Ethics, Legal, and Regulatory Compliance

Commitment to Ethics and Compliance

Obeying the law, both in letter and in spirit, is the foundation on which the ethical standards of Synovus are built, and we are proud of our culture of compliance.1

At Synovus, we consider compliance a core component of our culture and everyone’s responsibility — from senior executives to the newest team members. Compliance is an integral part of everything we do, from strategy to execution. It is at the forefront when we think about our business model, developing new products and services, implementing pricing plans and sales incentives, working with third parties, managing vendors and engaging in our communities.

Synovus’ Ethics Committee manages our formalized ethics program, framework, and policies to ensure an ethically healthy and compliant environment, consistent with professional standards and best practices. The Committee is led by the Chief Ethics and Compliance Officer and includes team members from such key corporate functions as legal, compliance, human resources, complaint management, internal audit, enterprise risk, and corporate responsibility.

Our Code of Business Conduct and Ethics applies to each of our team member and directors, is available online through our Team Member Guide and is included in our annual training requirements. The Code is also provided to all contractors and representatives, including business partners, vendors and consultants.

The areas covered in our Code of Business Conduct and Ethics, our Team Member Guide, our Corporate Governance Guidelines, and our team member training include anti-corruption (including the Foreign Corrupt Practices Act), conflicts of interest, fair dealing and competition.

We have been recognized as one of the country’s “Most Reputable Banks” by American Banker and the Reputation Institute for four consecutive years. See this and other honors and awards on our website.

Commitment to Our Customers

Our commitment to ethical business practices and doing the right thing for our customers starts with Our Customer Covenant:

We pledge to serve every customer with the highest levels of sincerity, fairness, courtesy, respect and gratitude, delivered with unparalleled responsiveness, expertise, efficiency and accuracy. We are in business to create lasting relationships, and we will treat our customers like we want to be treated. We will offer the finest personal service and products delivered by caring team members who take 100% responsibility for meeting the needs of each customer.

We take every customer concern seriously. Our process for issue resolution and customer complaints is responsive and diligent, and it receives the highest attention from all parts of our organization. The central complaints log is reviewed monthly by senior and members of executive management.

Our staff receives training on the complaints process annually, including how to define, respond to and log a complaint.

In addition to focusing on issue resolution, customer complaints are assessed for opportunities to improve our processes and systems, enhance team member training and awareness, and they also improve our compliance risk assessment.

Over 99% of customer complaints are resolved in less than 30 days.

Compliance Oversight and Policy Governance

The Risk Committee of our Board of Directors has responsibility for our compliance functions, including reviewing the effectiveness and monitoring of compliance with laws and regulations.

On a management level, the Executive Risk Committee (ERC) has oversight of the processes for managing our Corporate Compliance and Ethics Program.

We also have a Regulatory Compliance Risk Committee which is chaired by our Chief Compliance Officer. Members include our Chief Risk Officer and our BSA Officer.

Policy Governance

Our Policy Governance Team provides oversight of our policy governance framework and defines the guidelines for policy development, communication, monitoring and governance. Team members from Consumer Compliance, BSA/AML Compliance, Enterprise Risk, General Counsel, Learning and Development, Legal, and Information Risk & Resiliency are represented on the team.

The Enterprise Risk function owns the overall program while the ongoing administrative management is owned by the Policy Management function within Learning and Development.

Executive Management is accountable for ensuring that our policy management is communicated and understood within their respective organizational units and that the proper support is provided.

The Policy Management Policy is reviewed by the Policy Governance Team annually with any changes submitted to the Executive Risk Committee and the Risk Committee of the Board, for review and approval.

Team Member Training and Awareness

Our company was founded on integrity, honesty, and doing the right thing, and we expect our team members to uphold these values.

All team members complete a comprehensive training program annually, with an online course curriculum including the code of conduct, the customer complaints process, and BSA/AML/OFAC compliance, among others. We also customize training programs and conduct face-to-face training as needed. Team members are required to complete training within 45 days and to pass with a score of 80% or higher. Training completion is reported to the Board quarterly with a goal of 100%.

In addition to training, our frontline team members who have customer contact or who have access to customer records or transactions also participate in programs of self-testing to augment compliance testing performed by the second line. Self-testing ensures that daily processes and controls are performed as documented; that consumer compliance issues are identified and escalated; and that corrective action measures are developed and implemented. The first line of defense reports its finding to Corporate Compliance, management, and responsible committees periodically, where applicable.

Self-testing is performed by the first line of defense and is the frequent, real, or near real-time evaluation of the effectiveness of daily processes and controls, performed while or after daily processes and controls are executed. The goal of self-testing is to identify, escalate, and resolve consumer compliance issues sooner than if issues were only identified by the second line of defense during independent transaction testing. Each assigned risk owner is responsible for managing risk with their respective organizations.

Whistleblower Protection

In addition to our open-door philosophy, we provide multiple ways for team members to raise concerns, including an anonymous Ethics Helpline. These confidential tools ensure that our team members can report ethical violations in confidence and without fear of retaliation.

Within our Code of Business Conduct and Ethics and the Team Member Guide (as well as on our website), there are instructions for how to take action against violations and how to access the anonymous helpline which is staffed and available 24/7 and administered by an independent third-party.

We do not permit retaliation of any kind against team members for good faith reports of suspected violations of our Code of Business Conduct and Ethics or any company policy or legal requirement.

For any shareholder who has a concern, there is an email address provided for direct contact with our Board of Directors.

Bank Secrecy Act and Anti-Money Laundering Program

Synovus has a comprehensive compliance program and policy framework recognizing our obligations and to mitigate our risks relating to the Bank Secrecy Act (BSA), Anti‐Money Laundering (AML) requirements, the USA Patriot Act, and other related federal laws and regulations. All directors, officers, team members, and temporary or contract workers are covered by our polices and standards and must comply with associated processes and procedures.

Our corporate strategy includes enhancing processing using advanced technology and Robotic Process Automation (RPA), improving procedures, reporting, and feedback, modernizing and reducing costs on sanctions screening, and optimizing our transaction monitoring application with alerts and investigations.

BSA Oversight

Our Board of Directors, through the Risk Committee, is responsible for ensuring that we maintain an effective BSA/AML/OFAC Compliance Program. The following oversight structures are in place:

• The BSA Compliance Committee meets quarterly with appropriate business segment team members and department managers.
• The BSA Compliance Account Review Committee (ARC) meets quarterly to review the status of Suspicious Activity Reports (SARs) filed, SAR trends, and other high-risk account relationships.
• The BSA Officer is designated by the Board as the Anti-Money Laundering program coordinator and is responsible for overseeing the day-to-day operations necessary to ensure compliance with all the requirements outlined in the various anti-money laundering laws and regulations. The responsibilities include establishing and maintaining a robust reporting framework, including material exceptions to the policy and filing of SARs.

BSA Risk Assessment

We perform an annual BSA/AML/OFAC risk assessment incorporating the risks related to our products and services, customer base, and geographic markets. The primary purpose is to evaluate our exposure to the risks associated with money laundering, terrorist financing, and other specified unlawful activities.

BSA Training and Awareness

All business segments, including branch personnel, retail operations, wire room, ACH and all other areas with customer contact or access to customer records or transactions are responsible for understanding and complying with the reporting and recordkeeping requirements of BSA/AML/OFAC. Team members are also responsible for “knowing your customer” (KYC) and reporting any unusual or suspicious activity to their supervisor or the BSA Officer.

Annual training is provided for all team members whose duties require knowledge of BSA/AML/OFAC compliance. We also undergo an annual independent testing of the Compliance Program, or more frequent if deemed necessary.

Legal and Regulatory Environment

The financial services industry is subject to extensive regulation and we are committed to complying with all rules and regulations published by the regulatory agencies. We have strong and transparent relationships with regulators, including the Federal Reserve, the Georgia Department of Banking and Finance, the OCC, the FDIC, and the CFPB.

We have experienced no material losses resulting from legal proceedings associated with fraud, theft, regulatory penalties or violation of industry regulations.

Political Lobbying and Contributions

We have restrictions on political expenditures and gifts and prohibit payments to government personnel. We adhere to laws and regulations governing business dealings with U.S. government personnel. For additional information see our Code of Business Conduct and Ethics. All corporate political contributions must be authorized by the Company’s Executive Management.

We have two Political Action Committees (PACs), one state and one federal, both contributing in limited, balanced ways. Before making any political contribution at the PAC level, individual candidates are evaluated and assessed on a number of different factors, including their demonstrated leadership or potential for leadership, their committee assignments and seniority within Congress or state government, their likelihood of success, and other internal or external activities. All political contributions made by our PACs comply with federal and state campaign finance laws and all lobbying efforts are focused on the local, state, and federal government levels.