santander US and BSNY Employees know that disclosure of CSI is generally prohibited and understand what to do when they come in contact with CSI. Specific questions about how to handle CSI should be directed to the SHUSA Regulatory Relations, Compliance and/or LCA. For more information, including a review of definitions Santander’s various regulators use for CSI, please refer to the Santander US Confidential Supervisory Information Operating Policy.

Privacy and Safeguarding

Our customers (both individuals and businesses) entrust us with important and confidential information. Santander US and BSNY are legally obliged under a number of regulations to protect the privacy of a customer/client's personal information; including Safeguarding requirements of the Gramm-Leach-Bliley




| Page 38

Act. A violation of this trust is a serious matter and can impact Santander’s reputation and have significant legal and regulatory consequences.

It is imperative not to discuss or share a customer’s personal information with anyone outside of Santander US or with Directors or other Employees who do not have a business need to know the information, nor in public areas where information may be overheard. For example, when discussing Santander information on a conference call, always identify all participants on the call.

It is an express violation of this Code to obtain confidential customer or Director or Employee information for personal interest or curiosity.

For more information regarding data & information classification please refer to the Santander US Data & Information Protection Standard. Examples of information that must be kept confidential (except when disclosure is authorized pursuant to this Code or Santander US Privacy Operating Policy or is required by law) include:

• Information classified as Secret - if disclosed to unauthorized parties, could materially compromise integrity, business secrets, and market positions, jeopardize important interests, or that would result, directly or indirectly, in serious adverse financial, reputational, or regulatory consequences;

• Data and information intended for internal use only on a strict “need-to-know” basis, authorized for only a small collection of individuals;

• Customer account information (e.g., account numbers and balances, information on a loan application, paycheck amounts, overdrafts, deposits, withdrawals, names, and addresses of Santander US customers). Such information should only be discussed using discretion with the signer(s) on the account or the loan applicant(s);

• Any information concerning Directors or Employees (including compensation, evaluations, leaves of absence, and medical/health related);

• Details of Santander US security measures (e.g., opening/closing procedures, alarm/camera systems, use of employee badges/credentials, cash drawer limits, cybersecurity controls, systems access, segregation of duties, monitoring/surveillance activities, etc.); and

• Information regarding individuals and companies that conduct business with Santander.

However, this obligation does not prevent you from reporting to the government or regulators conduct that you believe to be a violation of law, please see section 3.3 below for more information regarding reporting Alleged Misconduct. For more information, please refer to the Santander US Privacy Operating Policy and the Santander US GLBA Privacy Program. When unsure whether to share information with parties seeking Santander US information, contact your direct manager for confirmation.




| Page 39

Information Security

You may not install unauthorized software, applications, hardware or storage devices on Santander issued computers or mobile devices. The use of removable media devices, such as USBs, is prohibited; temporary exceptions may be obtained based on critical business need and must be approved by the designated Technology Risk Management team and Chief Information Security Officer (“CISO”). These exceptions require Santander US and BSNY information stored on the device to be encrypted. Lastly, you should not access Santander US and BSNY networks through unauthorized applications or devices or unsecured networks.

You must:

• Be prudent when opening e-mail attachments from unknown or suspicious senders, report suspicious emails to Information Security and must not download their content onto Santander US or BSNY devices;

• Protect your system passwords and personal IDs, immediately change your password and report your concern if you believe someone may have your password, and not share the information with other Employees and Directors; or others outside of Santander, including regulators;

• Never read the emails of other Employees without their permission nor manipulate, falsify or use email accounts assigned to other users;

• Notify the sender of internal emails for which you are not the intended user and delete the email as soon as possible;

• Ensure the physical security of information or hardware that is assigned to you;

• Never record calls unless approved by management to satisfy business or regulatory requirements; and

• Never upload/download Santander information to an external source (e.g., website, mobile device, etc).

Report any suspected or actual breaches of Santander’s information or IT systems, abuse of IT resources, or violations of the above Information Security requirements to the Information Security department. For more information please refer to the Santander US Information Security Operating Policy and Standards.

2.11 Recordkeeping

Accuracy and Preservation of Records: Misleading/ Withholding Official Records

You must adhere to established accounting rules and audit controls. All records should accurately reflect transactions in a timely manner. Incorrect or misleading entries must be corrected immediately.




| Page 40

Falsification of records or transactions shall be grounds for disciplinary action including, but not limited to, termination of employment.

“Records” means information about the company, its customers or its Employees that may be created in a tangible format that is:

• Evidence of the company’s functions, policies, decisions, procedures, operations or other activities; and

• Intentionally retained, retrieved or destroyed in accordance with the Records Retention Schedule.

Records are owned by the company and are not the property of the record’s author, creator or custodian.

It is unlawful for you or any other person acting under your direction to take any action to fraudulently influence, coerce, manipulate, or mislead any independent public or certified accountant engaged in the performance of an audit of any Santander financial statements. For additional guidance, refer to the Santander US Records Management Operating Policy and the Santander US Records Management Standard.




| Page 41

3. Reporting

3.1 Reporting Employee Misconduct or Violations

Employees have an obligation to report issues whether personally involved or as a result of colleagues escalating concerns. Santander US and BSNY has established a central EthicsLine and Portal18 where suspected Code Violations, allegations of misconduct, and other concerns can be reported. The EthicsLine and Portal are operated by an independent third party and are available any time, day or night. The EthicsLine and Portal also give you the option to make reports anonymously. In all cases, Santander US and BSNY will respect the confidentiality of any reporter and any resulting investigation to the extent permissible by law and Santander US policies and procedures.

In addition to using the EthicsLine and Portal, Employees may report their allegations to HR via your Employee Relations contact or the Employee Relations Hotline19, local Compliance, LCA or Internal Audit. If your direct manager is unavailable, or you believe it would be inappropriate to report it to that person (e.g., because you believe he/she is engaging in the alleged misconduct), then the next manager in the chain of command may be contacted.

Directors may report suspected wrongdoing to the SHUSA CLO, or the SHUSA CCO, or his or her designee.

3.2 Non-Retaliation

Santander US and BSNY strictly prohibit retaliation against Employees and Directors for reporting or assisting in an investigation regarding conduct that is reasonably believed to relate to unethical acts, a regulatory or legal violation, or fraud.

Be assured that the information you provide will be handled confidentially and shared only with those who have a need to know, such as regulators and those who are involved in investigating, resolving and remediating the issue. Those who have concerns about, or are aware of, any known or suspected retaliation against Employees should report it to the EthicsLine or Portal, HR, local Compliance, LCA, or Internal Audit.

3.3 Whistleblower – Alleged Misconduct

While each Employee allegation enjoys the protection of non-retaliation and confidentiality, added legal protection is provided to those allegations that meet the definition of “Alleged Misconduct” as set forth in the Santander US Whistleblower Operating Policy.

18 The EthicsLine can be contacted by phone at 844-592-8452 and electronically by Portal at santanderUS.ethicspoint.com 19 The Employee Relations Hotline can be contacted by phone at 1-800-210-1426 Option 4





| Page 42

“Alleged Misconduct” refers to an alleged violation of:

• Accounting, internal accounting or financial reporting controls or auditing matters, including attempted or actual circumvention of internal accounting controls or allegations regarding violations of the accounting policies of Santander US or BSNY;

• State and/or federal law or regulation, including securities laws;

• Health or safety laws; or

• Global anti-corruption laws.

The reporting of which by Employees and Directors is specifically protected by the laws and regulations listed in Appendix B of the Santander US Whistleblower Operating Policy and relevant violations of the Code.

The determination of whether an allegation meets the definition of “Alleged Misconduct” resides with LCA. Santander US and BSNY encourages all Employees to immediately report when they have a reasonable belief of suspected Alleged Misconduct. Employees are encouraged to immediately speak with your direct manager or if your direct manager is unavailable, or you believe it would be inappropriate to report it to that person then the next manager in the chain of command should be contacted. Managers are required to assist with the reporting of the Alleged Misconduct to the department designated in Santander US or BSNY policies and procedures. Employees can also report known or suspected misconduct directly to their Employee Relations contact or SHUSA LCA. Employees wishing to report an allegation confidentially or anonymously can contact the EthicsLine or Portal.

3.4 Reporting to Santander and Personal Disclosures

Whenever you become aware of a regulatory investigation or enforcement action that affects Santander, you shall immediately notify the LCA. You shall not remove, conceal, or destroy any records known to be the subject of or relevant to any anticipated, threatened, or pending lawsuit or governmental or regulatory investigation or any case filed in bankruptcy.

Furthermore, the duty to report includes the obligation to self-disclose information regarding any criminal convictions (e.g., nolo contendere pleas, admission to first offender programs, and findings of guilt in any criminal matter involving fraud, dishonesty or theft, or allegations of such), even if a misdemeanor offense. You must notify HR within five calendar days of the conviction even if you intend to appeal the conviction.

You are also required to disclose any inquiry or action by a financial services regulator, law enforcement agency or similar authority, including any denial or suspension of a license or request to take testimony or interview you regarding conduct at Santander or any other financial services institution.




| Page 43

3.5 Failure to Report

Failing to report violations of this Code may subject you to discipline, up to and including termination of employment. Management must consult with HR to determine the appropriate level of discipline, based on the nature of the offense, the facts, and the circumstances. Managers have an obligation to assist with reporting the violations.

3.6 Investigative Process

Investigations into alleged Code Violations shall follow the Santander US Code of Conduct: Allegation Investigation Standard. Local Compliance, HR, and LCA may leverage Internal Audit or outside counsel to assist in any investigation.

Cooperation with Investigations and Inquiries

Santander US and BSNY require all Employees to be transparent and responsive to investigations and inquiries. You must promptly and honestly respond to inquiries by examiners, auditors, legal counsel, security personnel, law enforcement, and other properly authorized persons.

Those who are involved in an investigation process shall not share any information related to the inquiry to others not approved or required. Information should only be shared with others on a need to know basis. You may be subject to disciplinary action, up to and including termination of employment, for failing to cooperate, or hiding or failing to disclose pertinent information.

3.7 Additional Guidance and Reporting Requirements

General questions regarding this Code may be directed to your local Compliance, manager, LCA, or HR.

Any Employee can identify and report potential violations of this Code. All reported violations must be forwarded to local Compliance and HR to ensure that an investigation is completed and that any reporting is comprehensive. Based on the results of the investigation, HR and management will make a determination on whether disciplinary action is required, which will have included consultation with Compliance, LCA and Internal Audit as deemed appropriate.

When deciding the appropriate level of disciplinary action once a determination is made that a violation of this Code has occurred, management from the appropriate function must consult with HR. Factors that should be taken into account are the extent to which the violations were intentional, the qualitative and quantitative materiality of such violation, any additional policy related to the provision violated, and other facts and circumstances as appropriate (e.g. the detriment to the Subsidiary and/or Santander US, or the unjust benefit to any Employee or Director).




| Page 44

4. Governance and Accountability

4.1 Code Governance

The responsibilities of the SHUSA Board, Risk Committee, Audit Committee, Human Resources Committee (“HRC”), ERMC, and SHUSA CC are detailed in the Santander US Enterprise Risk Management (“ERM”) Framework and in their respective mandates and committee charters. With respect to the Code:

• The SHUSA Board will review and approve this Code, oversee implementation of the Code, and monitor compliance with this Code;

• The Risk Committee will review and recommend the Code to the SHUSA Board;

• The Audit Committee will review the process for communicating the Code to Santander’s personnel and for monitoring compliance with the Code;

• The ERMC will present this Code to the Risk Committee and receive updates on program execution and results from the SHUSA CCO;

• The HRC reviews the Code and its dissemination through Santander US and the disciplinary process; and

• The SHUSA CC is responsible for:

o The development, recommendation, and oversight of the Code; and

o On a no less than quarterly basis, review Code violation allegation and investigation reporting that highlights overall program delivery, key metrics and trends, as well as escalation of risks and issues.

In addition to these committees, the SHUSA CC may designate forums or subcommittees to support oversight and management of specific risks or risk areas within compliance risk management subject to appropriate governance approvals.

4.2 Subsidiary Governance

All CUSO Entities are subject to this Code and are responsible for developing operating procedures, standards, and other documents that execute upon the requirements of this Code. Program delivery results will be provided to appropriate governance committees within BSNY and the respective Subsidiary on a periodic basis.

4.3 Exceptions

Exceptions to this Code are expected to be infrequent but may be warranted to address specific business needs, in particular those of the CUSO Entities. Exceptions will not be granted for any violation of an




| Page 45

applicable legal or regulatory requirement. Temporary exceptions to other Code provisions will be granted under appropriate special circumstances. Non-material exceptions to this Code will be approved by the SHUSA CCO. Material exceptions to this Code will be approved by the SHUSA CCO and where appropriate a relevant Policy owner. As appropriate, the SHUSA CCO and/or CLO will escalate material exceptions to the SHUSA CC and/or ERMC.

A CUSO Entity may have policies or procedures that are more restrictive than this Code. Any such differences in requirements must be documented in an addendum to this Code, and you must follow the applicable more restrictive policy, standard or procedure.




| Page 46

5. Document History and Version Control

5.1 Ownership and Authorship

Version Date Author Owner Reason for Change

1.0 3.13.2014 CRO CRO See archived version

2.0 7.30.2015 CCO CCO See archived version


4.0 1.23.2018 CCO CCO See archived version.


5.0 01.24.2019 CCO CCO See archived version.

6.0 12/12/2019 CCO CCO See archived version

7.0 12/15/2020 CCO CCO The annual review of the Code of Conduct resulted in:

• Equal Opportunity and Safe Workplace – simplified content as primary source is the US-wide Santander US Team Member Handbook which is referred to for further information. (Sec 2.2)

• Conflicts of Interest – to align with Group policy, added prohibition from procuring products/services for Santander with individuals or businesses where there is an economic or familial interest. (Sec 2.3)

• Outside Activities: o Added guidance regarding a disclosure requirement for

signatory or transaction authority related to a business account. (Sec 2.4.1)

o Updated to exclude pre-approval for immaterial ‘conflict of interest‘ type positions (e.g., part time retail sales jobs, restaurant/bar service jobs, ride share driver employment). A Subsidiary may implement additional disclosure requirements or restrictions on activities based on risk or regulatory guidance. (Sec 2.4.2)

o Updated to align with the new Santander US Political Contribution Standard and added guidance regarding volunteering. (Sec 2.4.3)

• Social Media – updated guidance regarding acting as an official spokesperson (or could be construed as) on behalf of Santander and the personal use of the Santander name/logo on social media/websites. Additionally added guidance regarding personal websites related to an Outside Activity, which must be disclosed for review. – (Sec 2.7.2)

• Use of Corporate Assets - due to Covid-19, the vast majority of non-location dependent employees have been working from remotely, as such added language to explicitly state regardless




| Page 47

Version Date Author Owner Reason for Change

of location the use of Santander assets (e.g., laptop) is for business use only. Also, added a prohibition on making audio and video recordings of internal meetings / discussions without approval (e.g., Webex, Teams, Zoom, etc.). (Sec 2.8)

• Added guidance for Internal Gifts of appreciation in Giving, Soliciting and Accepting Things of Value to/from Internal Sources. (Sec 2.5.4)

• Whistleblower - Revised defined term of ‘Misconduct’ to ‘Alleged Misconduct to align with Santander US Whistleblower Operating Policy. (Sec 3.3)

• Disclosures - Clarified the notification requirement to LCA when becoming aware of a regulatory investigation or enforcement action that affect Santander US. (Sec 3.4)

5.2 Sign Off

Approving Body Governance Committee Approval Final Approval Date

Advisory Board US Enterprise Risk Management Committee 3.13.14

SHUSA Board SHUSA ERMC 7.30.15

Advisory Board SHUSA Enterprise Risk Management Committee 10.05.16









| Page 48

6. Appendix

6.1 Appendix A — Related Policies and Process and Administrative Documents

All Policies and Process Administrative Documents can be found on policyIQ.

Document Type Entity and Department

Owner Document Title

Handbook SHUSA HR CHRO Employee Handbook

Framework CUSO Risk CRO Risk Management Operating Model

Framework SHUSA Legal CLO Governance Framework

Framework SHUSA Risk CRO Enterprise Risk Management Framework

Operating SHUSA Compliance CCO Anti-Bribery and Anti-Corruption Policy

Enterprise SHUSA Compliance BSA/AML Officer BSA/AML/OFAC Policy

Enterprise SHUSA Compliance CCO Personal Securities Transactions and Material Non-Public Information Policy

Operating SHUSA Compliance CCO Privacy Policy

Operating SHUSA Compliance CCO Whistleblower Policy

Operating SHUSA Digital Marketing

Head of Digital, Innovation and Payments Strategy

Employee Personal Use of Social Media Operating Policy

Operating SHUSA Finance CFO Travel and Entertainment Policy

Enterprise SHUSA Human Resources

Chief Human Resources Officer

Corporate Social Responsibility Policy

Operating SHUSA InfoSec CISO Information Security Policy

Operating SHUSA Legal and Corporate Affairs

Executive Director, Governance &

Regulatory Relations

Confidential Supervisory Information Policy

Operating SHUSA Legal and Corporate Affairs

Director of Governance and Regulatory Relations

Policy Administration Policy




| Page 49



Operating SHUSA Risk Head of Office of Consumer and Business Practices

Complaints Management Policy

Operating SHUSA Risk Head of Office of Consumer and Business Practices

Product Governance and Monitoring Policy

Operating SHUSA Risk US Head of Fraud Risk Management

Fraud Risk Management Policy

Operating SHUSA Risk CRO New Products and Business Activities Policy

Operating SHUSA Risk CORO Records Management Policy

Enterprise SHUSA Risk CRO Reputational Risk Policy

Operating SHUSA Risk CRO Third Party Risk Management Policy

Program SHUSA Compliance BSA/AML Officer BSA/AML/OFAC Program

Program SHUSA Compliance CPO GLBA Privacy Program

Program SHUSA Procurement Director of Procurement Supplier Code of Conduct

Standard SHUSA Compliance

SHUSA LCA

CCO/SHUSA CLO Competition Law Standard

Standard SHUSA Compliance CCO Code of Conduct: Allegation Investigation Standard

Standard SHUSA Compliance CCO Gifts and Entertainment Oversight Standard

Standard SHUSA Compliance CCO Outside Activities Oversight Standard

Standard SHUSA Compliance CCO Subject and Monitored Subject Persons Standard

Standard SHUSA Compliance CCO Political Contributions Standard

Standard SHUSA Compliance CPO Privacy Data Breach Response Standard




| Page 50



Standard SHUSA InfoSec CIO Acceptable Use Standard

Standard SHUSA InfoSec Director of Information Security Architecture

Data and Information Protection Standard

Standard SHUSA Risk US Head of Fraud Risk Management

Internal Fraud Standard

Standard SHUSA Risk CORO Records Management Standard

Standard SHUSA Technology CISO Information Security Standards