General Banking Law of 2000 and the Issuances of Bangko Sentral ng Pilipinas

AEV’s banking and financial services group adhere to the provisions of the General Banking Law of 2000 (Republic
Act No. 8791) and the Anti-Money Laundering Act of 2001 (Republic Act No. 9160), as amended. Rules and
regulations issued by the BSP in the forms of circulars, circular letters and memoranda relevant to the business of
AEV are compiled together in the (i) Manual of Regulations for Banks, and (ii) the Manual of Regulations for Foreign
Exchange Transactions. These manuals are updated by the BSP through issuances supervisory and regulatory
policies, which AEV’s banking and financial services group regularly monitors.

Anti-Money Laundering Laws and Know Your Customer Procedures

Unionbank and its subsidiaries comply with the Anti-Money Laundering Act of 2001 (Republic Act No. 9160) as
amended, its Implementing Rules and Regulations and regulatory issuances of the BSP. The Bank adheres to the
Know Your Customer (KYC) rules and customer due diligence requirements of both the law and regulations from the
start of bank-client relationship until its termination.

Since June 2015, the Unionbank and its subsidiaries has put in place a new AML System equipped with monitoring
tools and reporting capabilities. Beginning last September 2016, the Unionbank has likewise implemented a real-
time sanctions screening system to screen transactions that pass through the SWIFT network. Since last year,
Unionbank has also implemented monitoring processes for transactions within a certain threshold. KYC process
remains to be robust through documentation of client information, determination of acceptable IDs for transactions,
and senior management approval, where warranted.

Finally, on an annual basis, UnionBank, through its Compliance and Corporate Governance Office, provides annual
formal AML trainings to the members of the Board of Directors, Senior Management and its Branches. Senior
Management, branches and other units are also required to take the annual electronic AML refresher module in
coordination with HR Group and the Compliance and Corporate Governance Office.

Data Privacy Act of 2012

The Data Privacy Act of 2012 is a comprehensive and strict privacy legislation aimed to protect the fundamental
human right of privacy, of communication while ensuring free flow of information to promote innovation and growth
by: (i) protecting the privacy of individuals while ensuring free flow of information to promote innovation and
growth; (ii) regulating the collection, recording, organization, storage, updating or modification, retrieval,
consultation, use, consolidation, blocking, erasure or destruction of personal data; and (iii) ensuring that the
Philippines complies with international standards set for data protection through National Privacy Commission
(NPC).

Intended to protect the privacy of individuals, it ensures that all personal information must be (i) collected with
consent and for reasons that are specified, legitimate, and reasonable; (ii) handled properly, ensuring its accuracy
and retention only for as long as reasonably needed; and (iii) discarded properly to avoid access by unauthorized
third parties.

Its Implementing Rules and Regulations took effect on September 9, 2016, mandating all Philippines companies, with
at least 250 employees or access to the personal and identifiable information of at least 1,000 people, to comply
with the following: (i) appointment of a Data Protection Officer; (ii) conduct of a privacy impact assessment; (iii)
creation of a privacy knowledge management program; (iv) implement a privacy and data protection policy; and (v)
establish a breach reporting procedure.

In 2017, the AEV has started with the roll out and implementation of ISMS for the whole Aboitiz Group, this includes
compliance with the Data Privacy Act of 2012. This is an 18-month project that will be completed in 2018.

The Philippine Competition Act

The Philippine Competition Act (R.A. 10667) is a new law aimed to promote and protect fair market competition. It
is intended to improve consumer protection and preserve the efficiency of market competition in the marketplace
by establishing the Philippine Competition Commission (PCC) to implement the following: (i) prohibiting entities
from entering into anti-competitive horizontal and vertical agreements especially those that substantially prevent
or restrict competition; (ii) proscribes abuse of dominant position, which refers to conduct by dominant players that
restricts competition (e.g., predatory pricing, tying and bundling, or imposing barriers to entry by new player, etc);
(iii) regulation or prevention of anti-competitive mergers and acquisitions; and (iv) imposition of fines and criminal
penalties.

The PCC, in its Memorandum Circular No. 18-001, adjusted the thresholds for the compulsory notification of mergers
and acquisitions from Php1B for both the Size of Person and Size of Transaction tests to PhP5 Billion for the Size of
Person and PhP2 Billion for the Size of Transaction as defined in the Implementing Rules and Regulations.

Adjusted Thresholds to be Implemented

Test Old Threshold New Threshold
Size of Person Test P1 bn P5 bn
Size of Transaction Test P1 bn P2 bn

This means that the value of the assets or revenues of the Ultimate Parent Entity (UPE) of at least one of the parties
must exceed PhP5 Billion instead of PhP1 Billion. The UPE is the entity that, directly or indirectly, controls a party to
the transaction, and is not controlled by any other entity. In addition, the value of the assets or revenues of the
acquired entity must exceed PhP2 Billion instead of PhP1 Billion. Both thresholds must be breached in order for the
compulsory notification requirement to apply.

The Aboitiz Group, in its effort to create long term value to its shareholders in growing its business and in the conduct
of its business practices, monitors its compliance with the Philippine Competition Act.