Deutsche Bank : DB USA Corporation Pillar 3 Report Q4 2023

DB USA Corporation Pillar 3 Report 2023

DB USA Corporation

Pillar 3 Report 2023

Contents
INTRODUCTION	4
DISCLOSURES ACCORDING TOPILLAR3OF THEBASEL3 CAPITALFRAMEWORK	4
ADDITIONALDISCLOSUREREQUIREMENTS FORLARGESUBSIDIARIES	4
LOCATION OFPILLAR3DISCLOSURES	5
BASIS OFPRESENTATION	6
SCOPE OFAPPLICATION	6
RISK MANAGEMENT FRAMEWORK AND GOVERNANCE	7
RISKMANAGEMENTFRAMEWORK	7
RISKGOVERNANCE	8
RISKAPPETITE ANDCAPACITY	9
RISK AND CAPITAL PLAN	10
STRATEGIC ANDCAPITALPLAN	10
INTERNALCAPITALADEQUACYASSESSMENTPROCESS	10
STRESS TESTING	11
RISK AND CAPITAL MANAGEMENT	12
CAPITAL MANAGEMENT	12
CONTINGENCY FUNDING PLAN	13
RISK IDENTIFICATION AND ASSESSMENT	13
CREDIT RISK MANAGEMENT	14
MARKET RISK MANAGEMENT	18
LIQUIDITY RISK MANAGEMENT	20
NON-FINANCIAL RISK MANAGEMENT	21
MODEL RISK MANAGEMENT	23
COMPLIANCE RISK MANAGEMENT	25
ANTI-FINANCIAL CRIME RISK MANAGEMENT	25
RISK AND CAPITAL PERFORMANCE	26
REGULATORY CAPITAL	27
MINIMUM CAPITAL REQUIREMENTS AND ADDITIONAL CAPITAL BUFFERS	27
RECONCILIATION OF FINANCIAL AND REGULATORY BALANCE SHEET	29
	2

DB USA Corporation

Pillar 3 Report 2023

EXPOSURES AND RISK-WEIGHTED ASSETS	31
CREDIT RISK EXPOSURE	34
CREDIT RISK AND CREDIT RISK MITIGATION	40
IMPAIRMENTS	43
SUPPLEMENTARY LEVERAGE RATIO	45
LIQUIDITY COVERAGE RATIO	47
NET STABLE FUNDING RATIO	48
EMPLOYEE COMPENSATION REPORT	51
OVERVIEW ON COMPENSATION DECISIONS FOR 2023	51
REGULATORY ENVIRONMENT	51
COMPENSATION GOVERNANCE	53
COMPENSATION STRATEGY	54
GROUP COMPENSATION FRAMEWORK	55
DETERMINATION OF PERFORMANCE-BASED VARIABLE COMPENSATION	56
VARIABLE COMPENSATION STRUCTURE	56
EX-POST RISK ADJUSTMENT OF VARIABLE COMPENSATION	57
EMPLOYEE GROUPS WITH SPECIFIC COMPENSATION STRUCTURES	59
MATERIAL RISK TAKER COMPENSATION DISCLOSURE	60

3

DB USA Corporation

Pillar 3 Report 2023

Introduction

Disclosures according to Pillar 3 of the Basel 3 Capital Framework

The purpose of this Report is to provide Pillar 3 disclosures for DB USA Corporation ("DB USA Corp") as required by the regulatory framework for capital & liquidity, established by the Basel Committee on Banking Supervision, also known as Basel 3. On a European level these are implemented in the disclosure requirements pursuant to Part Eight of the "Regulation (EU) No 575/2013 on prudential requirements for credit institutions and investment firms" (Capital Requirements Regulation, or "CRR") and the "Directive 2013/36/EU on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms" (Capital Requirements Directive 4, or "CRD 4"). Germany implemented these CRD 4 requirements into national law in Section 26a of the German Banking Act ("Kreditwesengesetz" or "KWG"). Per regulation it is not required to have Pillar 3 disclosures audited. As such the information provided in this Pillar 3 Report is unaudited.

Additional Disclosure Requirements for Large Subsidiaries

In accordance with Article 13 (1) CRR, large subsidiaries are required to disclose information to the extent applicable in respect of own funds, capital requirements, capital buffers, credit risk adjustments, remuneration policy, leverage and use of credit risk mitigation techniques on an individual or sub-consolidated basis.

Large subsidiaries are identified in accordance with Article 4 No. 146 and 147 CRR, and applied to all subsidiaries classified as "credit institution" under the CRR and not qualifying for a waiver status pursuant to Section 2a KWG in conjunction with Article 7 CRR. A subsidiary is required to comply with the requirements in Article 13 (1) CRR (as described above) if at least one criterion mentioned in the list below has been met. The total value of assets referenced below is calculated on an IFRS basis as of December 31, 2023:

• The subsidiary is a global systemically important institution;
• It has been identified as an other systemically important institution (O-SII) in accordance with Article 131(1) and (3) of Directive 2013/36/EU;
• The subsidiary is, in the Member State in which it is established, one of the three largest institutions in terms of total value of assets;
• Total value of assets on an individual basis or sub-consolidated basis is equal to or greater than € 30 billion.

As a result of the selection process described above, DB USA Corp has been identified as a "large" subsidiary for the Group and hence required to provide additional disclosure requirements in accordance with Article 13 CRR.

DB USA Corp publishes the Pillar 3 disclosure report on a quarterly basis on its website at https://www.db.com/ir/en/reports-and- events.htm.

All financial information disclosed is presented in USD and is rounded to the nearest million, with exception to certain tables in the Remuneration section which are reported in Euro. The consolidated financial balance sheet is based on DB USA Corp financial statements prepared in accordance with U.S. generally accepted accounting principles (US GAAP). Regulatory capital and credit exposure disclosures are based on DB USA Corp Consolidated Financial Statements for Holding Companies (FR Y-9C).

4

DB USA Corporation

Pillar 3 Report 2023

Location of Pillar 3 disclosures

The following table provides an overview of the location of the required Pillar 3 disclosures in this Pillar 3 Report.

Pillar 3 requirements topic with reference	Primary location in this report
to CRR-Article
Main features of the CET1, AT1 and Tier 2		"Regulatory Capital"
instruments, and reconciliation of		"Reconciliation of Financial and Regulatory Balance Sheet"
filters/deductions applied to own funds and
balance sheet (Article 437)
Compliance to own funds requirements		"Regulatory Capital table" table
(Article 92)		"Regulatory Capital Requirements and Risk-weighted Assets"
		table
Approach to assessing the adequacy of		"Internal Capital Adequacy Assessment Process" section
internal capital to support current and future
activities (Article 438 (a)
Risk-weighted exposure amounts (Article		"Gross exposure by asset class and geographical region" table
438 (c)-(f)		"Gross exposure by class and residual maturity" table
		"Exposure values in the standardized approach by risk weight"
		table
Capital buffer (Article 440)		"Minimum capital requirements and additional capital buffers"
		section.
		"Gross exposure by class and geographical region" table
Credit risk adjustments: information		"Impairment loans, allowance for loan losses and coverage ratio
regarding exposure to credit risk and dilution		by business divisions" table
risk (Article. 442)		"Impairment loans, allowance for loan losses and coverage ratio
		by industry" table
		"Impairment loans, allowance for loan losses and coverage ratio
		by region" table
		"Impaired Loans" table
Remuneration policy (Article 450)		"Remuneration policy" section
Leverage (Article 451)		"Supplemental Leverage Ratio" section
Liquidity (Article 451a)		"Liquidity" section
Use of credit risk mitigation techniques		"Credit risk management" section
(Article 453)

5

DB USA Corporation

Pillar 3 Report 2023

Basis of Presentation

DB USA Corp Pillar 3 Report has been prepared in accordance with U.S. Generally Accepted Accounting Principles ("U.S. GAAP"), while Regulatory Capital and Risk Weighted Assets ("RWA") calculations are based on U.S. Basel 3 Standardized Approach ("U.S. Basel 3") capital rules. In this regard RWA, Regulatory Capital and associated disclosures are based on U.S. regulatory reporting requirements as defined by the Federal Reserve Bank FR Y-9C Consolidated Financial Statements for Bank Holding Companies ("FR Y-9C") and in conjunction with U.S. Basel 3 rules. Quantitative Pillar 3 disclosures, in the Pillar 3 Report follow the classification and segmentation required by the FR Y-9C reporting requirements and U.S. Basel 3 guidelines. Where appropriate, disclosure tables required by the European Banking Authority ("EBA") have introduced and modified, in order to present information consistent with the reporting made in the FR Y-9C and the DB USA Corp audited financial statements, also prepared on a U.S. GAAP basis.

Scope of Application

DB USA Corp is the US Intermediate Holding Company ("IHC") of Deutsche Bank AG ("DB Group") that is implemented pursuant to Regulation YY: Enhanced Prudential Standards for Bank Holding Companies and Foreign Banking Organizations, codified in 12 C.F.R. Part 252, and, in particular, Subpart O - Enhanced Prudential Standards for Foreign Banking Organizations with Total Consolidated Assets of $100 Billion or More and Combined U.S. Assets of $100 Billion or More" (the "FBO EPS Rule"). The FBO EPS Rule requires that a foreign banking organization ("FBO") having combined US assets of $100 billion or more and US non- branch assets of $50 billion or more establish in the US an IHC for its US subsidiaries that must be organized under the applicable US laws and operate under all applicable US regulatory requirements, including leverage and risk-based capital standards, stress testing, risk management and liquidity requirements. DB USA Corp consolidates all of DB Group subsidiaries in the U.S. which include Deutsche Bank Trust Corporation ("DBTC"), Deutsche Bank Trust Company Americas ("DBTCA"), Deutsche Bank Securities Inc. ("DBSI"), Deutsche Bank US Financial Markets Holding Corp. ("DBUSH"), Deutsche Bank Americas Holding Corp. ("DBAH") and German American Capital Corp. ("GACC").

DB Group offers a wide variety of investment, financial and related products and services to private individuals, corporate entities and institutional clients around the world, organized under five corporate divisions as of December 31, 2023: Investment Bank (IB), Corporate Bank (CB), Private Bank (PB), Asset Management (AM) and Corporate & Other (C&O). DB USA predominately operates in three of these divisions: Investment Bank (IB), Corporate Bank (CB), and Private Bank (PB).

The main products and services currently offered by DB USA Corp include:

• Investment Bank (IB), primarily covers Markets which facilitates: (i) client financing services through repo and client cash prime brokerage/securities lending for Prime Finance clients, (ii) market-making activities and secondary market liquidity to clients in U.S. cash products across Rates, Credit, and Asset Backed Securities, (iii) hedging solutions and investment products to DB clients through market-making in listed derivatives (execution, clearing and settlement), and (iv) new issue and syndication of Investment Grade, High Yield, and Asset Backed Securities.
• Corporate Bank (CB), covers Corporate / Commercial clients, comprising Commercial Banking which provides lending including Residential Real Estate (RRE), Commercial Real Estate (CRE), structured loans and Lombard (margin) loans, and Global Transaction Banking (GTB). GTB comprises cash management (including overdraft facilities provided to clients), trade finance services (including letters of credit, financial supply chain management, accounts receivable purchasing, custom-madeand performance-riskfinance solutions for structured trade finance services and commodity trade finance services) and trust services, and advisory services across Mergers & Acquisitions, Equity Capital Markets (ECM), Debt Capital Markets (DCM), Leveraged Debt Capital Markets (LDCM), as well as funding and structuring client solutions.
• Private Bank (PB), comprises Wealth Management which offers high net worth clients a broad range of traditional and alternative investment solutions, providing a holistic service for all aspects of Wealth Management including deposit taking, discretionary portfolio management, trust services, and custody services to High Net Worth (HNW) and Ultra High Net Worth (UHNW) individuals.

The above corporate divisions are supported by several infrastructure functions including Risk, Finance, Operations, Technology, Compliance, Anti-Financial Crime, Legal, Human Resources and Research.

6

DB USA Corporation

Pillar 3 Report 2023

DB USA Corp integrates into the DB Group operations, policies and procedures as part of its core risk management framework as further elaborated in the next sections.

Risk Management Framework and Governance

Risk Management Framework

The risk management at DB USA Corp. is integral to DB Group's risk management framework and processes

• Core risk management responsibilities are embedded in the DB USA Corp. Board ("Board") and delegated to senior risk managers and senior risk management committees including the DB USA Corp. Risk Committee ("RiskCo")
• Organizational structures must follow the Three Lines of Defense ("3LoD") model with a clear definition of roles and responsibilities for all risk types.
  o Every employee must act as a risk manager consistent with DB USA Corp's risk appetite, risk management standards and values.
  o The Management Board approved risk appetite must be cascaded and adhered to across all dimensions of the Group, with appropriate consequences in the event of a breach.
  o Risks must be identified and assessed.
  o Risks must be actively managed including via appropriate risk mitigation and effective internal control systems. o Risks must be measured and reported using accurate, complete, and timely data using approved models.
  o Regular stress tests must be performed against adverse scenarios and appropriate crisis response planning must be established.
  o The 1st Line of Defense ("1st LoD") refers to those roles in the Bank whose activities generate risks, whether financial or non-financial, and who own and are accountable for the risks which are generated in their respective organizations. The 1st LoD cannot delegate its accountability for the management of its own risks and must adhere to the standards set by the 2nd Line of Defense ("2nd LoD") as well as any applicable regulatory requirements. The 1st LoD manages these risks within the defined risk appetite, establishes an appropriate risk governance and risk culture.
  o The 2nd Line of Defense ("2nd LoD") refers to the roles in the Bank who define the risk management framework for a specific risk type. The 2nd LoD independently assesses and challenges the implementation of the risk type framework and adherence to the risk appetite and acts as an advisor to the 1st LoD on how to identify, assess and manage risk.
  o The 3rd Line of Defense ("3rd LoD") is Group Audit, which is accountable for providing independent and objective assurance on the adequacy of the design, operating effectiveness and efficiency of the risk management system, systems of internal controls and governance of the 1st LoD and 2nd LoD.

The risk culture at DB USA Corp. is fully integrated in DB Group's risk culture framework and processes. The 3LoD risk management structure assigns risk ownership at the level of the businesses and individuals taking on the risks - 1st LoD. The 3LoD organization structure is designed to protect customers and shareholders against risk-based losses and the resulting reputational damage. The 3LoD structure ensures that all risks are taken on, and managed, in the best and long-term interest of the bank. The establishment of risk appetite, monitoring of risk levels against risk appetite and provision of challenge to risk management decisions is performed by independent control functions - second line of defense (2nd LoD). Independent assurance over the design and operation of controls, in turn, is provided by the third line of defense (3rd LoD). This structure ensures that all risks are identified and managed and that risk management accountabilities are clearly assigned. It is expected that employees exhibit behaviours that support a strong risk culture in line with DB USA Corp's Code of Conduct. To promote this, DB USA Corp's policies require that risks taken (including against risk appetite) must be considered during performance assessment and compensation processes. This expectation continues to be reinforced through communications campaigns and mandatory training courses for all DB employees. In addition, DB USA Corp's Management Board members and senior management frequently communicate the importance of a strong risk culture to support consistent tone from the top.

7

DB USA Corporation

Pillar 3 Report 2023

Risk Governance

DB USA Corp. operations are regulated and supervised by the Federal Reserve Board (FRB). Such regulation focuses on licensing, capital adequacy, liquidity, risk concentration, conduct of business as well as organizational and reporting requirements. At the Group, the European Central Bank ("ECB") in connection with the competent authorities of EU countries which joined the Single Supervisory Mechanism via the Joint Supervisory Team, act in cooperation as primary supervisors to monitor DB Group's compliance with the German Banking Act and other applicable laws and regulations.

The risk management governance structure of DB USA Corp. is designed to ensure clear regional accountability that is commensurate with its risk profile, structure, complexity, activities, and size. The organizational structure provides clear lines of accountability for monitoring risk and capital and escalating breaches of key capital and liquidity limits and thresholds as applicable. The Chief Risk Officer, Americas has responsibility for the risk management of DB USA Corp., which is inclusive of but not limited to, all Credit, Market, Liquidity and Non-financial risks as well as overseeing the measurement, aggregation and monitoring of risks and establishing a sound and strong risk culture and governance. Below are several examples of key DB USA Corp. governance bodies. More in depth risk management governance information can be found in Deutsche Bank AG`s Combined U.S. Operations (the "CUSO") Risk Management Framework.

DB USA Corp. Risk Committee ("RiskCo")

The DB USA. Board has delegated authority to the RiskCo to serve as the risk committee of DB USA and the CUSO, which serves as both a decision-making body and a forum for information sharing on risk issues.

The RiskCo is a committee of the DB USA Board and escalates issues as necessary to the DB USA Board. The RiskCo operates under a Board - approved Charter, which is reviewed annually and sets forth the committee's roles and responsibilities.

The RiskCo is responsible for periodically reviewing, approving / recommending for approval for DB USA and CUSO key risk management policies, risk appetite and strategy, the DB USA capital plan.

Additionally, the RiskCo regularly reviews and discusses with management strategies as well as controls related to market, credit, operational, liquidity, compliance, anti-financial crime, reputational, climate and model risk management for DB USA and CUSO.

U.S. (Operations) Management Risk Council ("U.S. MRC")

The U.S. (Operations) Management Risk Council (U.S. MRC) supports the management of the risk profile as well as the alignment of risk appetite, liquidity, and funding within DB USA Corp. and the CUSO. The U.S. MRC has responsibility to oversee risk and capital management, monitor the compliance to the risk appetite and limits and act upon, or escalate any issues that fall within its remit. The U.S. MRC also supports DB USA Corp. with its capital adequacy planning as well as capitalization requirements and monitors the compliance with these.

The CRO, Americas is the Chairperson of the Council and the Chief Financial Officer (CFO), Americas is Vice Chairperson. The U.S. MRC includes the heads of risk types (as members) and senior business representatives (as guests) in addition to the CRO, Americas to ensure the appropriate subject matter experts (SMEs) are responsible for review and recommendation of relevant risk matters.

U.S. Asset and Liability Management Council ("U.S. ALCo")

The mandate of the U.S. ALCo is to function as an advisory body for the Americas region, conveying the views of its members concerning their individual business lines or infrastructure functions in optimization of sourcing and deployment of financial resources including balance sheet, capital, and liquidity and funding management, within the overarching Deutsche Bank AG strategy set by Group and CUSO's risk appetite.

8

DB USA Corporation

Pillar 3 Report 2023

Risk Appetite and Capacity

Risk is taken and monitored within a defined risk appetite across various dimensions of DB USA Corp.'s activities, with appropriate consequences applied where appetite is breached.

Risk appetite represents the aggregate level and types of risk it is willing to assume relative to its risk capacity to achieve its strategic objectives. Risk capacity reflects the maximum level of risk it can assume given its current resources before breaching constraints determined by regulatory capital and liquidity needs, the operational environment (e.g., infrastructure, risk management capabilities, expertise), expectations and from a conduct perspective of key stakeholders.

DB USA Corp. is operating within DB's integrated risk appetite framework which articulates, monitors and effectively controls risk across multiple dimensions - at the DB Group (global), legal entity / branch and business unit level - which constrains the capacity of each dimension to take risk, aligned to business planning and strategy development. The risk appetite framework is a cornerstone of DB's risk culture in reinforcing risk awareness and embedding appropriate risk-taking behavior required of all DB employees.

DB's risk appetite is driven and articulated by four key components that, together, should ensure the effective management of risk. These key components are:

• Strategic objectives: The articulation of Risk Appetite should be linked to the strategy and material risks of the Group, legal entity (subsidiaries and branches) or Business unit.
• Qualitative statements: Clearly articulated statements should set the overall tone for the entity's approach to risk taking, including the motivations for taking on or avoiding certain types of risks, products, country/regional exposures, or other categories.
• Top-downallocation and calibration: The framework should define 'top-down' Risk Appetite relative to risk capacity across earnings, capital adequacy and liquidity which is allocated to risk types to support calibration of limits & thresholds.
• Quantitative risk appetite metrics: Risk appetite must be defined through key risk limits and thresholds, calibrated to be within top-down risk type allocations. These include metrics for Asset Class risk appetite.

DB USA Corp's Risk Appetite is approved by the DB USA Board which maintains its oversight of adherence to Risk Appetite via the CUSO RCP Report monthly or as required. In addition, the DB USA Board delegates specific responsibilities for the setting, monitoring and decision making of Risk Appetite to dedicated committees. This includes, inter alia:

• RiskCo: Recommends (to the DB USA Board) and monitors adherence to Risk Appetite.
• U.S. MRC: Recommends (to the CRO, Americas and RiskCo) and monitors adherence to Risk Appetite.

Consent for the DB USA's Risk Appetite is also provided by Group (as required by a shareholder agreement between DBAG and DB USA), by the Global Head of ERM.

9

DB USA Corporation

Pillar 3 Report 2023

Risk and Capital Plan

Strategic and Capital Plan

Business strategy, foundational risk management and capital management are closely linked and interrelated processes at DB Group and at DB USA Corp.

DB USA Corp.'s capital planning process is closely linked to the Group's annual strategy setting and business planning cycle. Each business division engages in bottom-up legal entity planning to determine whether Group and divisional targets, including allocated resources, conform to entity-level constraints and risk appetite. This process provides a feedback loop in which the bottom-upentity-level planning is aligned with the top-downGroup-level planning. For the Americas Capital Management team this feedback loop for DB USA Corp. is through dialogue with the Group Treasury colleagues.

DB USA Corp. conducts annually integrated strategic planning process, which lays out the development of the future strategic direction as an entity and for the business areas. The strategic plan aims to create a holistic perspective on capital, funding and risk under risk-return considerations. This process translates DB USA Corp's long-term strategic targets into measurable short- to medium-term financial targets and enables intra-year performance monitoring and management. DB USA Corp. aims to identify growth options by considering the risks involved and the allocation of available capital resources to drive sustainable performance. Risk-specific portfolio strategies complement this framework and allow for an in-depth implementation of the risk strategy on a portfolio level, addressing risk specifics including risk concentrations.

The strategic planning process consists of two phases: a top-down target setting and a bottom-up substantiation. In the top-down target setting, key targets for profit and loss (including revenues and costs), capital supply, and capital demand as well as leverage, funding and liquidity are discussed for DB USA Corp. and the key business areas. In this process, targets are defined based on the global macroeconomic outlook and the expected regulatory framework. Subsequently, the targets are approved by management and the DB USA Corp. Board. In the bottom-up phase, targets are substantiated by detailed business unit plans. The proposed bottom-up plans are reviewed and challenged by Finance and Risk and are discussed individually with the business heads. The specifics of the business are considered, and concrete targets decided in line with DB USA Corp.'s strategic direction. Stress tests complement the strategic plan to also consider stressed market conditions.

Internal Capital Adequacy Assessment Process

DB USA Corp.'s internal capital adequacy assessment process (ICAAP) consists of several well established components which ensure that DB USA Corp. maintains sufficient capital to cover the risks to which the bank is exposed on an ongoing basis:

• The Risk ID process forms the basis of the ICAAP and results in an inventory of risks for DB USA Corp. All risks identified are assessed for their materiality. Further details can be found in the "Risk Identification and Assessment" section.
• Capital demand & capital supply: Risk measurement methodologies and models are applied to quantify the capital demand which is required to cover all material risks except for those which cannot be adequately limited by capital e.g., liquidity risk. Capital supply quantification refers to the definition of available capital resources to absorb unexpected losses. Further details can be found in the "Risk and Capital Management" section.
• Risk appetite: DB USA Corp. has established a set of qualitative statements, quantitative metrics and thresholds which express the level of risk that the Bank is willing to assume to achieve the strategic objectives. Threshold breaches are subject to a dedicated governance framework triggering management actions aimed to safeguard capital adequacy. The risk management function continually analyses and monitors the risk profile of the business to ensure adherence to the approved plan, and to thresholds set for risk appetite metrics. Further details can be found in the sections "Risk Appetite and Capacity" section.
• The CUSO Risk Management Framework provides documentation of the risk governance and management framework of DB USA Corp. by main risk types as well as overall risk management practices in place. The monthly RCP Report is also used as a key tool to analyze, monitor, and report DB USA Corp.'s risk and capital profile. It is also leveraged to

10