2023 ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT Enterprise Financial Services Corp Creating Success by Prioritizing Community, Clients and the Environment

A MESSAGE FROM OUR PRESIDENT & CEO Enterprise continues to take seriously our role in managing our business for success and creating positive contributions to society. As we have since our founding, we remain committed to creating a positive impact on our associates, clients and the communities in which we live and work. One of our best opportunities to create meaningful change as a financial institution is through the New Markets Tax Credit (“NMTC”) program, which helps us to fund and subsidize projects in underserved communities. In September of 2023, we were pleased to receive a $60 million allocation from the Community Development Financial Institutions Fund of the U.S. Department of Treasury. This allocation will allow us to continue our work with the NMTC program, which helps create jobs and increases access to community services for those who need it most. We continue to innovate with internal programs designed to help our associates grow and thrive. This year, we launched two new programs to help us continually improve in this area. The first is Enterprise EDGE, an all-leadership regional conference series featuring six sessions to help align managers on our approach to leading associates. Sessions included “Improving Performance by Fostering an Inclusive Team Culture” and “Leading Through Accountability.” We also launched our first-ever Associate Belonging & Inclusion Week, which included a series of engaging and informative online activities that helped us foster inclusion and a sense of belonging for all associates. We believe these efforts are a contributing factor in Enterprise receiving several important distinctions in 2023, including being ranked No. 3 on the Forbes® list of America’s Best Banks, and being named for the sixth straight year to the American Banker® list of Best Banks to Work For. We were also pleased to be recognized by 50/50 Women on Boards™ as a “3+” corporation, with three or more women on our Board of Directors. In the pages ahead, we share much more information about our ESG efforts that are helping to ensure we are part of the solution. Jim Lally President & CEO Enterprise Financial Services Corp

TABLE OF CONTENTS Our Guiding Principles ............................................................ 02 I. ESG Governance .............................................................. 04 II. Climate ............................................................................ 06 III. Community Involvement .................................................. 08 IV. Human Capital ................................................................. 12 V. Additional Important Governance Policies ....................... 18 ENTERPRISE FINANCIAL SERVICES CORP 150 N. Meramec Avenue • Clayton, MO 63105 INVESTOR RELATIONS Keene Turner, Senior EVP, Chief Financial Officer (314) 512-7233 MEDIA Steve Richardson, SVP, Corporate Communications (314) 995-5695 CONNECT WITH US LinkedIn Facebook Get Our Annual Report ABOUT THIS REPORT Enterprise Financial Services Corp (“EFSC”) is a financial holding company that provides a full range of banking and wealth management services to individuals and corporate customers primarily located in Arizona, California, Florida, Kansas, Missouri, Nevada and New Mexico through its banking subsidiary, Enterprise Bank & Trust® (the “Bank”). The terms “we,” “us,” “our,” “Enterprise” or the “Company” as used in this Environmental, Social and Governance (“ESG”) Report refer collectively to EFSC, together with its subsidiaries, including the Bank, when or where appropriate. This Report is not comprehensive. It should be read in conjunction with EFSC’s 2023 Annual Report on Form 10-K and, in particular, the “Forward-Looking Statements” and “Risk Factors” sections of the 2023 Annual Report, together with other reports filed by EFSC with the Securities Exchange Commission (“SEC”).

We take great effort and pride in creating a strong culture anchored by a set of Guiding Principles that focus on our culture and decision-making. We work to exemplify these principles through everyday behaviors, management practices and organizational norms. We utilize a variety of ways to reinforce these principles and to encourage and celebrate associates demonstrating these behaviors, including our Peer-to-Peer Recognition Program that allows associates to recognize their peers for exhibiting these principles. OUR GUIDING PRINCIPLES ARE: Our GUIDING PRINCIPLES ڼ Integrity ڼ Client Success ڼ Accountability ڼ Teamwork ڼ Belonging & Inclusion ڼ Continuous Improvement ڼ Balance ڼ Corporate Citizenship

03 OU R GU IDIN G PRIN CIPLES In 2023, we were recognized by a variety of organizations for our commitment to our associates and communities. 2023 Awards & Recognition DOING WELL BY DOING GOOD AWARD Once again this year, Enterprise has won the Doing Well by Doing Good Award, which is given by Mastercard®. The award is given to a select few organizations that promote community service, philanthropy and charitable giving to make a difference in the communities they service. AMERICA’S BEST BANKS This year, Enterprise was proud to be No. 3 on the Forbes® list of America’s Best Banks, up from No. 35 the previous year. The rankings are based on growth, credit quality and profitability over a 12-month period. BEST BANKS TO WORK FOR 2023 For the sixth straight year, Enterprise has made the American Banker® list of Best Banks to Work For, jumping nine spots to No. 52 nationwide. The ranking comes from a combination of an associate survey plus a review of our policies and associate benefits. “3+” CORPORATION Once again we were recognized by 50/50 Women on Boards™ as a “3+” corporation with three or more women serving on our Board of Directors, an important step to achieving gender-balanced and diverse boards. WOMEN IN THE WORKPLACE HONOREE The Women’s Foundation of Greater St. Louis named Enterprise as an honoree in their Women in the Workplace awards. The awards are given based on company policies, practices, development and data that show our commitment to supporting and advancing women in the workplace. 2023 LEADER IN DISABILITY INCLUSION AWARD The Center for Disability Inclusion recently awarded Enterprise with its Disability Inclusion Award. This award is given to organizations that demonstrate values associated with being a leader in disability inclusion. TOP-PERFORMING BANKS Enterprise moved up five spots — from No. 32 to No. 27 — in American Banker’s annual list of top-performing banks with between $10 and $50 billion in assets. The ranking is based on a three-year average return on equity for each institution. All trademarks are the property of their respective owner(s).

04 I. ESG GOVERNANCE Our commitment to sustainability begins with the Board of Directors of Enterprise (the “Board”). As the governing body responsible for our general oversight and strategic direction, the Board establishes parameters to ensure our interactions with society and the environment are considered in connection with all business activities. The Risk Committee of the Board is composed exclusively of independent directors1 and is responsible for the governance of our Enterprise Risk Management (“ERM”) framework and ESG policies and initiatives. The Risk Committee advises and informs the Board on ESG matters,2 including sustainable management and oversight of climate-related risks. The Risk Committee provides direction and oversight of management regarding the Company’s ESG-related activities and reviews and approves ESG disclosures. In addition, the Risk Committee oversees the activities of the following management committees: Risk Oversight, ESG Management, Regulatory Compliance and Operations Technology. 1 Independence determined in accordance with the Nasdaq listing rules. 2 Environmental, health and safety, corporate social responsibility, sustainability and other public policy issues.

ERM FRAMEWORK The Risk Oversight Committee has overall responsibility for monitoring our ERM framework. The ESG Management Committee is a subcommittee of the Risk Oversight Committee and reports to it on ESG matters. The ESG Management Committee is comprised of a cross-functional group of management associates tasked with assisting the development, implementation and monitoring of our ESG strategy. The ESG Management Committee is also responsible for overseeing the implementation of ESG initiatives and supporting our ESG strategy, including those related to climate-related risks. The Regulatory Compliance Committee is a management committee responsible for monitoring our compliance programs, policies and procedures to ensure these are appropriately responsive to the various legal and regulatory risks facing the Bank. The Regulatory Compliance Committee chair is a member of both the Risk Oversight and ESG Management Committees and advises these committees on risks and opportunities related to community development lending, bank secrecy and anti-money laundering, client complaints and other compliance-related matters. Further, the Regulatory Compliance Committee chair reports committee activities to the Risk Committee of the Board. See Bank Regulatory Compliance Program on page 22 for more details on compliance governance. The Operations Technology Committee is a management committee with overall responsibility for monitoring the systems, policies and procedures for our loan, deposit and wealth management business operations. This includes the framework used to identify and prevent cyberattacks or breaches. The Operations Technology Committee chair reports committee activities to the Risk Committee of the Board. Additionally, the Chief Information Security Officer (“CISO”) is a member of this committee, as well as the Risk Oversight and ESG Management Committees, and advises these committees on risks and opportunities related to information security, including data privacy. See Customer Privacy & Data Security on page 25 for more details on information security governance. To ensure a systematic and firm-wide approach to ESG matters, we have integrated the identification, measurement, monitoring and controlling of ESG issues into our existing ERM framework. The ESG Management Committee has identified several risks specifically related to ESG matters. These risks are part of our risk inventory and are integrated into our ERM framework. To ensure understanding of ESG and the related concepts across our organization, all associates are annually required to complete ESG training. As our ESG protocol matures, we will continue to incorporate it into our ERM framework. We also have policies and operational procedures designed to promote our sustainability efforts and increase the effectiveness of our risk governance framework. The most significant of these policies are described in more detail in Section V — Additional Important Governance Policies on page 18. EFSC BOARD OF DIRECTORS RISK COMMITTEE RISK OVERSIGHT COMMITTEE REGULATORY COMPLIANCE COMMITTEE OPERATIONS TECHNOLOGY COMMITTEE ESG MANAGEMENT COMMITTEE I. ESG GOVERN AN CE 05

06 II. CLIMATE We understand climate change may present certain risks to our business. With the oversight of our Board and the Risk Committee, we are formulating processes for identifying and measuring the impact of climate-related risks and their potential significance to our ongoing business operations and long-term value. As we continue to work to understand the risks and expand on and enhance our climate response, we may include specific climate change considerations into our risk management protocol, strategic planning, organizational goals and operational procedures. While we have not experienced material losses from climate change, we are aware of the potential impact to us and our clients and are planning risk mitigation strategies, where appropriate. For instance, the risk to our physical infrastructure from extreme weather conditions is mitigated by our business continuity planning and appropriate insurance coverage. The risk to collateral in our loan portfolios from extreme weather conditions is mitigated by compliance with flood and mortgage hazard insurance coverage, as well as other insurance coverage as applicable. While current insurance policies may cover some or all of the loss associated with many severe weather events, policies may, over time, become more expensive or unavailable to cover losses for a particular geographic area or business activity, particularly if faced with increasing severity and frequency of severe weather events.

07 II. CLIM ATEA. GREENHOUSE GAS EMISSIONS To better understand our environmental impact and help us identify climate-related business risks and potential opportunities, we continue to identify the sources of, and work to measure, our greenhouse gas (“GHG”) Scope 1 and Scope 2 emission calculations and are also assessing the data required to calculate Scope 3 GHG emissions, including those associated with our financing activities. B. CREDIT MANAGEMENT We lend primarily to privately owned and operated businesses. Significant environmental factors are evaluated as part of our existing lending policies and processes, including our calculation of current expected credit losses (“CECL”). However, we are evaluating additional environmental considerations to help us better understand industries and sectors with exposure to climate-related transition and physical risks. We are also investigating methodologies and emerging risk models that measure the financial impact of these risks. This includes the timing and magnitude of climate- related impacts, which are highly uncertain and dependent on the mitigating actions implemented. For further details on our credit exposure by NAICS code, refer to Loans by Type on page 39 of our 2023 Annual Report on Form 10-K. For a full discussion of risks to our business, see “Risk Factors” in our Annual Report on Form 10-K, including climate-related risk on pages 25-26. C. RECYCLING Our recycling program includes paper, cardboard, aluminum cans and plastic bottles. Recycling stations are provided in our branch locations and operations center, where local haulers support this program. When possible, we strive to reuse electronic equipment. When reuse or resale is not feasible, we recycle using regulated and certified hardware recycling vendors. By using certified vendors, we ensure that our electronic waste is properly managed and that valuable raw materials are recovered and reused. D. GOVERNANCE, METRICS & TARGETS The Risk Committee continues to oversee and assess ways to identify and manage the risks posed by climate change to our business. As part of our ESG structure, the Risk Oversight Committee, with the assistance of the ESG Management Committee, is responsible for developing, recommending and implementing our climate-related strategy and apprising the Risk Committee of the information necessary to make informed decisions regarding our climate change response. Additionally, the Risk Oversight Committee, along with the ESG Management Committee, continues to consider and assess appropriate metrics and targets by which the Risk Committee can evaluate the level of achievement of our climate change-related goals as they continue to evolve. See Section I — ESG Governance on page 04 for more information on the oversight structure.

08 III. COMMUNITY INVOLVEMENT We are committed to managing our business and community relationships in ways that positively impact our associates, clients and the diverse communities where we live and work. We have a long-standing history of supporting our communities. Our Community Impact Report provides information and stories about our various community engagement initiatives, including affordable housing, volunteerism, philanthropy, diversity and inclusion, and education. A few examples of our endeavors are described within this section. View Our Latest Community Impact Report

09 III. COM M U N ITY IN VOLVEM EN T A. COMMUNITY DEVELOPMENT We actively seek opportunities to make a real impact in our communities. We invest in various ways across our markets, including through financing and charitable donations. In 2023, our overall loan portfolio included the financing of over $2.1 billion in small business, small farm and community development-qualified loans. This includes supporting affordable housing, revitalization and stabilization, community services and economic development. Our community impact plans come from a collaborative process that includes the participation and consensus of community members with civic and nonprofit stakeholders. We believe that this is the most effective way to deliver what each community needs. $554.40 million in CRA small business loans 2023 Highlights $1.59 billion in community development-qualified loans OVER $1.85 million in CRA-qualifying donations and sponsorships Enterprise allocated $12 million in NMTC allocation to KC PBS, a nonprofit organization based in Kansas City, Missouri, known for educational partnerships with schools and outreach to distressed neighborhoods. KC PBS needed this allocation to renovate and expand its facility to enhance its broader role in the community and strategic objective to “reach and represent the diverse audiences it serves.” The renovated facility opened to the public in August 2023 and is expected to serve over 10,000 low-income persons annually. The facility includes a “living room,” in which members of the community are invited to take part in forums that discuss issues relevant to the community, and to participate in educational workshops designed for all ages. A.1 COMMUNITY REINVESTMENT ACT We are subject to the Community Reinvestment Act (“CRA”). The most recent CRA examination was conducted by the FDIC in June of 2023. The Bank received an overall “Satisfactory” rating for this exam. The examination did not identify any evidence of discriminatory or other illegal credit practices for the Bank as a whole. A.2 NEW MARKETS TAX CREDIT ALLOCATION In 2023, it was announced that we were selected by the Community Development Financial Institutions Fund (“CDFI Fund”) of the U.S. Department of Treasury to receive a $60 million allocation of New Markets Tax Credits (“NMTC”) — our sixth allocation totaling $303 million to date. We were one of 10 banks and 107 awardees nationally. Priority project selection was completed at the end of December 2023 for our most recent $60 million allocation, with all projects being located in low-income census tracts that look to improve the social determinants of health. Our allocation goals are to: ڼ Create Jobs — We select businesses across key sectors that are essential contributors to local economies (job producers). We prioritize growth-oriented businesses with the vision and drive to offer quality employment opportunities, such as those in the manufacturing sector. ڼ Provide Access to Community Services — We also invest in essential community service facilities in underserved communities. We prioritize community service facility projects, such as behavioral health, early childhood education and job training, and select strategic partners who provide community development support.

10 III. COM M U N ITY IN VOLVEM EN T Associates receive up to eight hours of paid time off to volunteer at the 501(c)(3) organization or school of their choice. In addition, many of our associates serve on nonprofit boards and executive committees. Their leadership at these organizations allows them to leverage their skills and gain new ones, and helps to strengthen the organization. In addition to serving at nonprofits, associates also participate in annual holiday drives to gather items such as gifts, food and other items for local nonprofits. In 2023, we donated over $3 million to more than 700 organizations throughout our communities, including $75,000 of associate matches. Enterprise associates spent over 11,000 hours volunteering for the community. B. PHILANTHROPY From smaller nonprofits that help the local community to national organizations like the United Way, Pedal the Cause and Ronald McDonald House Charities®, our engagement with our communities goes far beyond banking. Our Company’s charitable giving is guided by principles of diversity, transformation, measurable impact and sustainability and is focused on the following areas of giving: ڼ Human Services — providing food, health/wellness and other products or services contributing to an improved quality of life, particularly for individuals in low- and moderate-income communities; ڼ Education and Job Training — providing financial education, job training and other career development programs; ڼ Community and Economic Development — providing services related to access to affordable housing, homeownership and credit counseling, and the creation/growth of small businesses and jobs; and ڼ Community Arts — offering cultural enrichment and artistic education. Enterprise also supports the charitable giving of our associates by matching associate contributions to eligible 501(c)(3) organizations. All current full-time or part-time associates of the Company are eligible to participate. We also actively encourage all associates to volunteer time to support and serve the communities in which they live and work. In the summer of 2023, more than 100 of our associates came together to pack 744 Cheeriodicals® care packages for delivery to nine charity partners nationwide. This large team volunteered their time and energy to not only assemble these cheer-up gifts, but also to include personal messages of inspiration and encouragement for each gift recipient. The team’s effort provided donations to hospitalized pediatric patients and other children’s charities within each of our various markets.

3 Some financial inclusion programs are region-specific based, in part, on community needs. III. COM M U N ITY IN VOLVEM EN T 11 C. FINANCIAL INCLUSION & CAPACITY BUILDING Enterprise is a community-oriented bank that is known for its strong commitment to community and economic development. Accordingly, we have developed several programs and products to support low-income and unbanked or underbanked clients in our local communities,3 including: ڼ Community Connection Advisory Board — This committee of independent community leaders helps guide our CRA Program and philanthropic initiatives. ڼ Opportunity Checking — This checking option is designed to provide individuals an opportunity to help reestablish their banking history. ڼ Non-Resident Lending Program — This program provides residential mortgages and other consumer loan products to non-U.S. residents or temporary residents who meet certain eligibility requirements. ڼ Bilingual Branch and Support Staff — We have bilingual retail staff and client service personnel to help serve our clients. ڼ Financial Education/Outreach — Our financial education resources include educational videos and other training available on our website through our partnership with EVERFI, an education technology company that provides learners of all ages education for the real world through innovative and scalable digital learning. We also have dedicated community development officers who offer one-on-one and small group financial education on various topics, such as budgeting, improving credit scores, providing tax filing services to income-eligible individuals and families through IRS-sponsored Volunteer Income Tax Assistance (“VITA”) sites, and becoming a home buyer. Through our partnerships, our Community Development team members also have on-site offices with Urban League of St. Louis and Mission St. Louis. These office locations give clients of these nonprofits convenient access to our team. D. ENTERPRISE UNIVERSITY In 2003, we launched Enterprise University, a one-of-a-kind business training program that offers expert-led webinars on a variety of business topics — at no cost to attendees. Courses help attendees sharpen their business acumen, build skills and deliver greater value to their organizations. We also offer on-demand viewing options to reach wider audiences. With more than 39,000 course attendances in the program’s history, Enterprise University has become an integral part of our communities and is offered to clients and nonclients at no cost.

12 IV. HUMAN CAPITAL Several of our Guiding Principles focus on our associates and the communities in which they work and live. We focus on creating an inclusive and transparent culture that celebrates teamwork and recognizes associates at all levels. We expect and encourage participation and collaboration, and understand we need each other to be successful. We value accountability because it is essential to our success, and we accept our responsibility to hold ourselves and others accountable for meeting shareholder commitments and achieving exceptional standards of performance. We also believe in supporting our associates to achieve a work-life balance. To connect across teams and time zones, we introduced “Meet Enterprise” in 2021, a monthly webcast designed to help associates meet Enterprise leaders and learn more about their teams, their work, and how they support our mission and Guiding Principles. Now in its third year, the webcast continues to engage and educate associates — supporting culture, onboarding and career development.

13 IV. H U M AN CAPITAL A. ATTRACTING AND RETAINING TALENT As of December 31, 2023, nearly 96% of our workforce was employed as regular full-time associates and 3% was employed as regular part-time associates. We also employ seasonal/temporary associates and occasionally hire independent contractors for specific projects that require a highly specialized skill set or to provide additional resources during peak times, as needed. Our performance measures and compensation determinations are designed to ensure the proper balance of risk and reward. Performance evaluations facilitate our ongoing assessment of associates’ skills and improvements as needed. We use annual talent reviews to identify high-performing associates and future potential leaders, provide insight into critical development needs and retention risks, and identify business-critical talent needs, including anticipated workforce planning challenges. Additionally, we have established succession plans to ensure continuation of critical roles and operations. We are committed to offering a competitive total compensation package that is consistent with our principles and aligned with the Company’s financial performance. We regularly compare compensation and benefits with peer companies and market data, making adjustments to compensation as needed to ensure we remain competitive. In addition to base salary, approximately 66% of associates are eligible to participate in the Company’s Short Term Incentive Plan (“STIP”) program. Our STIP program is designed to align compensation with an associate’s performance in a given year. The program sets a performance level of short-term incentive awards that an associate is eligible to earn. The STIP target is defined as a percentage of base salary based on the associate’s grade level as determined by our Human Resources department. As of January 1, 2024, our minimum wage is $17 per hour. We regularly review the current market landscape — both inside and outside of banking and financial services — and consider feedback from leadership in order to maintain a competitive total rewards package that attracts and retains top talent. In 2023, we expanded our focus by offering career development workshops, highlighting Enterprise associate career journeys, and introducing career paths with targeted development resources for primary entry-level roles serving as career launch points. NO. OF ASSOCIATES4 At Dec. 31, 2023 96% Regular full-time 3% Regular part-time 1% Seasonal/Temporary 4 Associates are defined as all persons who receive wages or salaries via our payroll process. The Employment Status Classifications are: • Regular Full-Time Associates — Associates who work at least a 32-hour workweek for an indefinite period of time. All regular full-time associates are eligible for all employment benefits generally provided by Enterprise. • Regular Part-Time Associates — Associates working less than a 32-hour workweek for an indefinite period of time. Depending on the average hours worked per week, regular part-time associates may be eligible for limited employment benefits as specified in the terms of the particular employment benefit plan or policy. • Seasonal/Temporary Associates — An associate who is hired as an interim replacement, to temporarily supplement the workforce or to assist on the completion of a specific project. Employment assignments in this category are of a limited duration. This definition excludes individuals supplied under contract by an outside agency.

IV. H U M AN CAPITAL 14 ATTRACTING AND RETAINING TALENT, Continued We also offer a wide array of benefits for our associates and their families, including: ڼ Health Benefits — We offer comprehensive medical, dental and vision benefits, as well as life insurance and short-term disability insurance for all full-time associates. ڼ Wellness Program — Our wellness program offers financial rewards to associates who adopt healthy habits and participate in wellness education and health screenings. Annual health screenings for associates and spouses/domestic partners enrolled in our medical plans are provided to all associates at no charge. As part of our wellness package, all associates are entitled to free mental health support. ڼ Parental Leave — We offer paid leave in connection with the birth or adoption of a child. ڼ 401(k) Plan — Our 401(k) plan includes a competitive Company match of up to 6%. ڼ Employee Stock Purchase Plan — Our plan enables eligible associates to accumulate up to $25,000 of Company stock per year at a 15% discount to the market price, subject to IRS regulations. ڼ Volunteer Time Off — Associates receive up to eight hours of paid time off to volunteer at the 501(c)(3) organization or school of their choice. ڼ Corporate Charitable-Matching Opportunities — The Company supports associate charitable giving by matching associate contributions to eligible 501(c)(3) organizations. All current full-time or part-time associates of the Company are eligible to participate. ڼ Time Off — Associates receive paid time off, holidays and bank holidays. ڼ Training & Development — Internal training and online development courses covering a wide variety of topics are offered to all associates. ڼ Tuition Assistance — Eligible associates may receive reimbursement to pursue additional formal education to enhance knowledge and skills, thus improving potential for future opportunities. ڼ Associate Support Fund — The Enterprise Cares: Associate Support Fund provides short-term, emergency financial assistance to associates who are facing financial hardship immediately after a natural disaster or an unforeseen personal hardship. During the fall of 2023, Enterprise EDGE, an all-manager regional conference series, successfully brought together leaders from across the Company to learn and share best practices to align our approach to leading associates. Additional learning and development will be provided in the future to help leaders build on what was learned, reinforcing Enterprise’s culture and performance.

IV. H U M AN CAPITAL 15 B. DIVERSITY, EQUITY & INCLUSION We believe that diversity of thought and experience results in better outcomes and empowers our associates to make more meaningful contributions within our Company and communities. We continue to learn and grow, and our current initiatives reflect our ongoing efforts around a more diverse, inclusive and equitable workplace. We believe that diversity helps us build better teams and improve our client experience, leading to greater success for Enterprise and our shareholders. Our diversity data is monitored by the Compensation Committee and is also shared with the Board. We have made progress in this area, but continue to strive to further diversify our workforce and deepen our culture of inclusion. The following is based on associate and director self-identification. EFSC Board of Directors Total Associates Executive Leadershipa Category FY 23 FY 22 FY 21 FY 23 FY 22 FY 21 FY 23 FY 22 FY 21 Female 36% 31% 23% 67% 66% 66% 25% 14% 14% Underrepresented Minority 21% 25% 15% 37% 36% 35% 13% 14% 14% Undisclosed 7% 6% - - 1% 1% - - - a Executive Leadership represents associates who are SEC Section 16 filers. Our Diversity, Equity & Inclusion Council is a management committee which provides information, ideas and insights from a variety of diverse perspectives to help us foster a diverse, equitable and inclusive environment for our associates and the communities we serve. In addition, we have several associate development programs that help to create a more inclusive environment by giving associates and other individuals of all backgrounds additional opportunities to succeed and contribute. These programs include: ڼ Career Acceleration Program — This trainee program introduces participants to the foundations of credit and commercial banking, while allowing them to experience a wide range of assignments by rotating through the various product partners and operational areas of the Company. Upon successful completion of the program, the associate is placed in a role that aligns with their strengths and talents and helps meet the needs of our organization. ڼ Gateway to a Banking Career — This program provides training for jobs as tellers and customer service representatives, job interview practice and job placement assistance. It is a joint effort with two other St. Louis-based financial institutions. Upon successful completion of the program, participants receive a small stipend and are guaranteed an interview with one of the program sponsors. During the summer of 2023, we held in-person ongoing gatherings across our footprint for associates to build culture, celebrate our successes and reconnect with each other. reCONNECT Series

16 IV. H U M AN CAPITAL DIVERSITY, EQUITY & INCLUSION, Continued ڼ Business Resource Groups — These groups bring together associates with a shared identity, interest or goal to create community and opportunities for improvement and engagement. C. ASSOCIATE FEEDBACK For more than 20 years, we have conducted annual associate surveys to ensure that we understand what is important to our associates. The adoption of a volunteer time off policy and improvements to internal communication processes are examples of changes that have been made in response to survey results. Our mission of “guiding people to a lifetime of financial success” starts and is sustained with engaged associates who take pride in working for us. In late 2021, we conducted a survey specifically directed at gaining a better understanding of our culture and our associates’ experiences. The survey was designed to provide management insight into our culture’s strengths and identify opportunities for improvement. Additionally, we utilize small group settings across the organization, where associates have informal discussions and open forums on topics with management. Through our continued use of surveys and other forms of collecting associate feedback, we continue to understand, grow and enhance our culture to facilitate a “best place to work” environment. D. ASSOCIATE TRAINING We encourage and support the growth and development of our associates and seek to fill positions by promotion and transfer from within the Company. Ongoing learning and career development is advanced through annual performance reviews and development conversations between associates and their managers. Additionally, we provide internally developed training programs, customized corporate training engagements and educational reimbursement programs to further develop associates’ skills. For the past six years, we have been included in the Best Banks to Work For list by American Banker® magazine for our dedication to associate satisfaction. In recent years, we conducted a culture survey. Our associates identified corporate citizenship, client success, dignity, respect and trust as top strengths of the Company. The survey also reinforced the importance of certain Company strategies that focus on opportunities for growth and celebration of our strengths. To obtain more specific information about the results, we conducted a series of focus group sessions where associates were asked to share feedback and ideas to continue to grow our culture. Best practices were shared to reinforce and celebrate our culture and strengthen connections by recognizing and spotlighting individuals and teams across the organization. 2023 initiatives included providing EDGE leadership training, reinforcing key aspects of our culture such as leading through accountability, fostering an inclusive team culture, coaching for empowerment and career growth, leading in a hybrid work environment and reinforcing wellness. Additionally, Enterprise advanced our culture in response to survey feedback through enhanced behavioral descriptions and development resources for our Guiding Principles. Finally, we continued our popular “Meet Enterprise” series, highlighting leaders from across the organization to share their work and how their teams collaborate with others and support our mission. In 2023, we conducted an internal communication survey — 97% of associates were satisfied or very satisfied with the internal communications’ quality and frequency.

17 IV. H U M AN CAPITAL ASSOCIATE TRAINING, Continued We have a designated training department and maintain extensive training programs ranging from entry to manager level. In addition to job-specific training, we require that all associates complete mandatory annual courses. We update training as needed to respond to regulatory changes, industry events and evolving risks. Completion of mandatory training is a condition of continued employment at Enterprise; new hires must complete training within 30 calendar days from their start date, and then again annually along with all other associates. The mandatory annual associate training courses are listed below. Additional business unit-specific training is required for certain functions and roles within our Company. Companywide Mandatory Training: ڼ Active Shooter & Workplace Violence ڼ Anti-Money Laundering/Bank Secrecy Act ڼ Bomb Threat & Other Security Issues ڼ Business Continuity Planning ڼ Elder Financial Abuse ڼ Enterprise Risk Management (including Environmental, Social and Governance) ڼ Fair Lending ڼ Handling Complaints ڼ Identity Theft ڼ Information Security Training: ڿ Using the Phish Alert Button ڿ Security Awareness Training ڼ OFAC Compliance ڼ Preventing Workplace Harassment ڼ Robbery & Casing ڼ Understanding Unfair, Deceptive or Abusive Acts or Practices (“UDAAP”) E. HEALTH & SAFETY Our formal Health and Safety (“HS”) Policy mandates all tasks be conducted in a safe and efficient manner and comply with all local, state, and federal safety and health regulations, and addresses special safety concerns. Our HS Policy encompasses all facilities and operations and addresses on-site emergencies, injuries and illnesses, evacuation procedures, cellphone usage and general safety rules. Additionally, our Business Continuity Planning (“BCP”) policy and related plans, including our Pandemic Plan, are an important component in helping to maintain the health and safety of our associates and clients. Our plans provide detailed responses to enable continued operation as well as to help safeguard associates and clients in a variety of situations, including emergencies and weather-related events. The plans are site specific to account for varied situations that each location may experience and the difference in each facility layout. They are reviewed and updated at least annually, and periodic drills are conducted on the plans. As part of our BCP program, we provide a variety of safety training to associates, including CPR and weather-related training for fires, tornadoes, earthquakes and other natural events. Our BCP program also focuses on communication as a critical tool in our efforts to maintain a safe work environment. As part of our BCP program, we use an interactive communication tool that allows for bidirectional messaging with all associates in the event of emergencies and other time-sensitive events. The system, which can be accessed through associates’ mobile devices, is used to provide emergency notifications and allows management to monitor associates’ safety through their responses. In 2023, Enterprise had no injuries or occupational diseases and no work-related fatalities. 20,830 mandatory and 8,401 job-specific online training sessions completed by associates in 2023

18 V. ADDITIONAL IMPORTANT GOVERNANCE POLICIES We have a robust set of governance policies to guide the operation of our business in a socially responsible way. We not only operate in a highly regulated environment and seek to comply with the laws and regulations applicable to our businesses, but we also strive to operate with integrity and accountability consistent with our Guiding Principles.

19 V. ADDITION AL IM PORTAN T GOVERN AN CE POLICIES A. CODE OF ETHICS The honesty, integrity and sound judgment of our associates and Board are essential to our reputation and success. As a Guiding Principle for our business, integrity of our relationships (including our relationship with our society and the environment) is essential to our continued success as a leading financial services provider. One of our most important tools for maintaining integrity is our Code of Ethics. All associates and directors receive training on our Code of Ethics upon joining the Company. Annually, each associate and director must certify their understanding of, and compliance with, our Code of Ethics. Under our Code of Ethics, all associates and directors are required to report any known or suspected violations or illegal or unethical behavior or activity, including conflicts of interest that involve Enterprise or our associates. Individuals who become aware of any suspicious activity or behavior, including concerns regarding questionable accounting or auditing matters, are required to report these circumstances and any potential violations of laws, rules and regulations of our Code of Ethics to the Chief Legal Officer or they may file a report using our Ethics and Compliance Hotline. The Code of Ethics is administered and monitored by our Chief Legal Officer. The Nominating and Governance Committee of the Board annually reviews the Code of Ethics and recommends any changes to the Board for approval. 100% OF OUR ASSOCIATES certified to our Code of Ethics in 2023 Get Our Code of Ethics A.1 WHISTLEBLOWER PROTECTIONS We have an Ethics and Compliance Hotline, through a third-party provider, that can be used to report alleged violations of our Code of Ethics or other suspicious activity. Violations can be reported by phone or online 24 hours a day, seven days a week. Reports to the hotline via phone or the website can be made on an anonymous and confidential basis. All allegations of unlawful or inappropriate behavior are promptly investigated. Our Audit Committee receives regular summaries of all matters submitted to the Ethics and Compliance Hotline. Under the Sarbanes-Oxley Act as well as our Code of Ethics, retribution in any form — direct or indirect — against anyone who in good faith reports transactions or activities under the Code of Ethics is not tolerated. Management is not aware of any violations of whistleblower regulations in 2023. A.2 HARASSMENT PROHIBITION AND PROHIBITION ON ILLEGAL DISCRIMINATION Enterprise prohibits and does not tolerate any workplace harassment or discrimination based on the factors protected under applicable federal, state or local law. Our policies and procedures confirm this stance and protect associates against any such actions in any form. The Company prohibits any form of retaliation against any associate for making a good faith complaint about harassment, for reporting a possible incident of harassment and/or for cooperating in the investigation of a complaint. Associates are required to attest and agree to comply with our Harassment Prohibition policy and our Equal Employment Opportunity policy as conditions of employment. Additionally, all associates receive annual harassment prevention training, which is designed to engage and educate associates on understanding, identifying and responding to workplace harassment. A.3 ANTI-BRIBERY AND CORRUPTION Our Code of Ethics prohibits associates from engaging in bribery or corruption of any type and expressly prohibits associates from giving gifts to or accepting gifts from government officials. Cash and checks may not be accepted from our clients or suppliers, regardless of the amount. Gifts that may appear to compromise business judgment are also not permitted. In 2023, Enterprise was not subject to any legal or regulatory fines or settlements associated with violations of bribery, corruption or anti-competitive standards.

20 V. ADDITION AL IM PORTAN T GOVERN AN CE POLICIES CODE OF ETHICS, Continued A.4 GOVERNMENT RELATIONS Our business conduct reflects our policy of non-partisanship. In 2023, we did not support any employee-funded PACs, nor did we contribute any corporate funds to candidates for public office or political parties or use corporate funds to make independent political expenditures. All associates are encouraged to participate in the political process. Associates are granted paid time off to vote when they are unable to vote outside of their regularly scheduled work hours. We respect the rights of associates to support issues and candidates of their choosing. We did not receive any financial assistance in the form of grants from the U.S. government in 2023. A.5 HUMAN RIGHTS Honoring and affirming protections for human rights is embodied in our Guiding Principles and our mission. We are staunchly opposed to child labor as well as forced labor and human trafficking of any kind, and we do not knowingly engage with companies or take part in transactions in which a client is involved in these abhorrent practices. See page 27 for more information on our Vendor Code of Conduct. Further, as part of our Bank Secrecy Act program (described on page 22), we utilize technologies to aid us in identifying potential human trafficking and elder abuse activities in order to avoid supporting those engaged in these practices. B. PERFORMANCE MANAGEMENT & COMPENSATION Our Compensation Committee, consisting exclusively of independent directors, oversees our compensation philosophy, including our centralized performance management and executive compensation programs. Our compensation philosophy is to provide competitive compensation that rewards performance and risk management. We develop and administer compensation programs consistent with the following principles: ڼ Compensation will include a substantial performance-based component that is: ڿ Based on clearly defined goals; ڿ Aligned with measurable business results, appropriate risk management and an increase in shareholder value; and ڿ Linked to successful implementation of our business plan. ڼ Compensation is designed to attract, motivate and retain top talent. ڼ Compensation will be fair and market-competitive. As part of their ongoing oversight, our Compensation Committee considers ESG issues in establishing compensation plans. Our compensation philosophy and policies will be described in more detail in our 2024 Proxy Statement.

21 V. ADDITION AL IM PORTAN T GOVERN AN CE POLICIES PERFORMANCE MANAGEMENT & COMPENSATION, Continued ڼ Incentive Compensation Plans — We utilize incentive plans (“Incentive Compensation Plans”) to reward associate performance commensurate with the financial results and risk appetite of the Bank. Incentives are tied to a balanced mix of deepening relationships, client care, our financial results and operational excellence. ڼ Sales Programs — We develop and utilize sales incentive programs or referral programs (“Sales Programs”) that are designed to reward individuals who help achieve specific business goals. Under no circumstance will we open an account or provide a service without the consent of the client. Our Sales Programs policy contains the procedures, internal controls and day-to-day audit process to be followed to help ensure the sales of all products and services are executed under the direction of the client. These programs are generally subject to caps that limit our exposure, and each of these programs can be canceled by Enterprise at any time. Risk management practices regarding incentive compensation are further addressed by the Compensation Committee through its engagement of outside counsel in conducting an annual risk assessment of all incentive and equity plans and Sales Programs. This review is performed to ensure that associates are not being incentivized to take excessive risks. In addition, periodic risk-based audits of certain compensation programs are conducted by our Internal Audit department. ڼ Retail Staff — Associates in branches are primarily paid salary or an hourly wage. In addition, retail sales staff and managers receive a nominal amount per account opened based on the type of account. The average incentive, including both Incentive Compensation Plans and Sales Program payments for associates in primary retail sales roles, is approximately 2.2% of total compensation. ڼ Mortgage Loan Originators — Mortgage loan originators are paid a mix of salary, bonuses and commissions to align associate and shareholder interests consistent with our business strategy. The payments are based on a combination of loan production, loan quality and compliance. See Safeguarding Against Discriminatory Lending on page 23 for more information on our mortgage lending practices. In 2023, Enterprise had no material losses resulting from legal proceedings associated with selling and servicing of products or legal proceedings associated with communications to customers or compensation of loan originators. For disclosures of material legal proceedings, refer to “Item 3: Legal Proceedings” on page 28 and Note 13 on page 101 of our 2023 Annual Report on Form 10-K. C. ERM FRAMEWORK Risk management is a key part of our corporate culture. Our ERM framework is designed to help ensure rewards realized are commensurate with

22 V. ADDITION AL IM PORTAN T GOVERN AN CE POLICIES risks taken, to safeguard our financial strength in order to satisfy our obligations to clients, to create sustained value for our shareholders and to protect our reputation. Our ERM framework is structured to proactively identify, assess, control, monitor, test and report risks applicable to each business line. The framework uses a “Three Lines” approach. While each line has specific roles and responsibilities, each also works together as a key element of our overall ERM framework and not as three individual elements. This integrated risk management approach is built on strong relationships and willing partnerships, promoting greater coordination and communication among the three lines and strengthening independent oversight by both Risk Management and Internal Audit. ڼ The “First Line” includes business line management who own and have primary responsibility for managing their risks. Each business line is accountable for all risks associated with its activities and for current and emerging risk identification, measurement, assessment, control, mitigation, monitoring and reporting. ڼ The “Second Line” includes independent and risk assurance functions that are integral to our control framework. The functions are responsible for (1) maintaining a Companywide view of current and emerging risk exposures; (2) developing, reviewing and implementing our risk management framework; (3) reporting on risk appetite and limiting breaches; and (4) ensuring coordination and consistency in the application of an effective risk management approach. Summaries of the activities of these functions are provided to the Risk Committee. ڼ The “Third Line” includes Internal Audit. The Internal Audit department operates in accordance with the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing and our Code of Ethics. As part of their annual audit plan, Internal Audit conducts independent reviews of the first two lines. D. BANK REGULATORY COMPLIANCE PROGRAM As a state and federally regulated financial institution, Enterprise is subject to extensive regulatory oversight. Our bank regulatory compliance program is designed to ensure compliance with all applicable banking laws and regulations. Our program includes the use of a risk-based monitoring schedule guided by our annual compliance risk assessment, which incorporates internal and third-party reviews and audits. The program also includes a complaint review and management process, an associate compliance training program, and reviews of our products, programs and services. Areas covered by the compliance program include, but are not limited to, Unfair Deceptive Acts or Abusive Practices risk, Home Mortgage Disclosure Act (“HMDA”) and Community Reinvestment Act data submissions, as well as fair lending reviews. See page 17 for a list of mandatory associate training programs including Compliance courses. Annually, a compliance risk assessment is completed pursuant to our ERM framework. The compliance risk assessment evaluates the inherent and residual risks of the laws and regulations with which we are required to comply (i.e., in all jurisdictions where we conduct business), as well as critical organizational policies. See ERM framework on page 05 for more information. D.1 BANK SECRECY & ANTI-MONEY LAUNDERING Under the direction of our Bank Secrecy Act (“BSA”) Officer, all associates receive annual BSA training. The degree of training provided to each associate varies depending on the associate’s position and responsibilities. Training includes money laundering detection procedures and our Know Your Customer procedures. In addition, an overview of BSA requirements is given to all new associates as part of our new-hire training. Our BSA program also leverages technology to aid in the identification of suspicious and/or illegal activities, including, among others, money laundering, human trafficking and elder abuse. Annually, an independent audit of our compliance with the BSA and Anti-Money Laundering program is conducted under the direction of Internal Audit. ERM FRAMEWORK, Continued

23 V. ADDITION AL IM PORTAN T GOVERN AN CE POLICIES D.2 FAIR LENDING Our commitment to fair lending is a cornerstone of our culture and is clearly articulated in our Fair Lending Policy. We are committed to fairly and consistently meeting the credit needs of our clients, including fair and nondiscriminatory access to credit products, terms and conditions, and services throughout the entire credit life cycle. All directors and all associates involved in retail, business and commercial banking, processing, underwriting, loan origination, servicing and collection activities participate in mandatory fair lending training on an annual basis. D.3 COMPLAINT MANAGEMENT Our Complaint Management policy mandates investigation of all client complaints to determine if the activity in question complies with all applicable laws and regulations, as well as Bank policies and procedures. Where appropriate, we modify our policies and procedures to ensure compliance with applicable laws and regulations. A response is provided to the client and, as applicable, to the appropriate regulatory authority. D.4 SAFEGUARDING AGAINST DISCRIMINATORY LENDING In order to meet the needs of our broad client base, we offer a variety of residential mortgage products, including government loans, in several of our markets. The majority of originated residential mortgages are investment-quality real estate loans, which are sold to investors “servicing released” in the secondary market. Whether intended for sale in the secondary market or held in our portfolio, all residential mortgage loans must be evidenced by a sound source of repayment and documented equity in the property being financed. Residential mortgage loans to be sold in the secondary market are underwritten and documented using a base of Freddie Mac, Fannie Mae, FHA, VA or USDA procedures, followed by any specific secondary-market investor requirements. Mortgages that do not meet secondary market criteria or due to investment choice may be held in our portfolio. In these situations, Enterprise is considered an “investor,” and the mortgage is underwritten by associates in our consumer channel using our consumer underwriting criteria. BANK REGULATORY COMPLIANCE PROGRAM, Continued

V. ADDITION AL IM PORTAN T GOVERN AN CE POLICIES 24 BANK REGULATORY COMPLIANCE PROGRAM, Continued We maintain formal Mortgage Banking Guidelines and operate in compliance with all applicable federal, state, and local laws and regulations governing consumer lending and real estate, including the Equal Credit Opportunity Act and the Fair Housing Act. All credit policies related to consumer mortgages are periodically reviewed and modified as necessary to stay abreast of general economic conditions, money market conditions, our financial position, changes in loan demand and changes in the competitive landscape. Routine reviews of mortgage lending are performed to assess compliance with applicable laws and regulations. Our procedures ensure mortgage loan officers, underwriters and management are adequately trained on consumer lending and real estate laws and regulations, and mortgage personnel comply with the Canon of Ethics and Standards of Practices of the Mortgage Bankers Association of America. Periodic risk-based audits of our mortgage operations are conducted by our Internal Audit department or a third-party firm. All denied residential mortgage loan applications are subject to a second-level review. This process assures that all requests for credit are fairly evaluated as outlined in the Equal Credit Opportunity Act, the Fair Housing Act, the Community Reinvestment Act, the Home Mortgage Disclosure Act and internal policies. In addition to the initial underwriting process for the original mortgage application, the second review process allows an underwriter the opportunity to determine if the borrower could be approved under an alternative mortgage program offered by us. ڼ For mortgages originated for sale in the secondary market, we add a standard margin to the agency- or investor-based pricing. This standard margin is managed through the use of a pricing engine software program that allows us to aggregate and manage loan pricing. ڼ Pricing for residential mortgages held in our portfolio is risk-based, utilizing a base rate with a standard spread and various pricing adjustments for size of mortgage, term and other factors not otherwise prohibited by applicable law. Our Residential Mortgage Loss Mitigation policy establishes processes and protocol for working with residential mortgage borrowers who may be unable to meet their contractual payment obligations in accordance with Regulation X — The Real Estate Settlement Procedures Act (“RESPA”) (12 USC §2601). In 2023, Enterprise had no material losses resulting from legal proceedings associated with discriminatory mortgage lending. For disclosures of material legal proceedings, refer to “Item 3: Legal Proceedings” on page 28 and Note 13 on page 101 of our 2023 Annual Report on Form 10-K.

25 V. ADDITION AL IM PORTAN T GOVERN AN CE POLICIES BANK REGULATORY COMPLIANCE PROGRAM, Continued D.5 MARKETING MATERIAL & DISCLOSURES In accordance with our Corporate Marketing Policy, our marketing materials and product disclosures are provided in a clear, conspicuous, legible and reasonably understandable manner. This includes providing accurate descriptions of our products or services and any applicable terms and conditions. Marketing communications sent via email include a clear and conspicuous explanation of how the recipient can opt out of future marketing emails from us. In 2023, Enterprise was not subject to any legal or regulatory fines, settlements or enforcement actions associated with false, deceptive or unfair marketing, labeling or advertising. E. CUSTOMER PRIVACY & DATA SECURITY We are committed to respecting the individual privacy of our clients. While we do share information between our affiliated companies for our everyday business purposes, clients are offered an opportunity to limit other types of affiliate sharing and/or use. Clients can opt out of telemarketing, email and direct mail marketing. Our customer privacy policies and procedures are designed to comply with the consumer privacy protection rules mandated by Section 504 of the Gramm-Leach-Bliley Act (“GLBA”), the Fair Credit Reporting Act (“FCRA”), Regulation P — Privacy of Consumer Financial Information and applicable state privacy laws that impose certain notice requirements and restrictions on our ability to disclose nonpublic personal information about consumers to affiliates and nonaffiliated third parties. Get Our Privacy Notice Refer to “Technology and Cybersecurity Risks” on page 23 and “Item 1C: Cybersecurity” on page 26 of our 2023 Annual Report on Form 10-K for more information on our approach to privacy and our approach to data security risks. To help safeguard the confidentiality, integrity and availability of our infrastructure, resources and information, we maintain a robust Information Security (“IS”) Program. It establishes policies and procedures to prevent, detect and respond to cyberattacks. Further, because our staff serve as the first line of defense, we educate, train and test our employees on how to identify potential cybersecurity events and encourage everyone to report any unusual activity. In 2023, Enterprise had no material losses as a result of legal proceedings associated with incidents relating to customer privacy. For disclosures of material legal proceedings, refer to “Item 3: Legal Proceedings” on page 28 and Note 13 on page 101 of our 2023 Annual Report on Form 10-K. E.1 DATA SECURITY GOVERNANCE Our IS Program consists of policies, procedures and guidelines to ensure the security, availability and confidentiality of client information. The IS Program is led by our CISO under the direction of the Chief Administrative Officer (“CAO”), with additional oversight from the Chief Risk Officer (“CRO”), and is subject to additional management oversight by our Operations Technology Committee. The Risk Committee of the Board oversees the IS Program and receives quarterly IS reports and updates from the CIO and CISO. At least annually, our Board receives IS reports which summarize new and emerging cybersecurity trends, trends in type, frequency and origination of attacks, and the effectiveness of our IS Program in mitigating cybersecurity threats. At December 31, 2023, two of the seven members of the Risk Committee have information security and technology experience. We hire IS associates and consultants, as applicable, with the appropriate skills, certifications and knowledge to implement and oversee the procedures and processes of our IS Program and to adequately manage and enforce our IS policies, procedures and guidelines. While all vendors are subject to our Vendor Management due diligence process, those with access to our data and data centers are subject to more rigorous initial and ongoing due diligence. This includes reviews of System and Organization Controls Type 2 (“SOC2”) reports, information security policies, vulnerability and penetration tests, human resource policies such as background checks and training, and business continuity plans. As part of the ongoing maintenance and development of our IS Program, we assess the various risks associated with the unauthorized

CUSTOMER PRIVACY & DATA SECURITY, Continued access or loss of client information and the quality of security controls as prescribed by the Federal Financial Institutions Examinations Council (“FFIEC”) and the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. Our IS risk assessments are prepared in conjunction with our ERM framework, and the results are used to develop strategies to minimize risk to information assets. Our systems are monitored 24/7 for cybersecurity threats, and we utilize a variety of tools to reduce the risk of data breaches. Significant threats relating to information security are directed to Management for further discussion and determination of next steps. We maintain an Incident Response Plan that outlines the steps to be taken in the event of an information security incident, which could include a potential or actual data breach. The plan identifies a designated team, including associates and third-party experts responsible for the investigation and response, and summarizes the steps, including escalation protocol, for determining whether a breach has occurred and the nature and scope of the breach (if applicable). The plan also summarizes the protocol for notifying impacted persons, which may include clients, as well as other applicable agencies or persons, including law enforcement and regulatory authorities. E.2 DATA SECURITY AUDITS AND REVIEW At least annually, we conduct a third-party information security penetration audit focusing on internal and external network security protocols, as well as internally managed ad hoc testing as needed. Simulations and tabletop testing of our business continuity and Incident Response Plans are performed on a routine basis in order to test and assist with our associates’ familiarity and preparedness for a security event. The processes and controls related to data security are periodically tested by the IS department and Internal Audit. Audits may also be performed at the request of the CIO, CISO, the Director of Internal Audit, Management or our Board. Audit results are presented to the Board or a committee thereof. E.3 DATA SECURITY EDUCATION At least annually, the IS Program, including its effectiveness, is reviewed by our Boards or a committee thereof. Annually, all associates participate in mandatory training on data privacy provisions and policies, including information security and its importance with respect to client and associate privacy. All employees (including both full-time and part- time employees) are required to participate in monthly firm-wide phishing tests. F. PRODUCT LIFE CYCLE GOVERNANCE Throughout the life cycle of any product or service we offer, we have instituted procedures to help ensure its quality and its value to the Company and our clients, as well as adherence to laws and regulations. Any new, modified or expanded product, service or third-party strategic relationship solution, as well as any new and/or innovative technology project, is subject to review by internal working groups composed of cross-functional leaders representing impacted business areas prior to implementation. Once a new, modified, or expanded product or service has been implemented, it is subject to a review by the Risk Oversight Committee and audits, as appropriate, by Compliance or Internal Audit. V. ADDITION AL IM PORTAN T GOVERN AN CE POLICIES 26

G. VENDOR MANAGEMENT Third-party vendor relationships are essential to meeting our strategic goals, objectives and business needs. These relationships allow us to gain expertise and benefit from economies of scale, and are essential elements of conducting business. Our Vendor Management policy establishes guidelines to effectively assess, measure, monitor and control the risks associated with vendor relationships consistent with our ERM framework. The majority of our vendors are based in the United States; therefore, they are subject to U.S. Department of Labor mandates and regulations. As a result, we are comfortable that there are effective impediments to their involvement in child labor, forced labor or human trafficking. Our Vendor Code of Conduct sets forth our expectations for vendors with respect to these issues in addition to other ESG issues. As part of our initial and ongoing vendor due diligence and oversight program, the Vendor Code of Conduct is distributed to all critical vendors whose product or service is essential to the conduct of our daily business operations. Our Risk Committee and ESG Management Committee will continue to evaluate how we can apply resources and leverage in a manner that will enhance our ability to minimize the risk that any of our vendors directly or indirectly are involved in these abhorrent activities. Get Our Vendor Code of Conduct 27 V. ADDITION AL IM PORTAN T GOVERN AN CE POLICIES