Policy Number: 2013-142-M-U Flagstar Bank, N.A. and its Covered Subsidiaries FLG SECURITIES TRADING (FST) POLICY
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. Flagstar Bank, N.A. and its Covered Subsidiaries FLG SECURITIES TRADING (FST) POLICY Organizational Functional Area: Legal Department Corporate Governance Unit Policy Owner: Jan Klym Assistant Corporate Secretary Approving Authority: Bao Nguyen General Counsel & Chief of Staff Date Policy Approved: February 4, 2026 Table of Contents I. POLICY OVERVIEW ........................................................................................................................................ 1 II. PURPOSE, SCOPE, APPLICABILITY ............................................................................................................. 2 III. APPROVING AUTHORITY, POLICY OWNER, DELEGATED RESPONSIBILITIES ...................................... 3 A. Policy Approving Authority ......................................................................................................................... 3 B. Policy Owner .............................................................................................................................................. 3 C. Delegated Responsibilities ......................................................................................................................... 3 IV. DEFINITIONS ................................................................................................................................................... 3 V. GENERAL REQUIREMENTS ........................................................................................................................... 8 A. FST Program Overview .............................................................................................................................. 8 B. FST Program Governance & Oversight ..................................................................................................... 8 1. Board of Directors ................................................................................................................................ 9 2. Risk Assessment Committee (RAC) .................................................................................................... 9 3. Executive Management ..................................................................................................................... 10 4. Enterprise Risk Management Committee (ERMC) ............................................................................ 10 5. FST Program Manager ...................................................................................................................... 11 6. Corporate Governance Personnel ..................................................................................................... 11 7. Senior Officers ................................................................................................................................... 12 C. FST Program Implementation .................................................................................................................. 13 1. General Responsibilities and Restrictions for All Covered Persons and All Consultants, Contractors, and Employees with Access to MNPI ................................................................................................ 13 a. Restrictions on Trading or “Tipping” on MNPI ............................................................................ 13
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. b. Trading In Securities of Other Companies When in Possession of MNPI About Them ............ 13 2. Additional Responsibilities & Restrictions for Covered Persons ....................................................... 14 a. Duty to Request Pre-Clearance and Provide Confirmation of Transactions Involving FLG Securities .................................................................................................................................... 14 b. Conditions Under Which FLG Securities May be Traded by Covered Persons ........................ 14 3. Circumstances when FLG Securities Cannot Be Traded .................................................................. 17 4. Other Trading Restrictions and Requirements for Covered Persons ................................................ 17 a. No FLG Securities “Short Sales” ................................................................................................ 17 b. Restrictions FLG Securities Options Transactions .................................................................... 18 c. Short Swing Profits ..................................................................................................................... 18 d. Hedging and Pledging ................................................................................................................ 18 5. Trading Window Reminders .............................................................................................................. 18 6. Post Termination Transactions .......................................................................................................... 19 7. General Escalation Requirements ..................................................................................................... 19 8. KRI Monitoring, Reporting, and Escalation ........................................................................................ 19 9. Risk Acceptance ................................................................................................................................ 20 D. Training & Communications ..................................................................................................................... 20 VI. ROLES AND RESPONSIBILITIES ................................................................................................................. 21 VII. ASSOCIATED INTERNAL DOCUMENTS...................................................................................................... 22 VIII. ASSOCIATED EXTERNAL DOCUMENTS .................................................................................................... 22 IX. POLICY CONFLICTS, QUESTIONS, AND VIOLATIONS .............................................................................. 23 X. POLICY REVIEW AND APPROVAL REQUIREMENTS ................................................................................ 24 XI. POLICY EXCEPTIONS................................................................................................................................... 24
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 1 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. Flagstar Bank, N.A. and its Covered Subsidiaries FLG SECURITIES TRADING (FST) POLICY Organizational Functional Area: Legal Department Corporate Governance Unit Policy Owner: Jan Klym Assistant Corporate Secretary Approving Authority: Bao Nguyen General Counsel & Chief of Staff Date Policy Approved: February 4, 2026 I. POLICY OVERVIEW This FLG Securities Trading (FST) Policy (this “Policy”) describes certain requirements of Flagstar Bank, N.A. and its Covered Subsidiaries1 with respect to the Company’s program governing certain FLG Securities transactions and associated operational activities (collectively, the “FST Program”) to ensure the safe and sound management of the FST Program in an efficient and effective manner, consistent with the Risk Governance Framework (the “RGF”) established by the Board of Directors2, in full compliance with all applicable federal and state laws, rules, and regulatory requirements (including regulatory guidance) (collectively, “Applicable Law”), including (without limitation) those listed in section VIII, below, and all applicable Company policies, plans, guidelines, standards, and procedures (together with Applicable Law, collectively, “Applicable Requirements”), including (without limitation) those listed in section VII, below, and in full support of the Strategic Goals and Strategic Objectives (each as respectively defined in the Company’s Enterprise Strategic Planning (ESP) Policy) set forth in the Enterprise Strategic Plan (the “ESP”) established by the Board, as applicable, and it reflects the views of the Board that ensuring such safe and sound management, compliance, and support is a key component of Senior Management’s supervisory responsibilities and that the FST Program is critical to ensuring the alignment of the interests of Covered Persons, among others, with those of FBNA’s shareholders. Note: Unless otherwise defined herein, each capitalized term used in this Policy shall have the same meaning ascribed thereto in section IV, below. 1 For purposes of this Policy, the term “Covered Subsidiary” refers to any subsidiary of the Bank (as defined below) covered by this Policy, including (without limitation) Flagstar Specialty Finance Company, LLC, Flagstar Advisors, Inc., Flagstar Financial & Leasing, LLC, Flagstar Public Funding Corp., Grass Lake Insurance Agency, Inc., NYCB Insurance Agency, Inc., and such other FLG Entity(ies) (as defined below) as may be deemed covered by this Policy from time to time upon written confirmation by the General Counsel (the “GC”) of the Company (as defined below); the term “Bank” or “FBNA” refers to Flagstar Bank, N.A. and/or its predecessor-by-merger, Flagstar Financial, Inc., as applicable and the context may require; the term “FLG Entity” refers to each of the Bank and its Covered Subsidiaries individually; and, the term “Company” or “Flagstar” refers collectively to all of the aforementioned companies or each individually, as applicable and the context may require. 2 For purposes of this Policy, the term “Board of Directors” or “Board” shall mean the Bank’s Board of Directors; and, the term “Director” shall mean any member of the Board.
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 2 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. II. PURPOSE, SCOPE, APPLICABILITY A. The purpose of this Policy is to, among other things: (1) set forth the FST Program framework established by the Company to govern, among other things, each Covered Person’s FLG Securities transactions; (2) ensure the safe and sound management of the FST Program in an efficient and effective manner, consistent with the RGF, in compliance with Applicable Requirements, and in full support of the Strategic Goals and Strategic Objectives set forth in the ESP, as applicable; (3) aid Senior Management in determining the legal, regulatory, and internal governance parameters within which the Board expects the Company’s FST Program-related operations to be conducted; and (4) reflect both the Board’s determination that the Company shall maintain compliance with Applicable Requirements and its commitment to provide Senior Management with the means to achieve such compliance. B. This Policy, in conjunction with the FST Program-related procedures (the “FST Procedures”) maintained by the FST Program Manager (or his/her designee(s), as applicable) and certain other applicable Company policies, plans, guidelines, standards, and/or procedures, including (without limitation) those listed in section VII, below, establishes certain rules and requirements, and a framework for compliance therewith, for applicable Company personnel with respect to the FST Program, including by (among other things): 1. setting forth the key expectations of Senior Management for the impacted Company business units (each, a “business unit”) (i.e., departments, units, groups, teams, as applicable); 2. identifying the business units with specific responsibilities under, or otherwise specifically impacted by, the FST Program and this Policy, such as the Company’s: a. Office of the CFO (“OCFO”), including (without limitation) the Investor Relations & Corporate Communications Group (“Investor Relations”) within OCFO’s Finance Unit; b. Risk Management Division (“RMD”), including (without limitation) the Enterprise Compliance Unit (“Enterprise Compliance”), the Enterprise Risk Management Unit (“ERM”), the Operational Risk Management Unit (“ORM”), the Corporate Security Unit (“Security”), and the Tech, Cyber, Third Party & Resilience Risk Unit (“TCTPRR”) within RMD; c. Legal Department (“Legal”), including (without limitation) the Corporate Governance Unit (“Corporate Governance”) within Legal; and d. Internal Audit Department (“Internal Audit”); and 3. establishing and communicating expectations around each such business unit’s responsibilities with respect to the FST Program and this Policy, as well as those of other operational functions, in fulfilling the objectives described herein. C. This Policy applies to all Covered Persons, Related Interests, consultants, contractors, and employees of the Company that have access to Material Non-Public Information (MNPI), all FLG Securities transactions by such parties, all of the Company’s FST Program-related activities, and all applicable Company personnel, including (without limitation) those engaged in or providing support for or oversight over any such activity(ies) or otherwise charged with overseeing or facilitating (either directly or indirectly) compliance with this Policy and/or any plans, guidelines, procedures, or standards in support hereof.
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 3 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. III. APPROVING AUTHORITY, POLICY OWNER, DELEGATED RESPONSIBILITIES A. Policy Approving Authority Pursuant to those certain resolutions of the Board, adopted January 28, 2026, authorizing, empowering, and directing certain Authorized Officers (as defined therein) to, among other things in the Company’s name and on its behalf, review and, as appropriate, approve certain Company policies, the GC shall serve as the Approving Authority (as defined in the Company’s Policy on Policies & Committees (the “POPC”)) for this Policy and shall provide ongoing updates and/or direction with respect hereto to Senior Management, Executive Management, the appropriate Committee(s) (as set forth and defined in the POPC), and/or the Board, as applicable. B. Policy Owner The Company’s Assistant Corporate Secretary (the “ACS”) shall serve as the Policy Owner (as defined in the POPC) for this Policy and, as such, shall be principally responsible for, among other things, maintaining this Policy in accordance with the POPC and enforcing or, as applicable, facilitating the enforcement of the requirements set forth herein, all in accordance with Applicable Requirements. C. Delegated Responsibilities Each Senior Officer to whom responsibility is assigned for any action(s) required to be taken under this Policy shall be responsible for the performance of such action(s), for organizing their business unit(s) in a manner that efficiently allocates such work, and for promptly notifying the Company’s Human Resources Department (“Human Resources”) and Legal of any changes to such organization structure or related delegation of responsibilities (including, without limitation, so that appropriate corresponding changes can be made within this Policy to reflect such delegations or possible future changes in business unit names or personnel); however, any actions delegated by such Senior Officer will not thereby relieve the Senior Officer from responsibility for the performance of such actions. IV. DEFINITIONS A. For purposes of this Policy: 1. “Control” shall have the same meaning ascribed thereto in the RGF, as the same may be amended from time to time and which currently (as of this Policy’s approval date) provides, in pertinent part, that this term shall mean: “Any process(es) designed to provide reasonable assurance regarding the achievement of any objective(s) in one or more of the following areas: effectiveness and efficiency of operations; compliance with applicable laws and regulations; reliability of financial reporting; and safeguarding assets.” 2. Covered Person” shall mean each of the following, as applicable: a. all Directors; b. all officers of the Company holding the corporate title of Executive Vice President (each, an “EVP”) or above, excluding those EVPs that are deposit/loan production private client bankers; c. all Company personnel within Investor Relations; and d. all Executive Administrative Assistants and Support Officers for each member of Executive Management.
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 4 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. 3. “Executive Management” shall mean the President and Chief Executive Officer (the “CEO”) of the Company, its Chief Credit Officer, its Chief Financial Officer (the “CFO”), its President of Commercial Real Estate Banking, its President of Commercial & Private Banking, its President of Consumer Banking, its President of Mortgage, the GC, and such other Senior Officers of the Company as the CEO shall designate from time to time, including (without limitation) the Company’s Chief Risk Officer (the “CRO”), whether acting individually or collectively, with respect to the subject matter hereof. 4. “FLG Security” shall mean any common stock, preferred stock, debt security, or trust preferred security issued by FBNA, as well as any warrant, derivative, or option relating to, or that derives its value from, such stock, debt security, or trust preferred security, and any other security that may be issued by FBNA from time to time. 5. “FST Program Manager” shall mean the ACS, at the direction of the Company’s Corporate Secretary (the “CS”), or any Company officer otherwise so designated by Executive Management and, as such, to whom primary responsibility is assigned for the strategic management and day-to-day oversight of the FST Program, as further set forth in section V.B.5, below. 6. “Insider Trading” shall mean any FLG Securities transaction by anyone in possession of Material Non- Public Information (MNPI). 7. “Issue” shall have the same meaning ascribed thereto in the RGF, as the same may be amended from time to time and which currently (as of this Policy’s approval date) provides, in pertinent part, that this term shall mean: “A Risk that has not been identified or properly assessed or a weakness or gap in the design or operating effectiveness of a Control.” 8. “Key Risk Indicator” or “KRI” shall have the same meaning ascribed thereto in the RGF, as the same may be amended from time to time and which currently (as of this Policy’s approval date) provides, in pertinent part, that this term shall mean: “A quantification or measurement of the level of exposure the Company has, at a particular point in time, to a specific Risk”; and, may be further classified as either a Board KRI or a Management KRI (each as respectively defined the Company’s Risk Appetite Policy (the “RAP”), as the same may be amended from time to time), which the RAP currently (as of this Policy’s approval date) respectively define, in pertinent part, as follows: a. ““Board KRI” shall mean any KRI specifically established by Flagstar to monitor the Risk Appetite of the Company that is published in the Board-approved Risk Appetite Statement (RAS).” b. ““Management KRI” shall mean any KRI established by Flagstar other than a Board KRI that is published in the KRI Inventory” (as defined in the RAP). 9. “Limit” shall have the same meaning ascribed thereto in the RGF, as the same may be amended from time to time and which currently (as of this Policy’s approval date) provides, in pertinent part, that this term shall mean, with respect to each Key Risk Indicator (KRI): “the established boundary for exposure to the specific Risk being monitored by the KRI beyond which escalation and a management response (i.e., reporting, monitoring, and remediation/acceptance) is required.” 10. “Material Information” shall mean any Company-related information – whether positive or negative in nature – that is reasonably likely to be considered important enough by a prudent investor to influence their decision to purchase, sell, or hold FLG Securities. Examples of information about the Company that could be considered Material Information include, but are not limited to, the following: a. financial performance;
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 5 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. b. projections of future earnings; c. news of a pending or proposed merger; d. acquisitions and/or divestitures of branches, subsidiaries, or lines of business; e. impending bankruptcy or liquidity problems; f. significant changes in asset quality; g. certain regulatory actions; h. gain or loss of a substantial customer or a change in a significant vendor or supplier; i. changes in dividend amount or policy; j. new product announcements of a significant nature; k. significant pricing changes; l. stock splits or share repurchases; m. new debt or equity offerings; n. significant exposure due to pending or threatened litigation or other contingency; or o. changes in Senior Management or other major personnel changes. 11. “Material Non-Public Information” or “MNPI” shall mean any Material Information that has not been disclosed and is not available to the general public. Material Information is considered to be “non-public information” until the second day of trading after such information has been officially disseminated to the marketplace by the Company by way of the issuance of a press release or a filing with the U.S. Securities and Exchange Commission (the “SEC”) that discloses such information. 12. “Plan Black-Out Period” shall mean any period during which Covered Persons are prohibited from transacting in FLG Securities, notwithstanding any Trading Window. A Plan Black-Out Period can be imposed and/or extended at the Company’s discretion to ensure there is no appearance of Insider Trading. 13. “Principal Officer” shall mean each of the following, as applicable: a. the CEO; b. all officers of the Company holding the corporate title of Senior Executive Vice President; and c. any other employee of the Company that is currently deemed to be a Senior Executive3. 14. “Quality Assurance” shall have the same meaning ascribed thereto in the RGF, as the same may be amended from time to time and which currently (as of this Policy’s approval date) provides, in pertinent part, that this term shall mean: “Reviews conducted to provide confidence that Risk management practices are effective and the corresponding policies, standards, and procedures are followed.” 3 For purposes of this Policy, the term “Senior Executive” refers to any officer of the Company that has been deemed an “insider” under Section 16 (a) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”).
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 6 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. 15. “Related Interest” shall mean each of the following, as applicable: a. any family member or person residing with a Covered Person or financially dependent upon a Covered Person; b. any trust or estate of which a Covered Person, or their Related Interest(s), collectively own(s) ten percent (10%) or more of the total beneficial interest or serves as trustee or executor; and c. any corporation or organization in which a Covered Person or their Related Interests is(are) the beneficial owner collectively of ten percent (10%) or more of any class of equity securities or of the equity or ownership interest. 16. “Risk” shall have the same meaning ascribed thereto in the RGF, as the same may be amended from time to time and which currently (as of this Policy’s approval date) provides, in pertinent part, that this term shall mean: “The possibility that an event will occur and adversely affect the achievement of the [Strategic Goals and Strategic Objectives] set forth in the [ESP].” 17. “Risk Acceptance” shall have the same meaning ascribed thereto in the RGF, as the same may be amended from time to time and which currently (as of this Policy’s approval date) provides, in pertinent part, that this term shall mean a Risk Decision with respect to a specific Risk: “where the Company [determines that it] is willing to sustain the current exposure to the Risk.” 18. “Risk Appetite” shall have the same meaning ascribed thereto in the RGF, as the same may be amended from time to time and which currently (as of this Policy’s approval date) provides, in pertinent part, that this term shall mean: “The maximum aggregate level and type of Risk that the Board and Company management are willing to assume to achieve the Company’s Strategic Objectives…, consistent with applicable capital, liquidity, and other regulatory requirements.” 19. “Risk Decision” shall have the same meaning ascribed thereto in the RGF, as the same may be amended from time to time and which currently (as of this Policy’s approval date) provides, in pertinent part, that this term shall mean: “A decision made on how to respond to an identified Risk…” utilizing one or more of the following approaches: Risk Acceptance, Risk Avoidance, Risk Mitigation, or Risk Transfer (each as respectively defined in the RGF). 20. “Risk Profile” shall have the same meaning ascribed thereto in the RGF, as the same may be amended from time to time and which currently (as of this Policy’s approval date) provides, in pertinent part, that this term shall mean: “A point in time assessment of Risk that the Company is facing.” 21. “Rule 144” shall mean Rule 144 promulgated under the Securities Act of 1933, as amended, 17 CFR 230.144,4 which is generally is applicable when a Director, Principal Officer, or Related Interest intends to sell stock. Rule 144 compliance, which is further described in this Policy, provides a safe harbor that permits Directors, Principal Officers, and Related Interests to sell the Company’s common stock without further registration. 22. “Section 16” shall collectively mean: (i) Section 16 (a) of the Exchange Act, as amended, which requires Directors and Principal Officers of the Company to publicly disclose their transactions in FLG Securities by filing various forms with the SEC; (ii) Section 16 (b) of the Exchange Act, which prohibits Directors and Principal Officers, as well as holders of more than 10% of Company common stock, from realizing a short-swing profit on the sale and purchase of FLG Securities; and (iii) Section 16 (c) of the Exchange Act, which prohibits Directors and Principal Officers from shorting FLG Securities. 4 17 CFR 230.144, Persons deemed not to be engaged in a distribution and therefore not underwriters.
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 7 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. 23. “Senior Management” shall mean officers of the Company who hold the corporate title of Executive Vice President or higher, or such other officers of the Company as Executive Management shall designate with responsibility for the related business unit(s) from time to time, whether acting individually or collectively, with respect to the subject matter hereof. 24. “Senior Officer” shall mean any officer of the Company who has direct or oversight authority over any applicable Company personnel reporting to them with respect to actions required under this Policy. 25. “Short Swing Profit” shall mean the realization of a profit by any Director or Principal Officer from any combination of sales and purchases or purchases and sales of FLG Securities within a six-month period. 26. “Trading Day” shall mean any day on which FLG Securities are traded on its current registered stock exchange. 27. “Trading Window” shall mean the quarterly periods of time during which Covered Persons generally may trade FLG Securities – such quarterly periods of time shall run from the second day after issuance of the Company’s quarterly earnings release through and including the 15th day of the last month of each calendar quarter. 28. “Warning Trigger” shall have the same meaning ascribed thereto in the RGF, as the same may be amended from time to time and which currently (as of this Policy’s approval date) provides, in pertinent part, that this term shall mean: “With respect to each KRI, the established boundary for exposure to the specific Risk being monitored by the KRI beyond which, but prior to reaching its Limit, proactive management discussions related to Risk Decisions should commence.” B. If any definition provided herein conflicts with any corresponding definition(s) provided under Applicable Law (as applicable and as may be amended from time to time), then the associated definition(s) provided under Applicable Law shall govern. Note: Please also refer to the FST Procedures for information regarding, among other things, additional FST Program-related definitions. (Continued on the following page.)
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 8 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. V. GENERAL REQUIREMENTS A. FST Program Overview The Company shall maintain a FST Program that is adequately designed to, among other things, effectively manage FLG Securities transactions by Covered Persons and ensure compliance with Applicable Requirements, consisting of the following interdependent elements: 1. Board- and Executive Management- level oversight with clearly defined paths and processes for escalating FST Program-related matters in accordance with Applicable Requirements, including (without limitation) the RGF, the Company’s Risk Data Aggregation & Risk Reporting (RDARR) Policy (the “RDARR Policy”), and the Charter(s) of any Committee(s) (as defined in the POPC) with oversight responsibilities related hereto; 2. a FST Program Manager who shall have and maintain, as applicable, the appropriate experience and qualifications for that officer’s role and responsibilities, shall have sufficient stature, authority, resources, and autonomy as Executive Management determines to be appropriate to achieve the objectives of the FST Program, and shall have direct access to Executive Management to discuss FST Program-related matters as and when needed; 3. the Risk Profile and the Risk Appetite of the Company shall inform the establishment, review, modification, implementation, and operation of the FST Program, and the Risks and Controls associated with the FST Program shall be identified, assessed, reported, and escalated, as applicable, in accordance with Applicable Requirements, including (without limitation) the RGF, the RAP, this Policy, the RDARR Policy, and the Control Assurance Methodology maintained by the CRO (or his/her designee(s), as applicable); 4. a formal process for managing FST Program-related Risk, including (without limitation) identifying, assessing, reporting, escalating, monitoring, and mitigating such Risk; 5. the identified Risks and Controls associated with the FST Program shall be evaluated at least annually (or at such frequency as may be otherwise required under Applicable Requirements) under the Company’s “Risk & Control Self-Assessment Process” (the “RCSA Process”) and, as applicable, such other Risk assessment process(es) required pursuant to the RGF from time to time, with any Issues identified as a result of such assessment(s) being timely remediated in accordance with Applicable Requirements, including (without limitation) the Company’s Issue Management (IM) Policy; and 6. Company policies, plans, guidelines, standards, and/or procedures, including (without limitation) this Policy and the FST Procedures, that give both content and effect to the objectives and requirements of the FST Program and, accordingly, guide and inform the Company’s day-to-day operations related thereto and that address and aim to reduce Risks identified by the Company as part of its Risk assessment process. B. FST Program Governance & Oversight In addition to the responsibilities set forth in section VI, below, and as otherwise provided herein, the Board, the Risk Assessment Committee (the “RAC”) of the Board, Executive Management, the Company’s Enterprise Risk Management Committee (“ERMC”), the FST Program Manager, Corporate Governance personnel, and all applicable Senior Officers shall each be responsible for oversight of various aspects of the FST Program, as respectively applicable:
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 9 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. 1. Board of Directors Because the Board oversees management of the Company, provides organizational leadership, and establishes core corporate values, it plays a pivotal role in setting the tone at the top to drive a culture of Risk-awareness and compliance and effective governance of the Company. Accordingly, the Board shall be responsible for, among other things, the following with respect to the FST Program: a. overseeing management of, and providing organizational leadership with respect to, the FST Program and endeavoring to make reasonably prudent determinations with respect to FST Program-related matters presented for its consideration, as necessary and appropriate, in accordance with Applicable Requirements; b. playing a pivotal role in setting the tone at the top to drive a culture of Risk-awareness and compliance and effective governance of the FST Program; c. providing strong support for this Policy, all other policies of the Company, and Senior Management’s effort to ensure compliance with Applicable Requirements; d. overseeing implementation of this Policy and holding Senior Management accountable for implementing the FST Program in a manner that is consistent with the Strategic Goals and Strategic Objectives set forth in the ESP, the Company’s Risk culture, and its Risk Appetite; e. establishing an unambiguous culture for compliance, and working with Executive Management to: i. demonstrate clear and unequivocal expectations about compliance with Applicable Requirements; ii. adopt clear policy statements for the FST Program to ensure such compliance; and iii. allocate resources to FST Program-related functions commensurate with the level and complexity of the Company’s operations; and f. periodically discussing FST Program-related topics during Board meetings and in communications to applicable Company personnel, where appropriate. 2. Risk Assessment Committee (RAC) As further set forth in its Charter, the RAC’s primary purpose is to assist the Board in fulfilling its responsibilities with respect to oversight of the Company’s Risk management and compliance frameworks, including as it relates to the policies and procedures used to identify, measure, monitor, and manage various Risks facing the Company. Accordingly, in furtherance of that purpose and the duties and responsibilities set forth in its Charter, the RAC shall be responsible for, among other things, the following with respect to the FST Program: a. providing the Board with such assistance as directed or otherwise requested from time to time with respect to overseeing management of, and providing organizational leadership with respect to, the FST Program and endeavoring to make reasonably prudent determinations with respect to FST Program-related matters presented for its consideration, as necessary and appropriate, in accordance with Applicable Requirements; b. playing a pivotal role in setting the tone at the top to drive a culture of Risk-awareness and compliance and effective governance of the FST Program;
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 10 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. c. providing strong support for this Policy, the FST Program, and Senior Management’s efforts to ensure compliance with Applicable Requirements with respect to all FST Program-related activities; d. overseeing implementation of this Policy and holding Senior Management accountable for implementing the FST Program in a manner that is consistent with the Strategic Goals and Strategic Objectives set forth in the ESP, the Company’s Risk culture, and its Risk Appetite; and e. periodically discussing FST Program-related topics during RAC meetings and in communications to the Board (and/or any other designated committee(s) and/or member(s) thereof, as applicable) and applicable Company personnel, where appropriate. 3. Executive Management The Board generally delegates authority to Executive Management for directing and overseeing day- to-day operations of the Company in a manner consistent with the Strategic Goals and Strategic Objectives set forth in the ESP and the Company’s Risk Appetite, including (without limitation) such operations related to maintaining and implementing the FST Program. Accordingly, Executive Management shall be responsible for, among other things, the following with respect to the FST Program: a. providing the Board (and/or any designated committee(s) and/or member(s) thereof, as applicable) with such assistance as directed or otherwise requested from time to time with respect to overseeing management of, and providing organizational leadership with respect to, the FST Program and endeavoring to make reasonably prudent determinations with respect to FST Program-related matters presented for its consideration, as necessary and appropriate, in accordance with Applicable Requirements; b. driving a culture of Risk-awareness, compliance, and participation throughout the Company with respect to the FST Program; c. ensuring that the FST Program Manager has the appropriate authority, stature, and autonomy within the Company and is provided with appropriate resources, including systems, capital, and human resources, to carry out the FST Program as designed and, in any event, in a manner that conforms to the Board-approved Risk Appetite and Applicable Requirements; d. working with the FST Program Manager and appropriate members of Senior Management to ensure the FST Program is carried out as designed and, in any event, in a manner that conforms to the Board-approved Risk Appetite and Applicable Requirements; and e. providing the Board (and/or any designated committee(s) and/or member(s) thereof, as applicable) with updates and recommendations regarding the FST Program, as necessary and appropriate. 4. Enterprise Risk Management Committee (ERMC) In furtherance of the purpose, duties, and responsibilities set forth in its Charter, ERMC shall serve as the executive management committee responsible for, among other things: a. overseeing the adequacy and effectiveness of the FST Program and ensuring the Company’s compliance with Applicable Requirements with respect to activities related thereto, including (without limitation) in connection with the identification, assessment, and monitoring of FST Program-related Risks and reporting requirements regarding same;
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 11 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. b. endeavoring to make reasonably prudent determinations with respect to FST Program-related matters presented for its consideration, as necessary and appropriate, in accordance with Applicable Requirements; c. working with the FST Program Manager and appropriate members of Senior Management to ensure the FST Program is carried out as designed and, in any event, in a manner that conforms to the Board-approved Risk Appetite and Applicable Requirements; and d. providing Executive Management and the Board (and/or any designated committee(s) and/or member(s) thereof, as applicable) with updates and recommendations regarding the FST Program, as necessary and appropriate or otherwise requested by same. 5. FST Program Manager The FST Program Manager shall, among other things: a. have and maintain, as applicable, the appropriate experience and qualifications for that officer’s role and responsibilities, have sufficient stature, authority, resources, and autonomy as Executive Management determines to be appropriate to achieve the objectives of the FST Program, and have direct access to Executive Management to discuss FST Program-related matters as and when needed; and b. be principally responsible for: i. maintaining, implementing, operating, monitoring, assessing, revising as needed, and reporting on the FST Program; ii. implementing, reviewing and, as applicable and appropriate, approving updates to the FST Procedures to ensure they continue to support and address the objectives of the FST Program and the requirements of this Policy; iii. defining Quality Assurance processes, with supporting standards and/or procedures, to monitor adherence to the requirements set forth in this Policy; and iv. at least annually, reporting on the efficacy of the FST Program to ERMC, Executive Management, the RAC, and/or the Board, as necessary and appropriate or otherwise provided herein. 6. Corporate Governance Personnel Corporate Governance personnel shall be responsible for, among other things: a. providing the FST Program Manager with such assistance as is necessary and appropriate with respect to maintaining, implementing, operating, monitoring, assessing, revising as needed, and reporting on the FST Program; b. implementing, reviewing and, as applicable, recommending updates to the FST Procedures to ensure they continue to support and address the objectives of the FST Program and the requirements of this Policy; c. implementing, reviewing and, as applicable, recommending updates to Quality Assurance processes, with supporting standards and/or procedures, designed to monitor adherence to the requirements set forth in this Policy;
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 12 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. d. maintaining a complete and accurate systems-based inventory of Pre-Clearance Request (as defined in section V.C.2.a.i, below) under the FST Program (the “FST Inventory”); e. reporting on the identified Risk(s) associated with the FST Program, individually and in aggregate, to ensure proper Risk-mitigating measures are applied to each and every such Risk and escalating findings related thereto to ERMC, Executive Management, the RAC, and/or the Board, as appropriate, and monitoring such Risk-mitigating measures and/or Risk Acceptances, as applicable, in accordance with Applicable Requirements; and f. designating the appropriate “System(s) of Record” to store and maintain information on FST Program activities, including (without limitation) the FST Inventory, and ensuring such System(s) of Record function in compliance with Applicable Requirements, including (without limitation) the Company’s Enterprise Corporate Information Management (ECIM) Policy and its Enterprise Data Governance (EDG) Policy. 7. Senior Officers In addition to the general responsibilities set forth in section VI, below, and as otherwise set forth herein, the Senior Officer for each business unit engaging in or otherwise directly impacted by any FST Program-related activity(ies) shall be responsible for, among other things: a. incorporating the applicable FST Program elements described herein into the existing business processes and governance activities of their business unit(s); b. ensuring their business unit’s(s’) compliance with Applicable Requirements, including (without limitation) this Policy; c. maintaining business unit-specific procedures that align with this Policy (or designating certain personnel within their business unit(s) with responsibility for maintaining such procedures), as necessary or appropriate; and d. providing the FST Program Manager (or his/her designee(s), as applicable) with such assistance as is necessary and appropriate to ensure their business unit’s(s’) compliance with this Policy. (Continued on the following page.)
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 13 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. C. FST Program Implementation 1. General Responsibilities and Restrictions for All Covered Persons and All Consultants, Contractors, and Employees with Access to MNPI The general responsibilities and restrictions set forth in this section V.C.1 shall apply to all Covered Persons and all consultants, contractors, and employees of the Company that have access to MNPI; and, the provisions of sections V.C.1.a. and b, below, shall also extend to all Related Interests and any family member(s) and/or other person(s) that either reside with or are financially dependent upon any such contractor, consultant, or employee. a. Restrictions on Trading or “Tipping” on MNPI i. In the normal course of business, Covered Persons and consultants, contactors, and employees of the Company may become aware of information about the Company’s financial performance, operations, management, prospects, or strategic direction that, if known by an investor, could influence their decision to buy, hold, or sell FLG Securities. Such information may be considered to be “material” in nature, and may be positive (e.g., awareness of a pending merger), or negative (e.g., awareness of a significant loan loss). Other examples of “material events” include, but are not limited to, a change in Senior Management, the sale of a significant asset (including branches), certain regulatory actions, and financial information that departs in any way from recent data or trends. ii. SEC regulations prohibiting Insider Trading are based on the premise that a person inside the Company has access to Material Information before the general public and is therefore in a position to unfairly make a profit, or prevent a loss, on the sale or purchase of FLG Securities. “Tipping” other persons as to such information or recommending the purchase or sale of FLG Securities based on such information, is also prohibited. iii. When in possession of Material Information that has not yet been made public, all current and former Covered Persons, consultants, contractors, and employees of the Company are prohibited from purchasing or selling FLG Securities, whether directly or indirectly, and from disclosing such information to any other persons so that they may buy or sell FLG Securities. b. Trading In Securities of Other Companies When in Possession of MNPI About Them i. Applicable Law prohibiting securities trading when in possession of MNPI about the Company shall also apply to trading in the securities of other companies, including the Company’s vendors and suppliers (collectively, “Business Partners”) and pending merger partners, when in possession of MNPI about such Business Partners and pending merger partners. ii. Civil and criminal penalties may result from trading on MNPI about the Company’s Business Partners and pending merger partners. All current and former employees and Covered Persons should treat MNPI about the Company's Business Partners and pending merger partners with appropriate care and discretion to ensure compliance with Applicable Law covering Insider Trading as they apply to securities issued by other companies. iii. “Tipping” other persons as to such information or recommending the purchase or sale of securities of the Company’s Business Partners based on such information, is also prohibited.
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 14 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. 2. Additional Responsibilities & Restrictions for Covered Persons a. Duty to Request Pre-Clearance and Provide Confirmation of Transactions Involving FLG Securities i. Covered Persons, and their Related Interests, are required to obtain written permission from the CS or the FST Program Manager prior to executing any transaction involving FLG Securities, by submitting a written request for permission to execute such transaction to the CS and the FST Program Manager at trades@flagstar.com (each such request, together with any additional information or documentation reasonably requested by such FST Program Manager, a “Pre-Clearance Request”) for review and a permissibility determination (each such transaction involving FLG Securities deemed to be permissible by the CS or the FST Program Manager, a “Permitted Transaction”); and ii. Directors and Principal Officers, and their Related Interests, are required to provide the CS and the FST Program Manager written confirmation at trades@flagstar.com describing the transaction details (each such notice, a “Confirmation Notice”) immediately following the execution of any such Permitted Transaction, so that such details can be reported in accordance with Applicable Law (in the case of Directors, Principal Officers, and Related Interests) and appropriately recorded and tracked by the Company. Other Covered Persons, and their Related Interests, have five (5) business days following the Permitted Transaction to provide the Confirmation Notice. b. Conditions Under Which FLG Securities May be Traded by Covered Persons i. Conditions to be Met in Order to Initiate Securities Transaction Except as otherwise provided in this Policy, a Covered Person, and their Related Interests, may execute a Permitted Transaction only when all three of the following conditions have been met: (A) when not in possession of any MNPI about the Company; (B) when the CS or the FST Program Manager has deemed the proposed transaction to be permissible (i.e., the Insider has received Pre-Clearance from the CS or the FST Program Manager to proceed with the transaction in accordance with the requirements above, and as otherwise required in this Policy); and (C) when the Trading Window is open. ii. Stock Acquisition through Company Employee Benefit Plans and Period Investment Programs (A) 401(k) Plan (1) Principal Officers that are subject to Section 16 regulation and participate in the Company’s 401(k) Plan (the “401(k) Plan”) are prohibited from making any purchases of or holding FBNA common stock through the 401(k) Plan.
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 15 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. (2) Other Covered Persons in the 401(k) Plan may make purchases of FBNA common stock through the 401(k) Plan at any time pursuant to a previously made election (e.g., pre-arranged bi-weekly or monthly salary deferrals). However, unless they have obtained pre-clearance approval from the CS or the FST Program Manager and such transaction, if executed, would be made while free of MNPI and during the Trading Window, Covered Persons shall not (a) initiate an additional transfer of funds into or out of the Company’s common or preferred stock fund of the 401(k) Plan or (b) change an existing election to invest funds in the Company’s common or preferred stock fund. (B) Other Company Stock Purchase Plans A Covered Person may not sign up for, or change participation in, any employee stock purchase plan or the Company’s Dividend Reinvestment and Stock Purchase Plan (the “DRP”) unless they have obtained pre-clearance approval from the CS or the FST Program Manager and such transaction, if executed, would be made while free of MNPI and during the Trading Window. However, ongoing purchases through such plans pursuant to a previously made election are permitted. (C) Stock Awards Because shares received upon the vesting of stock awards are not purchased, neither their vesting nor the withholding of any such shares to cover the tax obligations arising from such vesting is limited to the Trading Window. However, the sale of vested shares received by a Covered Person shall be permitted only in full compliance with all requirements under this Policy. (D) Written Plan Exception to Trading Window (1) Covered Persons shall not be limited to trading FLG Securities only during the Trading Window when (a) such trading is executed pursuant to a “written plan for trading securities”, (b) such plan meets the requirements of SEC Rule 10b5-15, and (c) such plan is approved in advance by the Board. (2) Covered Persons may enter into, or amend, a trading plan only (a) when they are not in possession of MNPI and (b) during the Trading Window. (3) Once a trading plan has met the requirements outlined in this section V.C.2, trades made pursuant to the plan shall require Pre-Clearance from the CS or the FST Program Manager unless the plan either (a) specifies the dates, prices, and amounts of the contemplated trades or (b) establishes a formula for determining dates, prices, and amounts, as required by SEC Rule 10b5-1. Any amendment to, or early termination of, the plan shall require prior approval by the Board. (4) All transactions executed pursuant to a trading plan shall be reported to the CS or the FST Program Manager immediately on the day of execution. (5) Directors, Principal Officers, and their Related Interests may be required to file a SEC Form 144 (Notice of Proposed Sale of Securities) (a “Form 144 Notice”) in connection with entering into or selling FLG Securities pursuant to a trading plan. 5 17 CFR 240.10b5-1
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 16 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. (E) Dividend Reinvestment Plan (DRP) (1) If a Covered Person, or their Related Interest, decides to purchase shares by enrolling in the DRP, or in any other plan that enables them to purchase stock through a periodic investment (including “written plans for trading securities”), any election to enter into, amend, suspend, or terminate such plan, and all discretionary purchases made under such plan (e.g., shares purchased under the direct cash purchase features of the DRP) shall be made only in full compliance with section V.C.2 of this Policy. (2) Such Covered Person shall notify the CS or the FST Program Manager at the time of DRP enrollment. Furthermore, all Directors, Principal Officers, and Related Interests enrolled in the DRP must provide the following information regarding shares purchased by way of the DRP, whether through the quarterly reinvestment of dividends or through the direct cash purchase feature of the DRP: (a) the account for which shares were purchased; (b) the number of shares purchased; (c) the price at which the shares were purchased; and (d) the date of the purchase. (3) In the case of shares purchased by way of reinvested dividends, the Covered Person shall notify the CS or the FST Program Manager within five (5) days of the reinvestment. (4) In the case of shares purchased by way of the direct purchase feature of the DRP, notification to the CS or the FST Program Manager shall be immediate. (F) Director and Principal Officer Compliance with Rule 144 Directors and Principal Officers, and their Related Interests, are subject to Rule 144, as amended. Rule 144 establishes certain restrictions on sales of FLG Securities, including those described below: (1) The number of FLG Securities that may be sold within any three-month period can be no more than the greater of: (a) 1% of the total number of outstanding Company shares; and (b) the average weekly trading volume of FLG Securities during the four- week period prior to the sale. (2) The FLG Securities to be sold must have been held for a period of at least six months. (3) Sales must be made by way of transactions that are open market, brokered, and unsolicited. (4) There must be adequate current information about the Company in the public domain. (5) A Form 144 Notice must be filed with the SEC and the New York Stock Exchange (the “NYSE”) to report any sale (including sales pursuant to a Trading Plan and entry into a Trading Plan) of more than 5,000 shares or with an aggregate value of more than $50,000 during any three-month period.
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 17 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. (6) A proposed draft of the completed Form 144 Notice should be provided to the CS or the FST Program Manager for review before it is filed. (7) Rule 144 applies to the sale of all FLG Securities, regardless of the means by which they were obtained (e.g., open market, stock option exercise, stock awards, dividend reinvestment, etc.). (8) In order to comply with Rule 144, Related Interests and former Related Interests who were affiliated during the 90-day period before the sale, are required to publicly- disclose their intent to sell shares before actually doing so (and not later than at the time they place their order with their broker) by filing a Form 144 Notice, when (a) the intention is to sell over 5,000 shares or (b) the aggregate sales price would be more than $50,000 during any three-month period. 3. Circumstances when FLG Securities Cannot Be Traded FLG Securities transactions shall be prohibited under the following circumstances: a. Covered Persons and their Related Interests shall not conduct any transaction in FLG Securities while in possession of MNPI. If you are unsure about the materiality of Company information that you possess, and that information has not yet been publicly disclosed by the Company through a press release, SEC filing, posting to the Investor Relations’ section of the Company’s website, or by another means authorized by Executive Management, then please review the definition of Material Information herein and, if still unsure, discuss the matter with the CS or the FST Program Manager. b. Covered Persons and their Related Interests shall not buy or sell FLG Securities outside of the Trading Window (other than pursuant to a “written plan exception for trading securities”). c. No Covered Person, or their Related Interests, shall be permitted to buy or sell FLG Securities during any Plan Black-Out Period that has been designated by the Company. d. Covered Persons and their Related Interests shall not buy, sell, gift, or conduct any other transaction that changes their ownership interest in FLG Securities without Pre-Clearance provided by the CS or the FST Program Manager for any such transaction. e. Directors, Principal Officers, and their Related Interests, shall refrain from selling FLG Securities when the sale would not comply with SEC Rule 144. f. No Covered Person, or their Related Interests, shall be permitted to conduct any transaction in FLG Securities when otherwise prohibited by any other Applicable Requirements, including (without limitation) Applicable Law. 4. Other Trading Restrictions and Requirements for Covered Persons a. No FLG Securities “Short Sales” No Covered Person or their Related Interest(s) may, at any time, sell FLG Securities through a “short sale”. For purposes of this Policy, a “short sale” shall mean any transaction where a Covered Person benefits from a decline in the value of FLG Securities.
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 18 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. b. Restrictions FLG Securities Options Transactions No Covered Person or their Related Interests may, at any time, buy or sell options to sell or buy FLG Securities (i.e., “puts” and “calls”) except in accordance with a program approved by the Board or if the trade is Pre-Cleared by the CEO. This limitation shall not apply to the exercise of stock options granted under the Company’s benefit plans. c. Short Swing Profits i. Subject to the limited exceptions described below, Short Swing Profits are prohibited under Section 16 (b) of the Exchange Act. Transactions by a Related Interest are attributed to the Director or Principal Officer for all Section 16 purposes. Directors or Principal Officers who leave the Company remain subject to the Short Swing Profit prohibition for a period of six (6) months following their departure. ii. Subject to certain criteria, the following transactions are exempt from the Short Swing Profit restriction (though not from reporting): (A) the purchase of stock or receipt of stock awards under the Company’s Stock-Related Benefit Plans; (B) the receipt of shares upon the vesting of a stock award; (C) the purchase of common or preferred shares through the standard deferral of income through the 401(k) Plan (prohibited for Principal Officers pursuant to section V.C.2.b.ii.(A), above); and (D) the purchase of common or preferred shares through a periodic investment program such as the reinvestment of dividends. iii. Any Director or Principal Officer who engages in both the purchase and sale or sale and purchase of FLG Securities within a six-month period may be required to pay to the Company all deemed profits (with the lowest purchase price always being matched against the highest sale price during such six-month period), whether or not the Director or Principal Officer had knowledge of any MNPI, and whether or not such Director or Principal Officer actually received any economic profit. d. Hedging and Pledging All Covered Persons shall review and comply with the requirements set forth in the Company’s Insider Stock Hedging & Pledging (ISHP) Policy. 5. Trading Window Reminders a. The CS and the FST Program Manager shall be responsible for periodically sending reminders about this Policy and notices of the status of the Trading Window. Trading Windows will typically follow the earnings release schedule and will open beginning on the second day following the Company’s earnings release (or the public dissemination of MNPI) and close after the completion of the Trading Day on the 15th day of the last month of each calendar quarter. b. Blackout periods and Trading Window closures may be initiated by the CS or the FST Program Manager, in consultation with Executive Management, at such times as Company activities or market conditions reasonably dictate.
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 19 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. c. Covered Persons shall notify their respective Related Interests regarding this Policy, the Trading Window, and their obligation to comply with this Policy. 6. Post Termination Transactions a. This Policy shall continue to apply to transactions in FLG Securities even after a Covered Person’s termination of service to the Company. If an individual is in possession of MNPI when his or her service terminates, that individual may not engage in transactions in FLG Securities until that information becomes public or is no longer material. b. Directors and Principal Officers shall continue to comply with this Policy until the later of (i) six months after the final day of such directorship or employment by the Company or any other event resulting in such Director or Principal Officer ceasing to be a Senior Executive, and (ii) such period of time as such Director or Principal Officer is in possession of MNPI obtained while affiliated with the Company. c. Notwithstanding the above Post Termination Transaction provisions for Directors and Principal Officers, the duty to request pre-clearance for transactions and follow Trading Windows shall be waived 90 days after termination if (i) no purchase or sales transactions involving FLG Securities were conducted in the six months prior to departure from the Company or ceasing to be a Senior Executive and (ii) there is no outstanding MNPI known to the Director or Principal Officer. 7. General Escalation Requirements In addition to the escalation requirements set forth in section V.C.8, below, and as otherwise set forth herein, the FST Program Manager (or his/her designee(s), as applicable) shall be principally responsible for, among other things, escalating or, as applicable, facilitating the escalation of all reported FST Program-related matters reasonably warranting escalation or otherwise required to be escalated in accordance with Applicable Requirements. 8. KRI Monitoring, Reporting, and Escalation a. The FST Program Manager (or his/her designee(s), as applicable) shall be responsible for ensuring, if applicable, the Company establishes and maintains appropriate FST Program-specific KRIs that each provide a quantitative measurement of Risk to enable monitoring of the associated Risk Profile against the Risk Appetite and proactively identify emerging Risks through root cause and trend analysis. b. FST Program-specific KRIs, if applicable, shall be established, maintained, managed, reported, tested, governed, and escalated in accordance with and pursuant to Applicable Requirements, including (without limitation) the RGF, the RAP, and the RDARR Policy. c. FST Program-specific KRIs, if applicable, shall be monitored, reported, and escalated in accordance with the RAP and the following specific FST Program-reporting and escalation criteria: i. All KRI breaches and Warning Triggers shall be escalated to ERMC. ii. Escalations to ERMC shall be required, at a minimum, for the following: (A) all Board KRI breaches and Warning Triggers; (B) all Management KRI breaches for three (3) consecutive reporting periods;
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 20 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. (C) when Risk exposure exceeds Risk Appetite, report the drivers for the elevated Risk Profile, and corresponding action plan(s) to mitigate the elevated Risk; and (D) any other item as determined by the ERMC chairperson, including emerging Risks. iii. Escalations to the RAC shall be required for all Board KRI breaches and Warning Triggers. 9. Risk Acceptance a. There shall be no exceptions to the requirements resulting from the RCSA Process in the ordinary course (i.e., Risk Acceptances) except those: (i) made on the basis of a material business need of the Company; (ii) only pursuant to and in accordance with Applicable Requirements; and (iii) for which the associated Issue(s) identified during the RCSA Process cannot be remediated through commercially reasonable means. b. The FST Program Manager (or his/her designee(s), as applicable) shall be responsible for, among other things, the following with respect to all Risk Acceptances: i. ensuring that each Risk Acceptance is time-bound for renewal and its required approval level is aligned to the associated Risk rating; ii. maintaining written records with respect to each Risk Acceptance that include, at a minimum, the associated Risk rating, rationale for acceptance, compensating Controls, and evidence of approval from the required approval level aligned to the associated Risk rating; and iii. providing ERMC, Executive Management, the RAC, and/or the Board with a report regarding all then effective Risk Acceptances upon request or as otherwise required by this Policy. D. Training & Communications The FST Program Manager (or his/her designee(s), as applicable), with the support of Corporate Governance personnel and the Learning and Development Group within Human Resources, as necessary and appropriate, shall be responsible for: 1. communicating the requirements of this Policy to all applicable Company personnel; 2. designing and conducting, or causing to be conducted, training for applicable Company personnel that describes the FST Program and how to adhere to its requirements, which training must be conducted on an annual basis, or as more frequently as is necessary or appropriate to address any material update(s) to the FST Program; and 3. maintaining appropriate records of such training. (Continued on the following page.)
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 21 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. VI. ROLES AND RESPONSIBILITIES A. All Company personnel and business units in the First Line, the Second Line, and the Third Line (each as respectively defined in section VI.B, below, and each, a “Line”) shall be responsible, as respectively applicable, for managing Risk in accordance with, among other Applicable Requirements, the RGF and the RAP. B. Business units with responsibilities and accountabilities with respect to this Policy include (without limitation) the following: 1. First line business units (collectively, the “First Line”): all business units, as applicable. 2. Second line business units (collectively, the “Second Line”): all business units within RMD, as applicable, including (without limitation): a. Enterprise Compliance; b. ERM; c. ORM; d. Security; and e. TCTPRR. 3. Third line business unit (the “Third Line”): Internal Audit. C. The First Line, as the owners of Risk, shall be responsible for identifying, assessing, monitoring, controlling, reporting, escalating, remediating, and mitigating Risks associated with their activities and for adhering to the Company’s Board-approved Risk Appetite and Limits established by Senior Management and the Board, all in accordance with and pursuant to Applicable Requirements. The First Line also shall be responsible for developing, maintaining, and implementing First Line processes, procedures, and such other internal Controls (including, without limitation, establishing, refining, and testing of Controls catalogued in the Company’s Governance, Risk, and Compliance (GRC) System) as are necessary to ensure the Company and its third-party vendors and partners, as applicable, comply with Applicable Requirements. D. The Second Line shall be responsible for independent oversight and effective challenge over- and assessment of- the Company’s Risk-taking activities specific to this Policy, including (without limitation) monitoring, reporting on, and escalating Issues related to the First Line’s adherence to the Company’s Board-approved Risk Appetite and Limits established by Senior Management and the Board, and for providing tools to assist all applicable business units in managing certain Risks related thereto, all in accordance with and pursuant to Applicable Requirements. E. The Third Line shall be responsible for providing timely, relevant, independent, and objective enterprise- level perspectives on, and assurance regarding, among other things, the effectiveness of governance, Risk management, and internal Controls related hereto and the overall safety and soundness of the Company as a result thereof, all in accordance with and pursuant to Applicable Requirements.
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 22 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. VII. ASSOCIATED INTERNAL DOCUMENTS This Policy shall be carried out by each Line, as applicable, in accordance with the respective processes and procedures of its applicable business unit(s), which shall be consistent with the requirements of this Policy and any other related Company policies, plans, guidelines, standards, or procedures, including (without limitation) the following (as applicable and as may be amended from time to time): 1. Enterprise Strategic Plan (ESP) 2. Risk Governance Framework (RGF) 3. Risk Appetite Statement (RAS) 4. Risk Appetite Policy (RAP) 5. Code of Conduct (COC) 6. Confidential Information Management (CIM)Policy 7. Confidential Supervisory Information (CSI) Policy 8. Enterprise Change Management (ECM) Policy 9. Enterprise Compliance Risk Management (ECRM) Policy 10. Enterprise Corporate Information Management (ECIM) Policy 11. Enterprise Data Governance (EDG) Policy 12. Financial Statement and Disclosure (FSD) Policy 13. General Compensation Recoupment (GCR) Policy 14. Insider Stock Hedging & Pledging (ISHP) Policy 15. Insider Stock Ownership (ISO) Policy 16. Issue Management (IM) Policy 17. Operational Risk Management (ORM) Policy 18. Policy on Policies & Committees (POPC) 19. Restatement Compensation Recoupment (RCR) Policy 20. Risk Data Aggregation & Risk Reporting (RDARR) Policy 21. Control Assurance Methodology 22. FST Procedures VIII. ASSOCIATED EXTERNAL DOCUMENTS This Policy shall be reflective of and carried out by each Line, as applicable, in accordance with Applicable Law, including (without limitation) the following (as applicable and as may be amended from time to time):
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 23 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. 1. 12 CFR Part 30, Appendix D6 2. “Corporate and Risk Governance” booklet7 of the Comptroller’s Handbook (the “OCC Comptroller’s Handbook”) issued by the Office of the Comptroller of the Currency (“OCC”) 3. “Internal Control” booklet8 of the OCC Comptroller’s Handbook 4. Rule 144 of the Securities Act of 1933 5. Section 16 of the Exchange Act IX. POLICY CONFLICTS, QUESTIONS, AND VIOLATIONS A. To the extent that any of the terms of this Policy conflict with any applicable law, rule, or regulation, the terms of such applicable law, rule, or regulation shall govern. To the extent that this Policy conflicts with, or is superseded by, any other Company rule or policy, or with written instructions provided to an employee by any officer of the Company to whom such employee reports, the applicable portions of this Policy and such other rules, policies, and instructions shall be applied so as to give effect to the term, rule, policy, or instruction which is most restrictive, unless otherwise indicated in writing by the Policy Coordinator (as defined in the POPC). Company personnel shall be responsible for promptly reporting all such conflicts to the Policy Coordinator. B. Anyone with questions about the meaning or applicability of this Policy and, unless specifically provided otherwise herein, anyone aware of any violation of this Policy, shall contact the undersigned Policy Owner (or his/her designee(s), as applicable), and the Policy Owner (or his/her designee(s), as applicable) shall confer with a duly designated in-house attorney regarding any questions about the interpretation or application of any applicable law, rule, or regulation (including related regulatory guidance). C. Subject to Applicable Requirements, any Company personnel determined to have committed any violation(s) of this Policy may be subject to disciplinary action, which, depending on the severity of the situation, may include dismissal. For the avoidance of doubt, under no circumstance shall this Policy be deemed to limit the Company’s rights, remedies, causes of action, or other options in response to any violation(s) of this Policy or with respect to any party. [REMAINDER OF PAGE INTENTIONALLY LEFT BLANK] 6 12 CFR Part 30, Appendix D, OCC Guidelines Establishing Heightened Standards for Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches. 7 “Corporate and Risk Governance” booklet (Version 2.0, July 2019), OCC Comptroller’s Handbook. 8 “Internal Control” booklet (January 2001), OCC Comptroller’s Handbook.
Policy Number: 2013-142-M-U FLG SECURITIES TRADING (FST) POLICY Page 24 of 24 © Flagstar Bank, N.A. CONFIDENTIAL: This Policy is for Flagstar’s internal use and regulatory review only and may not be copied or distributed to any third party without the GC's or the Policy Coordinator’s prior written consent. X. POLICY REVIEW AND APPROVAL REQUIREMENTS A. The Policy Owner shall review this Policy, and solicit input from any Senior Officer(s) whose responsibilities (and/or whose employees’ responsibilities) fall within the scope of this Policy, at least annually (or as may otherwise be required, whether pursuant to the POPC and its underlying procedures, regulator directive, or other business need) in order to determine whether any revision(s) is(are) necessary, including to enhance the effectiveness of this Policy, to comply with any pertinent change(s) in Applicable Requirements, and/or to address any material change(s) in the Company’s strategy, objectives, business activities, size, structure, and/or management, and shall make all necessary revisions, all in accordance with the POPC. B. Any proposed revision(s) to this Policy (except the correction of any clerical error(s)) must be reviewed and signed off upon by the applicable Designated Reviewers (as defined in the POPC) in Enterprise Compliance, ERM, and Legal and by the Policy Coordinator, prior to being presented to the applicable Senior Officer(s), Committee(s), and/or the Board for consideration and signoff or approval, as appropriate and applicable pursuant to and in accordance with the POPC. C. The Policy Owner shall ensure that this Policy is presented, with his/her observations and recommendations as to any changes, not less than annually to the GC for review and approval. XI. POLICY EXCEPTIONS There shall be no exceptions to this Policy. This Policy was reviewed and approved by the General Counsel & Chief of Staff of Flagstar Bank, N.A., Bao Nguyen, on February 4, 2026. (Signed) Policy Owner: Jan Klym Assistant Corporate Secretary Dated: February 4, 2026 _______________________________