Corporate Governance and Board Independence

Corporate Governance and Board Refreshment

Our Board of Directors (Board) is charged with and committed to effectively governing the company’s business matters for the benefit of our key stakeholders, including our team members, clients, shareholders, and communities. The Board strives to ensure the success and continuity of our business through the appointment of qualified executive management and robust oversight to affirm that corporate activities are conducted in a legal, responsible, and ethical manner. For more information, please see our Corporate Governance Guidelines on the Investor Relations page of our website.

Strengthening Governance with Refreshed and Diverse Board

Over the past decade, we have been keenly focused on refreshing and building a best-in-class Board with diverse viewpoints and perspectives to strengthen the oversight of responsible business practices and sound corporate governance.  

With a sharpened focus on refreshment, diversity, and succession planning, we have achieved some significant accomplishments, including the election of 11 directors and the increase of the Board’s total diversity (gender, race and/or ethnicity) from 20% to 55% over the last 10 years. The transformative nature of our efforts has been undertaken carefully and strategically with an overarching dedication to building a cohesive Board team in a strong environment of trust. With this renewed focus on refreshment, expertise, and diversity, we believe that our Board composition is better than ever.1

Board Composition Aligned with Long-Term Strategy

We are committed to incorporating a wide range of qualifications, skills, and experiences into our Board that align with our long-term corporate strategy and that are relevant to our business and industry. In meeting these goals, we have remained committed to our directors having:

• Demonstrated business acumen and financial literacy;
• A high degree of engagement and commitment;
• A reputation for high integrity, judgment, professionalism, and adherence to high ethical standards;
• Extensive experience in the public, private, or not-for-profit sectors;
• Leadership and expertise in their respective fields;
• Strategic thinking; and
• Involvement in educational, charitable, and community organizations.

The skill set demonstrated by our Board reflects a diverse set of qualifications, skills, and experiences, as set forth below.

The above graph does not encompass all of the qualifications, skills, and experiences of our directors, and the fact that a particular director is not included for each attribute does not mean that the director does not possess that attribute. In addition, the absence of a particular attribute with respect to any of our directors does not mean that the director in question is unable to contribute to the decision-making process in that area. In addition, directors gain substantial experience through their service on our Board, which involves significant exposure to the complex regulations and changing landscape of the banking industry. For more detailed information on the skill sets and qualifications of our 11 directors, please see our 2022 Proxy and the Investor Relations section of our website.

---

Corporate Responsibility Governance

The full Board works closely with management to oversee ESG-related matters that impact our business and key stakeholders and that have regulatory and compliance requirements, including enterprisewide strategies related to diversity, equity, and inclusion (DEI), environmental initiatives, and sustainable finance. This oversight is designed to ensure our company manages our business responsibly to mitigate risk and to ensure sustainability-related actions and investments are beneficial to our shareholders.

The Board has also designated committees with oversight of respective areas of responsibility with ESG oversight. The Corporate Governance and Nominating Committee (Governance Committee) oversees our overall ESG strategy, initiatives, and policies, including opportunities related to social responsibility, governance, climate, and sustainability. The Risk Committee (Risk Committee) provides guidance and oversight on all ESG-related risks and the management of those risks, including risks related to climate and sustainability. Additionally, the Compensation and Human Capital Committee assists the Board with its oversight of DEI strategies and initiatives and human capital management at all levels.

We have an internal management-level ESG Oversight Council (ESG Council) chaired by the chief communications and corporate responsibility officer that meets at least twice annually and reports directly to the Governance Committee, in accordance with its charter. The chair of the Governance Committee also serves this council in an advisory capacity. The ESG Council is composed of cross-functional leaders from credit, facilities, procurement/vendor management, human resources, compliance, risk management, legal, and investor relations, among others. The ESG Council is a dynamic, evolving team, focused on monitoring existing corporate responsibility-related programs and initiatives, identifying new opportunities to expand activities and reach, and developing internal and external stakeholder communication on ESG-related matters.

Advancing our ESG Reporting and Sustainable Business Practices

In 2021, we continued to enhance our ESG reporting and disclosures, including closer alignment with the Sustainable Accounting Standards Board (SASB) for Commercial Banks. As a part of that work, we adopted a number of SASB-aligned policies, including an Environmental Statement, a Human Rights Statement, and a Sustainable Investment Statement. We also adopted a Code of Business Conduct and Ethics for Suppliers and enhanced our due diligence process and procedures for our vendors and third-party partners to better understand certain ESG-related matters related to these partnerships.

Moreover, we published an ESG website in January 2021, and our executive chairman focused his time in part on developing and advancing our ESG activities and initiatives. We believe this structure and general corporate responsibility program process improvements best position us to monitor, manage, and oversee all ESG-related risks and opportunities across our business operations.

---

Enterprise Risk Management

As an organization, we have incorporated risk management into our culture, from decisions regarding strategies and capital to reducing risk in business processes. Our approach to risk management does not completely eliminate risk but seeks to achieve an appropriate balance between risk and return, which is critical to optimizing shareholder value. With all team members having risk management as part of their job responsibilities, risk is managed throughout the organization. Every individual is responsible for identifying, understanding, and monitoring risks while adhering to appropriate risk controls that include policies, procedures, and limits.

ERM Oversight

Under our Corporate Governance Guidelines, the Board is charged with providing oversight of the risk management processes. The Board does not view risk in isolation and considers risk in virtually every business decision and as part of the overall business strategy. While the Board oversees risk management, executive management is charged with managing risk. The Board’s role in risk oversight is an integral part of the overall enterprise risk management (ERM) framework.

Our ERM Program provides clear ownership and accountability for managing risk and protects the interest of our clients, team members, and shareholders. Overall risk management oversight and direction are provided by our chief risk officer and the Risk Committee, which is comprised solely of independent directors. While all four Board committees have responsibility for certain individual aspects of risk, the Risk Committee is responsible for approving and periodically reviewing our enterprise-wide risk management policies and overseeing ERM operations.

We have a robust and mature ERM framework with a comprehensive process for identifying, prioritizing, assessing, and managing risk exposure and opportunities. This includes a pervasive risk culture focused on current and emerging risks and incorporating these into strategies, capital, and business processes, with three lines of defense and accountability. The governance and oversight of risk management is through a Board-approved risk appetite with standard risk taxonomy that supports a consistent assessment framework.

ERM Program and Enterprise Risk Policy

Because risk throughout our organization is so interrelated, our risk management practices and policies are managed under one ERM program framework. The ERM team coordinates the identification, assessment, and reporting of our risks and monitors that they are being managed appropriately. This enhances our ability to make better decisions, deliver on objectives, and improve performance.

The Synovus Enterprise Risk Policy is applicable to all areas and team members of our organization, including the holding company, the Bank, and our subsidiary companies. The policy helps ensure we:

• Design and develop a comprehensive process to identify, prioritize, assess, and manage risk exposures and opportunities;
• Construct an infrastructure to support ERM and ensure that responsibilities are clearly defined and communicated at all levels;
• Develop risk management information that is communicated through a clear and robust reporting structure; and
• Integrate ongoing risk management activities within the business.

Asset/Liability Risk Management

Managing interest rate risk is a primary goal of our asset liability management function. We attempt to achieve consistency in net interest income while limiting volatility arising from changes in interest rates. To accomplish this goal, we balance the maturity and repricing characteristics of assets and liabilities along with the selective use of derivative instruments. We manage this exposure in accordance with policies that are established by our Asset Liability Management Committee and approved by the Risk Committee. For additional information, please see our latest Form 10-K filing.

Systemic Risk Management

We are required to comply with capital adequacy standards established by our primary federal regulator, the Federal Reserve, and we measure capital adequacy using the standardized approach to the Basel III Final Rule. As of December 31, 2022, our capital levels remained strong and exceeded well-capitalized requirements currently in effect. For additional information, please see our latest Form 10-K and Form 10-Q filings.

Through our capital adequacy management process, Synovus integrates risk practices and monitoring to ensure we can maintain capital levels that are more than adequate to support business activities while aligning with overall stated risk appetite and strategic planning initiatives. Capital ratios are measured against stated appetites and regulatory thresholds with a focus on current capital ratios, forecasted baseline ratios, and potential stressed capital ratios. This capital adequacy assessment process provides a comprehensive view of both the financial health and capital strength of Synovus by leveraging periodic forward-looking forecasts under both baseline and stressed conditions. The annual stress test results inform actions within the capital plan, which is approved annually by the Board.

Credit Risk Management

The goal of our credit risk management approach is to maintain a high-quality loan portfolio that safely meets the requirements of our shareholders, clients, team members, and regulators. To this end, we have a Loan Policy in place that outlines our standards for credit guidance, underwriting, and documentation to ensure that our lending function is operating within established risk tolerances. We have the ability to prohibit or limit lending to certain entities based on Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) or other considerations outlined in the Loan Policy.

Loan Policy Oversight

The Loan Policy Council, currently comprised of 15 team members representing credit administration, wholesale banking, community banking, consumer banking, operations, and credit risk analysis, does a comprehensive review of the Loan Policy at least annually as required by the Bank, business conditions, or regulations to keep the Loan Policy current and effective. The Board oversees and approves any updates to the Loan Policy. Any changes are put forward by the Loan Policy Council and presented to the Credit Risk Committee before being recommended to the Board.

Credit Underwriting and Portfolio Management

Our Commercial and Industrial (C&I) loan portfolio represents the largest category of our total loan portfolio and is primarily comprised of general middle market and commercial banking clients across a diverse set of industries. We include a table of the composition of the C&I loan portfolio aggregated by the North American Industry Classification System (NAICS) code, as provided in our Form 10-K and Form 10-Q filings.

In accordance with our Loan Policy, each loan undergoes a detailed underwriting process that incorporates uniform underwriting standards and oversight in proportion to the size and complexity of the lending relationship. In our credit underwriting process, we consider various company-specific factors and information about the industry in which the borrower operates, including data, outlook, and trends.

Operational Risk Oversight

In addition to its other responsibilities, the Risk Committee has oversight of technology and operational risk. On the management level, there is an Information Risk and Resilience Advisory Committee which provides strategic direction and support to the program. The members include the chief financial officer, the chief risk officer, and the general counsel.

We also have a Business Continuity Advisory Committee with cross-functional representation that meets quarterly to review what is being done from a program perspective. This includes identifying improvement opportunities and assessing how changes in regulatory requirements may impact the program.

Business Continuity and Disaster Recovery

We focus both on business resilience and business continuity. Business resilience reflects our efforts to make our environment as tolerant as possible and minimize the impact of adverse events. Business continuity planning is how we prepare to respond to an event when it happens and the mechanics of recovering from that disaster.

We have a Business Continuity and Disaster Recovery Program in place, which includes policies, procedures, and systems designed to prevent or limit the effect of possible failures, interruptions, or breaches. Our business continuity programs are designed to provide services in the case of an event resulting in material disruptions of our operating systems. We regularly seek to enhance these policies, procedures, and systems, and our incident response program is tested regularly, including through independent third-party reviews and assessments.

Preparedness in Action

Each department at Synovus is responsible for preparing current and comprehensive Business Continuity Plans (BCPs) and maintaining team members’ current contact information within our Emergency Notification System to ensure continuity of processes in the event of a business disruption.

There are two components to the Business Continuity and Disaster Recovery program: the business impact analysis (BIA) and the associated BCP. Each of our business units undergoes an annual BIA to identify the most critical functions and the potential impact of a disruption. This process supports prioritizing what processes, systems, tools, and facilities are most critical to recovering, how they would be recovered, and within what time frame. The BIA is facilitated by the corporate business continuity team who provides a framework and ensures process consistency and oversight. Each BIA is approved by the respective business unit leader. We track and report to executive management the number and percentage of completed BIAs.

When BCPs are completed and approved, each plan is tested using common testing methods. Testing of the BCPs is done at least annually.

Regulatory Compliance Risk Oversight

The financial services industry is subject to extensive regulation, and we are committed to complying with all rules and regulations that apply to us. We have strong and transparent relationships with our regulators, including the Federal Reserve, the Georgia Department of Banking and Finance, the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), and the Consumer Financial Protection Bureau (CFPB).

We have experienced no material losses resulting from legal proceedings associated with fraud, theft, regulatory penalties, or violation of industry regulations.

Legal and Regulatory Oversight

The Risk Committee has primary responsibility for our compliance functions, including reviewing the effectiveness and monitoring of compliance with laws and regulations. We also have a Regulatory Compliance Risk Committee chaired by our chief ethics and compliance officer. Members include our chief risk officer and our BSA/AML Officer. For more information, please see the following Ethics and Compliance section of this Governance pillar.

Political Lobbying and Contributions

We have restrictions on political expenditures and gifts and prohibit payments to government personnel. We adhere to laws and regulations governing business dealings with U.S. government personnel. All corporate political contributions must be authorized by our executive management. For additional information, please see our Code of Business Conduct and Ethics.

We have two Political Action Committees (PACs), one state and one federal, both contributing in limited, balanced ways. Before making any political contribution at the PAC level, individual candidates are evaluated and assessed on a number of different factors, including their demonstrated leadership or potential for leadership, their committee assignments and seniority within Congress or state government, their likelihood of success, and other internal or external activities. Political contributions made by our PACs comply with federal and state campaign finance laws, and all lobbying efforts are focused on the local, state, and federal government levels. Our political contributions during 2021 were immaterial.

---

Ethics and Compliance

Our Commitment to Compliance and Ethical Business Practices

Obeying the law, both in letter and in spirit, is the foundation on which the ethical and compliance standards of Synovus are built. We consider compliance a core component of our culture and everyone’s responsibility — from senior executives to the most junior team members. Compliance is at the forefront when we think about our business model, developing new products and services, implementing pricing plans and sales incentives, working with third parties, managing vendors, and engaging in our communities.

Ethics and Compliance Governance

The Risk Committee has primary responsibility for our compliance functions. On a management level, the Executive Risk Committee has oversight of the processes for managing our Corporate Ethics and Compliance Program.

Our Ethics Committee manages our formalized ethics program, framework, and policies to ensure an ethically healthy and compliant environment consistent with professional standards and best practices. The committee is led by the chief ethics and compliance officer and includes senior leaders from such key functions as legal, compliance, human resources, complaint management, internal audit, enterprise risk, and corporate responsibility.

Our Ethics Committee adopted a formalized Ethics Program in 2021, including a written framework for the purpose, objectives, responsibilities, risk framework and assessment, policies, monitoring, testing, training, issues management, risk appetite, oversight and reporting, third party risk management, complaint management, and new and modified product risk. This program was approved by the Governance Committee in July 2021 and by the Risk Committee in September 2021 and is updated and evaluated annually. These two Board committees oversee various aspects of the Ethics Program to ensure enterprise-wide incorporation of our ethics framework into all that we do and all that we are. The core tenants of our Ethics and Compliance Management approach are outlined as follows:

Policies and Procedures

Our Policy Governance Team provides oversight of our policy governance framework and defines the guidelines for policy development, communication, monitoring, and governance. Team members from the consumer compliance, BSA/AML compliance, enterprise risk, legal, human resources, and information risk and resiliency departments are represented on the team and provide valuable oversight to the policy governance process.

• The Enterprise Risk function owns the overall program, while the ongoing administrative management is owned by the policy management function within our learning and development department.
• Executive management is accountable for ensuring that our policy management is communicated and understood within their respective organizational units and that the proper support is provided.
• The Policy Management Policy is reviewed by the Policy Governance Team annually, with any changes reviewed and approved by the Executive Risk Committee and the Risk Committee.

Our Code of Business Conduct and Ethics (Code) applies to each of our team members and directors, is available online through our Team Member Guide, and is included in our annual training process. The Code is also provided to all contractors and representatives, including business partners, vendors, and consultants. The areas covered in our Code, our Team Member Guide, and our Corporate Governance Guidelines include anti-corruption (including the Foreign Corrupt Practices Act), conflicts of interest, fair dealing, and competition.

Training and Awareness

Our company was founded on integrity, honesty, and doing the right thing, and we expect our team members to uphold these values.

All team members complete a comprehensive compliance training program upon onboarding and annually thereafter, with an online course curriculum including the Code, the client complaints process, BSA/AML compliance, and Office of Foreign Assets Control (OFAC) compliance, among others. We also customize training programs and conduct face-to-face training as needed. Team members are required to complete training within 45 days of assignment and to pass with a score of 80% or higher. Training completion is reported to the Board quarterly, with the average training completion rate being consistently over 98%.

During 2021, approximately 100% of our team members completed the required Consumer Compliance training, including required compliance training in areas such as:

• Code of Conduct and Ethics
• Fair Lending Essentials
• Unfair, Deceptive, or Abusive Acts or Practices
• Preventing Elder Financial Abuse
• Flood Disaster Protection Act
• Regulations such as Reg O, Reg W, and Reg E
• Fair Debt Collections Practices Act

Customer Engagement and Complaint Response

We take every client concern seriously. Our process for issue resolution and client complaints is responsive and diligent, and it receives the highest attention from all parts of our organization. Any client complaint we receive is centralized and tracked through resolution, with the complaint log then being reviewed monthly by senior and executive management. Over 99% of client complaints are resolved in less than 30 days.

In addition to focusing on issue resolution, client complaints are assessed for opportunities to improve our processes and systems, enhance team member training and awareness, and improve our compliance risk assessment.

Our team members receive training on the complaints process annually, including how to define, log, and respond to a complaint. During 2021, approximately 100% of our qualifying team members completed the required Complaint Management and the Fair and Consistent Treatment training courses.

Each assigned risk owner is responsible for managing risk with their respective organizations. In addition to training, our frontline team members who have client contact or who have access to client records or transactions on a regular basis also participate in programs of self-testing to augment compliance testing performed by the second line of defense. Self-testing ensures that daily processes and controls are performed as documented, that consumer compliance issues are identified and escalated, and that corrective action measures are developed and implemented. The first line of defense reports its finding to corporate compliance, executive management, and responsible committees periodically, where applicable.

Whistleblower Protection

In addition to our open-door philosophy, we provide multiple ways for team members to raise concerns, including an anonymous Ethics Helpline. These confidential tools ensure that our team members can report ethical violations in confidence and without fear of retaliation.

Within our Code and the Team Member Guide, there are instructions for how to take action against violations and how to access the anonymous Ethics Helpline which is staffed and available 24/7 and administered by an independent third party.

We do not permit retaliation of any kind against team members for good faith reports of suspected violations of our Code or any company policy or legal requirement. For any shareholder who has a concern, there is an email address provided for direct contact with our Board.

Human Rights

Synovus is committed to environmentally responsible, socially focused, strong, and transparent governance practices. This commitment includes the highest standards of ethical business operations and interactions with team members, partners, clients, and vendors — especially the protection of human rights for those employed by or served by our company and those with whom we contract for services.

Our utmost regard for human rights is rooted in the foundation of our company, born in 1888, and remains integrated into how we do business today. We recognize that human rights encompass basic rights, freedoms, and standards of treatment and are demonstrated through fair, equitable, and respectful treatment of and meeting legal obligations to team members, clients, investors, and other stakeholders. The protection of human rights is fundamentally the right thing to do and is beneficial for business growth.

Our human rights-centered policies, practices, and actions are aligned with other relevant and globally recognized standards such as the United Nations (UN) Universal Declaration of Human Rights (UDHR), the UN Guiding Principles on Business and Human Rights, and the OECD Due Diligence Guidance for Responsible Business Conduct. For more information, please see our Human Rights Statement.

Bank Secrecy Act and Anti-Money Laundering Program

Synovus has a comprehensive compliance program and policy framework recognizing our obligations and to mitigating our risks relating to BSA / AML requirements, the USA Patriot Act, and other related federal laws and regulations. All directors, officers, team members, and temporary or contract workers are covered by our policies and standards and must comply with associated processes and procedures.

BSA/AML Oversight

Our corporate strategy includes enhancing processing using advanced technology and Robotic Process Automation (RPA), improving procedures, reporting, and feedback, modernizing and reducing costs on sanctions screening, and optimizing our transaction monitoring application with alerts and investigations.

• The BSA Compliance Committee meets quarterly with appropriate business segment team members and department managers.
• The BSA Compliance Account Review Committee meets quarterly to review the status of Suspicious Activity Reports (SARs) filed, SAR trends, and other high-risk account relationships.
• The BSA Officer is designated by the Board as the AML program coordinator and is responsible for overseeing the day-to-day operations necessary to ensure compliance with all the requirements outlined in the various anti-money laundering laws and regulations. The responsibilities include establishing and maintaining a robust reporting framework, including material exceptions to the policy and filing of SARs.

BSA Risk Assessment

We perform an annual BSA/AML/OFAC risk assessment incorporating the risks related to our products and services, client base, and geographic markets. The primary purpose is to evaluate our exposure to the risks associated with money laundering, terrorist financing, and other specified unlawful activities.

BSA Training and Awareness

All business segments, including branch personnel, retail operations, wire room, ACH, and all other areas with client contact or access to client records or transactions, are responsible for understanding and complying with the reporting and recordkeeping requirements of BSA/AML/OFAC. Team members are also responsible for “knowing your customer” and reporting any unusual or suspicious activity to their supervisor or the BSA Officer.

Annual training is provided for all team members whose duties require knowledge of BSA/AML/OFAC compliance. We also undergo annual independent testing of the Compliance Program, or more frequently if deemed necessary.