UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 6-K

REPORT OF FOREIGN ISSUER

PURSUANT TO RULE 13a-16 OR 15d-16

UNDER THE SECURITIES EXCHANGE ACT OF 1934

For the month of February, 2019

Commission file number: 1-10110

BANCO BILBAO VIZCAYA ARGENTARIA, S.A.

(Exact name of Registrant as specified in its charter)

BANK BILBAO VIZCAYA ARGENTARIA, S.A.

(Translation of Registrant’s name into English)

Calle Azul 4,

28050 Madrid

Spain

(Address of principal executive offices)

Indicate by check mark whether the registrant files or will file annual reports under cover of Form 20-F or Form 40-F:

Form 20-F  ☒            Form 40-F  ☐

Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(1):

Yes  ☐            No  ☒

Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(7):

Yes  ☐            No  ☒

ANNUAL CORPORATE GOVERNANCE REPORT OF LISTED COMPANIES

ISSUER IDENTIFICATION

Tax Identification No. [C.I.F.] A48265169

Company Name: Banco Bilbao Vizcaya Argentaria, S.A.

Registered Office: 4 Plaza de San Nicolás, 48005 Bilbao (Biscay)

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

1

ANNUAL CORPORATE GOVERNANCE REPORT

OF LISTED COMPANIES

A. OWNERSHIP STRUCTURE

A.1 Fill in the following table on the company’s share capital:

Indicate if there are different share classes with different rights associated with them:

NO

A.2 Detail the direct and indirect holders of significant shareholdings in your company at financial year-end, excluding directors:

Details of indirect participation:

Remarks

State Street Bank and Trust Co., The Bank of New York Mellon S.A.N.V. and Chase Nominees Ltd., as international custodian/depositary banks, hold, as of 31 December 2018, 10.69%, 2.31% and 6.33% of BBVA’s share capital, respectively. Of said positions held by the custodian banks, BBVA is not aware of any individual shareholders with direct or indirect holdings greater than or equal to 3% of the BBVA share capital.

Communication of significant holdings to the CNMV (Spanish National Securities Market Commission): On 18 October 2017, Blackrock Inc. informed the CNMV that it now had an indirect holding of 5.708% of BBVA’s share capital, through the company Blackrock Investment Management.

Indicate the most significant changes in the shareholder structure during the financial year:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

2

A.3 Fill in the following tables with the members of the company’s Board of Directors with voting rights on company shares:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

3

Details of indirect participation:

A.4 Where applicable, indicate any family, commercial, contractual or corporate relationships between holders of significant shareholdings, insofar as the company is aware of them, unless they are of little relevance or due to ordinary trading or exchange activities, except those described in section A.6:

A.5 Where applicable, indicate any commercial, contractual or corporate relationships between holders of significant shareholdings and the company and/or its group, unless they are of little relevance or due to ordinary trading or exchange activities:

A.6 Describe the relationships, unless insignificant for the two parties, that exist between significant shareholders or shareholders represented on the Board and directors, or their representatives in the case of proprietary directors.

Explain, as the case may be, how the significant shareholders are represented. Specifically, state those directors appointed to represent significant shareholders, those whose appointment was proposed by significant shareholders or who were linked to significant shareholders and/or their group companies, and specify the nature of the relationships. In particular, indicate, where applicable, the existence, identity and position of board members—or their representatives—of the listed company who are members—or representatives of members—of the management body of companies that hold significant shareholdings in the listed company or of companies of said significant shareholders’ groups.

A.7 Indicate whether the company has been informed of any shareholder agreements that may affect it, as set out under articles 530 and 531 of the Corporate Enterprises Act. Where applicable, briefly describe them and list the shareholders bound by such agreement:

NO

Indicate whether the company is aware of the existence of concerted actions by its shareholders. If so, describe them briefly:

NO

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

4

If there has been any amendment or breaking-off of said pacts or agreements or concerted actions in the financial year, indicate this expressly:

A.8 Indicate whether any legal or natural person exercises or may exercise control over the company pursuant to article 5 of the Securities Exchange Act. If so, identify them:

NO

A.9 Fill in the following tables regarding the company’s treasury shares:

At financial year-end:

Give details of any significant changes that have occurred during the financial year:

Explain the significant changes

In 2018, four communications regarding treasury shares were sent, as the acquisitions had exceeded the threshold by 1%. The communications were as follows:

A.10 Describe the conditions and term of the current mandate of the General Meeting for the Board of Directors to issue, buy back and transfer treasury shares.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

5

To date, BBVA has not adopted any resolution using this delegated power.

Through the aforementioned delegation, during the 2017 financial year, BBVA made two issuances of contingently convertible perpetual securities (Additional Tier 1 capital instruments), without pre-emptive subscription rights, for amounts of EUR 500 million and USD 1 billion, respectively, and, during the 2018 financial year, an issuance of contingently convertible perpetual securities (Additional Tier 1 capital instruments), without pre-emptive subscription rights, for an amount of EUR 1 billion.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

6

A.11 Estimated floating capital:

Remarks

The BBVA’s estimated floating capital, has been obtained by removing from the share capital, the capital held by the direct and indirect holders of significant shareholdings (Section A.2), the members of the Board of Directors (Section A.3) and the treasury shares (Section A.9), on December 31, 2018, in accordance with the provisions of the instructions established in order to complete the Annual Corporate Governance Report.

A.12 Indicate whether there is any restriction (statutory, legislative or of any other kind) on the transferability of securities and/or any restriction on voting rights. In particular, report the existence of any restrictions that might hinder the takeover of the company through the purchase of its shares on the market, as well as any authorisation or prior communication regimes that are applicable to the purchase or transfer of the company’s financial instruments in accordance with sector legislation.

NO

A.13 Indicate whether the General Meeting has agreed to adopt measures to neutralise a public takeover bid, pursuant to Act 6/2007.

NO

If so, explain the measures approved and the terms under which the restrictions would be rendered effective:

A.14 Indicate whether the company has issued securities that are not traded on a regulated market in the EU.

YES

Where applicable, indicate the different share classes, and what rights and obligations each share class confers.

Indicate the different share classes

All the shares in BBVA’s share capital have the same class and series, and confer the same voting and economic rights. There are no different voting rights for any shareholder. There are no shares that do not represent capital.

The Bank’s shares are admitted for trading on the Securities Exchanges in Madrid, Barcelona, Bilbao and Valencia, through the Spanish electronic trading platform (Continuous Market), and the stock markets in London and Mexico. BBVA American Depositary Shares (ADS) are traded on the New York Stock Exchange.

Additionally, as of 31 December 2018, shares of BBVA Banco Continental, S.A., Banco Provincial S.A., BBVA Colombia, S.A. and BBVA Banco Francés, S.A. were traded on their respective local securities markets and, for the latter entity, on the New York Stock Exchange and in the Latin American securities exchange (LATIBEX) on the Stock Market of Madrid.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

7

B GENERAL SHAREHOLDERS’ MEETING

B.1 Indicate, giving details where applicable, whether there are any deviations from the minimum standards established under the Corporate Enterprises Act (CEA) with respect to the quorum for holding the General Meeting.

YES

Description of the differences

Article 194 of the Corporate Enterprises Act establishes that in order for a General Meeting (whether ordinary or extraordinary) to validly resolve to increase or reduce capital or make any other amendment to the Bylaws, bond issuance, the suppression or limitation of pre-emptive subscription rights over new shares, or the transformation, merger or spin-off of the company or global assignment of assets and liabilities or the offshoring of domicile, the shareholders present and represented on first calling must own at least fifty percent of the subscribed capital with voting rights.

On second calling, twenty-five percent of said capital will be sufficient.

Notwithstanding the foregoing, Article 25 of the BBVA Bylaws requires a super quorum of members representing two thirds of the subscribed capital with voting rights on first calling, and 60% of the subscribed capital on second calling, for the valid adoption of resolutions on the following matters: re-definition of the corporate purpose; the transformation, total spin-off or winding up of the Company; and the modification of the statutory article defining this super quorum.

B.2 Indicate, giving details where applicable, whether there are any deviations from the minimum standards established under the Corporate Enterprises Act (CEA) for the adoption of corporate resolutions:

NO

B.3 Indicate the rules applicable to amendments to the company bylaws. In particular, report the majorities established to amend the bylaws, and the rules, if any, to safeguard shareholders’ rights when amending the bylaws.

Article 30 of the BBVA Company Bylaws establishes that the General Shareholders’ Meeting is empowered to amend the Company Bylaws and to confirm or rectify the manner in which they are interpreted by the Board of Directors.

To such end, the rules established under Articles 285 et seq. of the Corporate Enterprises Act shall apply.

The above paragraph notwithstanding, Article 25 of the BBVA Bylaws establishes that in order to validly adopt resolutions regarding any change to the corporate purpose, transformation, total spin-off or winding up of the Company and amendment of the second paragraph of said Article 25, two-thirds of the subscribed capital with voting rights must attend the General Meeting on first calling, and 60% of said capital on second calling.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

8

As regards the procedure for amending the Bylaws, Article 4.2 c) of Spanish Act 10/2014, of 26 June, on the regulation, supervision and solvency of credit institutions, establishes that the Bank of Spain shall be responsible for authorising the amendments to the bylaws of credit institutions as set out by regulations.

Hence, article 10 of Royal Decree 84/2015, of 13 February, implementing Act 10/2014, stipulates that the Bank of Spain shall have two months to make a decision following receipt of the request for amendment of the Bylaws and that the request must be accompanied by certified minutes recording the agreement, a report substantiating the proposal drawn up by the board of directors and draft new bylaws, identifying the cited amendments.

Notwithstanding the foregoing, Article 10 of Royal Decree 84/2015 also establishes that no prior authorisation from the Bank of Spain is required, though the latter must be notified for the purposes of entry in the Registro de Entidades de Crédito (Spanish register of credit institutions), for amendments with the following purposes:

This communication must be made within fifteen working days following the adoption of the statute amendment resolution.

Finally, to indicate that as a significant entity, BBVA is under the direct supervision of the European Central Bank (ECB) in co-operation with the Bank of Spain under the Single Supervisory Mechanism, so the authorisation of the Bank of Spain mentioned above will be submitted to the ECB, prior to its resolution by the Bank of Spain.

B.4 Give details of attendance at General Shareholders’ Meetings held during the financial year of this report and the previous two financial years:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

9

B.5 Indicate whether there were any items on the agenda that were not approved by shareholders for any reason, for all general meetings that took place in the financial year.

NO

B.6 Indicate if there is any statutory restriction that sets out a minimum number of shares required to attend the General Meeting or vote remotely:

YES

Remarks

Article 23 of the BBVA Bylaws establishes that holders of 500 shares or more may attend ordinary and extraordinary General Shareholders’ Meetings, provided that their shares are registered, at least five days prior to such a meeting, in the corresponding Accounting Register in accordance with the Securities Exchange Act and other applicable provisions.

Holders of fewer shares may group together until they have at least that number, and name a representative.

However, there is no minimum number of shares required to vote remotely. Pursuant to the provisions of Article 8 of BBVA’s Regulations of the General Shareholders’ Meeting, shareholders may vote by proxy, by post, electronically or by any other means of remote communication, provided that the shareholder confirms the identity of the person exercising his or her right to vote. In terms of the constitution of the General Shareholders’ Meeting, shareholders who vote remotely will be counted as present.

B.7 Indicate whether it has been established that certain decisions, other than those set out by law, involving an acquisition, disposal, the allocation of essential assets to another company or a similar corporate transaction, must be submitted to the General Shareholders’ Meeting for approval.

NO

B.8 Indicate the address and means of access through the company website to information on corporate governance and other information on the general meetings that must be made available to shareholders on the company’s website.

Information relating to corporate governance and to the most recent General Shareholders’ Meetings can be accessed via the Banco Bilbao Vizcaya Argentaria, S.A. company website, www.bbva.com, in the Shareholders and Investors — Corporate Governance and Remuneration Policy section.

COMPANY MANAGEMENT STRUCTURE

C.1 Board of directors

C.1.1 Maximum and minimum number of directors established in the bylaws and the number set by the general meeting:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

10

Remarks

In accordance with the provisions of Article 34, Paragraph 2 of the Bylaws, the General Shareholders’ Meeting, held on 16 March 2018, resolved to set the total number of directors on the Board of Directors of Banco Bilbao Vizcaya Argentaria, S.A. at 15.

C.1.2 Fill in the following table on the board members:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

11

Indicate any appointment terminations, as a result of resignation, dismissal or any other reason, that have occurred on the Board of Directors during the reporting period:    

Cause of the termination and other remarks

José Antonio Fernández Rivero stepped down from his position as member of the Board of Directors and from his membership of the Executive Committee and of the other Committees, following the General Shareholders’ Meeting held on 16 March 2018, in which his mandate to serve as a director of the Bank expired.

In implementation of the Succession Plan for the Chairman, as approved by the Board of Directors, Francisco González Rodríguez stepped down from his position as Chairman of the Board of Directors and of the Executive Committee on 21 December 2018, date on which the necessary administrative authorisations were received.

C.1.3 Fill in the following tables on the board members and their directorship type:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

12

EXECUTIVE DIRECTORS

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

13

EXTERNAL PROPRIETARY DIRECTORS

EXTERNAL INDEPENDENT DIRECTORS

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

14

Indicate whether any director considered an independent director is receiving from the company or from its group any amount or benefit under any item that is not the remuneration for his/her directorship, or maintains or has maintained over the last financial year a business relationship with the company or any company in its group, whether in his/her own name or as a significant shareholder, director or senior manager of an entity that maintains or has maintained such a relationship.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

15

Where applicable, include a reasoned statement from the board with the reasons why it deems that this director can perform his/her duties as an independent director.

OTHER EXTERNAL DIRECTORS

Identify all other external directors and explain why these cannot be considered proprietary or independent directors, and detail their relationships with the company, its executives or shareholders:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

16

Indicate any changes that may have occurred during the period in the directorship type of each director:

Remarks

Article 1 of the BBVA’s Regulations of the Board of Directors and Article 529 duodecies of the Spanish Corporate Enterprises Act state that board members that have held their position for a continuous period of more than 12 years may not be considered as independent directors.

Tomás Alfaro Drake was appointed as a member and independent director of the Bank’s Board of Directors at the General Shareholders’ Meeting held in 2006. Therefore, having performed the role of director for a continuous period of more than 12 years, the directorship type for Tomás Alfaro Drake has changed this financial year from independent director to external director.

C.1.4 Fill in the following table with information regarding the number of female directors over the last four financial years and their directorship types:

C.1.5 Indicate whether the company has diversity policies for the company’s board of directors with regard to issues such as age, gender, disabilities, or professional training and experience. In accordance with the definition given in the Spanish Account Auditing Act, small and medium-sized companies will have to report, at a minimum, the policy that they have agreed in regard to gender diversity.

YES

If yes, please outline these diversity policies, their objectives, their measures, the way in which they have been applied and the results thereof in this financial year. Any specific measures adopted by the board of directors and the appointments committee to attain a balanced and diverse representation of directors must also be indicated.

In case the company does not apply a diversity policy, explain the reasons for this

Outline of the policies, their objectives, their measures, the way in which they have been applied and the results thereof

The composition of the Board of Directors is a key element of BBVA’s Corporate Governance System. As such, it must help the Corporate Bodies to adequately perform their management and supervisory functions, providing different viewpoints and opinions, fostering debate, analysis and critical review of the proposals submitted for its consideration, and favouring the consensus required for decision-making.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

17

For this purpose, the BBVA’s Regulations of the Board of Directors establishes as a general principle that directors must meet the suitability requirements to perform their role and they must therefore display a recognised business and professional reputation, have the adequate knowledge and experience to carry out their duties and be in a position to exercise good governance of the Company; that the number of non-executive directors on the Board is greater than the number of executive directors; and that the number of independent directors represents at least a third of the total number of board members.

Similarly, as part of the provisions of the Regulations of the Board of Directors, BBVA has a Policy on the selection, appointment, rotation and diversity of its Board members (hereinafter, the “Policy”), which has been approved by the Board of Directors and details the principles and the specific procedure for selecting, appointing and rotating the Bank’s directors and the requirements for performing the role of BBVA director. The Policy states that the selection, appointment and rotation procedures for the Board of Directors will aim to attain a composition of the Company’s Corporate Bodies that enables the duties assigned by law, Company Bylaws and its own Regulations to be properly carried out in the Company’s best interest.

To this effect, the Policy establishes that the Board of Directors will ensure that these procedures allow the most suitable candidates to be identified at all times, based on the requirements of the Corporate Bodies, and that they favour diversity of experience, knowledge, skills and gender, and, in general, that they do not suffer from implicit biases that may involve any kind of discrimination.

In particular, the Policy states that it will ensure that the selection procedures do not involve discrimination in selecting female directors and that the number of female directors in 2020 will represent at least 30% of the total number of members of the Board of Directors.

Additionally, it sets out that the composition of the Board of Directors will seek to ensure a suitable balance between the different categories of directors, and that the number of non-executive directors is greater than the number of executive directors, and that the number of independent directors accounts for at least 50% of all directors.

The candidates to be put forward as BBVA directors must have suitable skills, experience and qualifications, meet the suitability requirements needed to hold the position and possess the required availability and dedication to carry out their duties. They must also be able to comply with the requirements set out in the Regulations of the Board of Directors in terms of suitable performance of director duties, in particular those related to due diligence and loyalty, avoiding conflicts of interest and complying with the required rules for position incompatibility and limitations for BBVA directors.

To ensure suitable composition of the Board at all times, in accordance with the provisions of the Regulations of the Board and the Policy, and in order to achieve the targets established in the Policy regarding the needs of the Corporate Bodies and the most suitable people for membership of such at all times, the Bank undertakes an ordered rotation process of its Corporate Bodies, based on suitable planning of member rotation.

This process begins with a periodic analysis by the BBVA Appointments Committee of: (i) the structure, size and composition of the Board; (ii) its adaptation to the needs of the Corporate Bodies; and (iii) the existing knowledge, skills and experience. This allows the Committee to identify and assess possible changes deemed necessary or advisable to the composition of the Corporate Bodies and to begin, when it deems appropriate, the identification and selection processes of candidates to be proposed to the General Shareholders’ Meeting as new members of the Bank’s Board of Directors. During this rotation process of the Board composition, the Appointments Committee also ensures the promotion of diversity—both in gender (with the target of having 30% female directors in 2020) and experience, knowledge and skills—in the director selection process, in line with the Policy.

Continue in section H of this Report.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

18

C.1.6 Explain the measures, if any, agreed by the appointments committee to ensure that the selection procedures are not implicitly biased in such a way that hinders the selection of female directors, and that the company is making a conscious effort to include women who match the professional profile sought among potential candidates, in order to provide for a balanced representation of men and women:

Explanation of the measures

The General Shareholders’ Meeting is responsible for appointing members of the Board of Directors, in accordance with Article 2 of the Regulations of the Board; however, if a seat falls vacant, the Board has the authority to co-opt members. Thus, the Appointments Committee’s focus is to assist the Board of Directors in matters relating to the selection and appointment of directors and, in particular, to submit to the Board of Directors proposals for the appointment, re-appointment or removal of independent directors and to report on the proposals for the appointment, re-appointment or removal of all other directors.

To this end, Article 33 of the Regulations of the Board of Directors establishes that the Appointments Committee will evaluate the balance of knowledge, skills and experience on the Board of Directors, as well as the conditions that the candidates must meet to cover the vacancies that arise, evaluating the dedication of time considered necessary so that they can adequately carry out their duties, based on the needs that the Company’s governing bodies have at all times. The Committee will ensure that, in line with the principles set out in BBVA’s Regulations of the Board of Directors, when filling new vacancies, the selection procedures are not implicitly biased in such a way that involves any kind of discrimination or, in particular, hinders the selection of female directors, trying to ensure that women who match the professional profile sought are included among potential candidates.

Furthermore, BBVA has established a selection policy for directors that states that selection, appointment and rotation procedures for the Board of Directors will aim to attain a composition of the Company’s Corporate Bodies that enables the duties assigned by law, Company Bylaws and its own Regulations to be properly carried out in the Company’s best interest. To this effect, the Board of Directors will ensure that these procedures allow the most suitable candidates to be identified at all times, based on the requirements of the Corporate Bodies, and that they favour diversity of experience, knowledge, skills and gender, and, in general, that they do not suffer from implicit biases that may involve any kind of discrimination.

In particular, it will ensure that the selection procedures do not involve discrimination in selecting female directors and that the number of female directors in 2020 will represent at least 30% of the total number of members of the Board of Directors. Additionally, it sets out that the composition of the Board will seek to ensure a suitable balance between the different categories of directors, and that the number of non-executive directors is greater than the number of executive directors.

In order to ensure the suitable composition of the Board of Directors at all times, its structure, size and composition is periodically analysed, setting out the corresponding candidate identification and selection processes to be put forward, where applicable, as new members of the Board of Directors, where deemed necessary or advisable. This analysis process also considers the composition of the different Board Committees that assist this Corporate Body in the performance of its duties and which constitute an essential element of BBVA’s corporate governance.

In these selection processes carried out by the Appointments Committee, it has the support of prestigious consultants in selecting independent directors internationally, who carry out an independent search for potential candidates that meet the profile defined in each case by the Appointments Committee.

During these processes, the external expert was expressly requested to include women with the suitable profile among the candidates to be presented, and the Committee analysed the personal and professional profiles of all candidates presented on the basis of the information provided by the consultancy firm used, based on the needs of the Bank’s Corporate Bodies at all times. The skills, knowledge and expertise needed to be a Bank director were assessed and the rules on incompatibilities and conflicts of interest were taken into account, as well as the dedication deemed necessary to be able to carry out the duties.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

19

Thus, following the selection process undertaken by the Appointments Committee and the resolutions adopted by the 2018 General Shareholders’ Meeting, a woman was appointed to the Board of Directors during the 2018 financial year, as an independent director.

BBVA therefore currently has four women in its Board of Directors, accounting for 26.67% of its members. One of these is also a member of the Bank’s Executive Committee.

When, despite the measures, if any, that have been adopted, there are few or no female directors, explain the reasons:

C.1.7 Explain the conclusions of the appointments committee regarding verification of compliance with the board member selection policy. In particular, explain how this policy is promoting the goal for 2020 of having at least 30% of total number of board places occupied by female directors.

Over the course of the financial year, the Appointments Committee has continuously analysed the structure, size and composition of the Board of Directors and the principles and targets established by the Bank’s director selection policy, which are set out in sections C.1.5 and C.1.6 above, all this in line with the needs of the Corporate Bodies at all times, as well as the reality of the Group’s structure and businesses, regulatory requirements and market best practices.

With regard to the suitability requirements needed to hold the position, specifically those for business and professional reputation, suitable knowledge and experience to perform the duties and ability to exercise good governance of the Company, all of which are set out in the selection policy, the Appointments Committee considered that the Board of Directors, as a whole, has a suitable balance in its composition and suitable knowledge of the Bank’s and the Group’s environment, activities, strategies and risks, helping it to better perform its functions.

It also considered that Bank directors have the required reputation to fulfil the role, the skills required and the availability to dedicate the time required to perform the duties assigned to them.

Regarding the selection, appointment and rotation procedures for the Board of Directors, which aim to attain a composition of the Company’s Corporate Bodies that enables the duties assigned to them to be properly carried out in the Company’s best interest, the Appointments Committee has deemed it appropriate, over the course of the financial year, to continue the continuous rotation process of the Board of Directors, aimed at achieving a composition that integrates directors with experience and knowledge of the financial and banking sector and of the Group’s culture and businesses, thus gradually recruiting people with different professional profiles and experience to improve the diversity of its Corporate Bodies.

The Committee therefore endeavours to ensure that the selection, appointment and rotation procedures allow the most suitable candidates to be identified at all times, based on the needs of the Corporate Bodies, that they favour diversity of experience, knowledge, skills and gender and that, in general, do not suffer from implicit biases that may involve any kind of discrimination, for which purpose it has had help selecting directors from a leading international independent consultancy firm.

The Committee also encourages the recruitment of new members to the Board who are able to fulfil or maintain the targets set out in the selection policy, while ensuring that the selection processes are carried out to the highest degree of professionalism and independence.

In addition, the Committee has analysed and considered, prior to the proposals for the appointment and re-appointment of directors, which were submitted to the 2018 General Shareholders’ Meeting, the terms of the selection policy requiring that, by 2020, the number of female directors represents at least 30% of the total number of members of the Board of Directors, that the number of non-executive directors is greater than the number of executive directors, and also requiring that the number of independent directors accounts for at least 50% of all directors.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

20

Thus, following the resolutions approved by the 2018 General Shareholders’ Meeting, the number of female directors has increased to a total of 4, which is 26.67% of all directors (15) and close to the target set by the selection policy for this number to reach at least 30% by 2020; the number of non-executive directors represents a majority on the Board (80%); and the number of independent directors remains at least 50% of the total, in line with the provisions set out in the aforementioned selection policy.

Similarly, for the purposes of the proposals for the appointment and re-appointment of directors that will be submitted to the 2019 General Shareholders’ Meeting, the Committee has again analysed the size, structure and composition of the Board, keeping in mind the succession plans approved by the Board, and the appointment of a new Group Executive Chairman and Chief Executive Officer, the provisions of the Regulations of the Board of Directors and the Bank’s selection policy, to ensure that these are the most suitable at all times, considering the circumstances and changes that may arise within the Bank, its Corporate Bodies and its environment.

The 2019 General Shareholders’ Meeting is therefore expected to approve the corresponding proposals for the appointment and re-appointment of directors, which would ensure that the number of non-executive directors would continue to represent a majority on the Board (80%), the percentage of female directors—26% of the total Board members (15)—would remain close to the target of 30% for 2020 and the number of independent directors would remain at at least 50%, in line with the selection policy, as well as with the international profile of the Bank’s Corporate Bodies.

Thus, in accordance with the conclusions reached by the Appointments Committee, BBVA’s Corporate Bodies maintain a structure, size and composition according to their needs and that enable optimal performance of the Bank’s duties and, as in recent financial years, with a structure in which non-executive directors represent an ample majority on the Board and at least half of its directors are independent directors, in line with the Regulations of the Board of Directors and the Board of Directors’ Policy on selection, appointment, rotation and diversity.

C.1.8 Where applicable, explain why proprietary directors have been appointed at the behest of a shareholder whose holding is less than 3% of the capital:

Indicate whether formal petitions have been ignored for presence on the board from shareholders whose holding is equal to or greater than that of others at whose behest proprietary directors were appointed. Where applicable, explain why these petitions were ignored:

NO

C.1.9 Where applicable, indicate the powers and faculties delegated by the board of directors to directors or to board committees:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

21

C.1.10 Where applicable, identify any members of the board holding positions as directors, representatives of directors or executives in other companies that belong to the listed company’s group:

C.1.11 Where applicable, provide details of the directors (or of the representatives of juridical persons) of the company who are members of the board of directors (or representatives of juridical persons) of other entities that are publicly listed on the Spanish stock markets that are external to the company’s group, of which the company has been informed:

C.1.12 Indicate and, where applicable, explain whether the company has any agreed rules on the maximum number of company boards on which its directors may sit, detailing, where applicable, where such rules have been set out:

YES

Explanation of the rules and where they are set out

Article 11 of the Regulations of the Board of Directors establishes that, in the performance of their duties, directors will be subject to the rules on limitations and incompatibilities established under the applicable regulations at any time, and in particular, to the provisions of Act 10/2014 on the regulation, supervision and solvency of credit institutions.

Article 26 of Act 10/2014 stipulates that the directors of credit institutions may not simultaneously hold more positions than those provided for in the following combinations: (i) one executive position in addition

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

22

to two non-executive positions; or (ii) four non-executive positions. Executive positions are understood as those performing management duties irrespective of the legal bond attributed by those duties. The following will count as a single position: 1) executive or non-executive positions held within the same group; 2) executive or non-executive positions held within: (i) entities that form part of the same institutional protection system or (ii) trading companies in which the entity holds a significant shareholding. The positions held in non-profit organisations or entities, or those pursuing non-commercial purposes will not count when determining the maximum number of positions. Nevertheless, the Bank of Spain may authorise members of the Board of Directors to hold an additional non-executive position if it deems that this would not interfere with the correct performance of the activities thereof in the credit institution.

In addition, pursuant to the provisions of Article 11 of BBVA’s Regulations of the Board of Directors, directors may not:

Non-executive directors may hold director positions in the companies in which the Bank or any of its Group companies hold an interest provided that the position is not related to the Group’s holding in such companies and with prior approval from the Bank’s Board of Directors. For these purposes, the shareholdings of the Bank or its Group of companies resulting from its ordinary activities of business management, asset management, treasury, derivative hedging and other transactions will not be taken into account.

C.1.13 Indicate the amounts of the following headings relating to the total remuneration of the board of directors:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

23

Remarks

The remuneration included under “Remuneration of the board of directors accrued during the financial year” includes, among others, the Initial Portion of the Annual Variable Remuneration for the year 2018, in cash and in shares, and the Deferred Part of the Annual Variable Remuneration for 2015, both in cash and in shares, together with its update, of the executive directors, whose amounts have been determined in 2019. As of the date of this report, none of these remunerations have been paid.

C.1.14 Identify members of senior management who are not in turn executive directors, and indicate the total remuneration accrued to them throughout the financial year:

C.1.15 Indicate whether there have been any amendments to the board regulations throughout the financial year:

NO

C.1.16 Indicate the procedures for the selection, appointment, re-appointment and removal of directors. Provide details of the competent bodies, the procedures to be followed and the criteria to be used in each procedure.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

24

Selection, appointment and re-appointment procedure:

BBVA has established a policy on the selection, appointment, rotation and diversity of its Board members, which was approved by the Board itself and which establishes the general principles applicable to the selection and appointment of directors, as previously set out in section C.1.5 of this report. Additionally, Articles 2 and 3 of the Regulations of the Board of Directors establish that the General Shareholders’ Meeting is responsible for appointing members of the Board, notwithstanding the Board’s capacity to co-opt members in the event of any vacancy. In any event, persons proposed to be appointed as directors must meet the requirements set out in current legislation, in the specific regulations applicable to credit institutions and in the Bylaws. In particular, directors must meet the suitability requirements needed to hold the position and must display a recognised business and professional reputation, have the adequate knowledge and experience to carry out their duties and be in a position to exercise good governance of the Company.

The Board will ensure that the director selection procedures favour the diversity of experience, knowledge, skills and gender and, in general, do not suffer from implicit biases that may involve any kind of discrimination. The Board will also file its proposals with the General Shareholders’ Meeting, ensuring that the number of non-executive directors is greater than the number of executive directors in its composition. The proposals for appointment or re-appointment of directors submitted by the Board of Directors to the General Shareholders’ Meeting, as well as the appointments made directly to fill vacancies under its co-opting powers, will be approved at the proposal of the Appointments Committee for independent directors and subject to a report from this Committee for all other directors. In each case, the proposal must be accompanied by an explanatory report by the Board detailing the skills, experience and merits of the candidate proposed, which will be added to the minutes of the General Shareholders’ Meeting or the Board of Directors meeting. The Board’s resolutions and deliberations on these matters will take place in the absence of the director whose re-appointment is proposed.

To this end, the Regulations of the Board establishes that the Appointments Committee will evaluate the balance of knowledge, skills and experience on the Board of Directors, as well as the conditions that the candidates must meet to cover the vacancies that arise, evaluating the dedication of time considered necessary so that they can adequately carry out their duties, based on the needs that the Company’s governing bodies have at all times. The Committee will ensure that, when filling new vacancies, the selection procedures are not implicitly biased in such a way that involves any kind of discrimination or, in particular, hinders the selection of female directors, trying to ensure that women who match the professional profile sought are included among potential candidates.

The directors will hold their position for the period of time set out in the Bylaws or, when they have been co-opted, until the first General Shareholders’ Meeting.

Duration of mandate and termination:

Directors will resign from their post when the term for which they were appointed has expired, unless they are re-elected.

Directors must also inform the Board of any circumstances that may affect them and harm the company’s standing and reputation, and any circumstances that may have an impact on their suitability to perform their role. Directors must offer their resignation to the Board and accept the Board’s decision regarding their continuity in office. Should the Board decide against their continuity, they are required to tender their resignation, in the circumstances listed in section C.1.19 below. In any event, directors will resign from their posts upon reaching 75 years of age, and must submit their resignation at the first meeting of the Bank’s Board of Directors to be held after the General Shareholders’ Meeting approving the accounts for the financial year in which they reach said age.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

25

C.1.17 Explain the extent to which the annual evaluation of the board has led to significant changes in its internal organisation and in the procedures applicable to its activities:

Description of the amendments

Article 17 of the Regulations of the Board of Directors states that the Board will assess the quality and efficiency of operation of the Board of Directors, based on the report submitted by the Appointments Committee in 2018. Several changes (indicated below) were made as a result of this report, similar to in previous years, as part of the ongoing process of adapting BBVA’s corporate governance system within the environment in which it carries on its activities to regulatory requirements and best practices.

The Bank has therefore been analysing areas for improvement, and implemented various measures over the course of the 2018 financial year to continue developing its corporate governance system and practices, which include: (i) appointing three new directors, which directly contributed to achieving the targets established in the Board of Directors selection, appointment, rotation and diversity policy, whilst maintaining a number of independent directors to make up at least 50% of the total number of directors, as well as increasing the percentage of women on the Board, and increasing the number of directors who have knowledge and experience of matters relating to banking and regulation and supervision of the financial sector, knowledge of the technology field, and of the international profile of Corporate Bodies; (ii) the Board of Directors’ approval of the succession plans for the Chairman of the Board of Directors and the Chief Executive Officer, thereby allowing an orderly and well-prepared transition in order to facilitate the Bank’s transformation process, and the subsequent appointment of Carlos Torres Vila as Chairman of the Board of Directors and Onur Genç as Chief Executive Officer; (iii) reinforcing the separation of roles and responsibilities of the Chairman of the Board of Directors and the Chief Executive Officer, and the independence of some of the Group’s control functions, in addition to the Board of Directors’ approval of a new organisational structure as a result of such changes; (iv) evaluating the Bank’s corporate governance system in greater depth, through a specific analysis conducted by a leading international independent expert; (v) improving the decision-making process of the Corporate Bodies, which examines the involvement of the Board’s Committees and the interactions between the various Corporate Bodies, providing a process of analysis and review of relevant matters for consideration by the Corporate Bodies for the financial year, and an analysis and critical review by directors of the proposals submitted for their consideration; and (vi) continuously improving the Corporate Bodies’ informational model, allowing decisions to be made on the basis of sufficient, complete, adequate and consistent information, whilst also facilitating adequate supervision by management.

Describe the evaluation process and the evaluated areas conducted by the board of directors assisted, where applicable, by an external consultant, regarding the functioning and composition of the board, its committees and any other area or aspect that was evaluated.

Description of the evaluation process and the areas evaluated

In accordance with article 17 of the Regulations of the Board of Directors the Board assesses the quality and efficiency of operation of the Board of Directors, based on the report submitted by the Appointments Committee. Also, the Board assesses the operation of its Committees, based on the report submitted by them.

During the evaluation process conducted for the 2018 financial year, the Board of Directors evaluated: (i) the quality and efficiency of operation of the Board of Directors and the Executive Committee; (ii) the performance of the different roles of the Board of Directors; and (iii) the operation of the Committees of the Board of Directors; as detailed below.

The procedure for conducting these evaluations was as follows:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

26

In addition, with regard to the 2018 financial year, the Appointments Committee deemed it appropriate that the evaluation process be aided by an independent expert of international prestige, complying with Recommendation 36 of the Good Governance Code of Listed Companies an in-depth analysis and evaluation of the Bank’s corporate governance structures, thereby identifying potential areas for improvement to the Bank’s corporate governance and, where appropriate, specific measures that may be implemented in order to better perform its functions. This task was entrusted to and performed by US firm, Promontory Financial Group, which presented its findings report to the Appointments Committee and the Board of Directors.

Continue in section H of this Report.

C.1.18 Provide a breakdown of any business relations that the consultant or any company of the group still has with the company or any group company, for those financial years in which an external consultant provided assistance for the evaluation.

The external consultant who has assisted in the evaluation process of the Board of Directors has intervened throughout the year in the provision of other consulting services for the Company, without any knowledge of significant business relationships between the Company and the external consultant or any other company of its group.

C.1.19 Indicate the circumstances under which directors are obliged to resign.

In addition to the circumstances established in applicable law, directors will resign from their post when the term for which they were appointed expires, unless they are re-appointed.

Accordingly, as set forth in Article 12 of the Regulations of the Board of Directors, directors must offer their resignation to the Board of Directors and accept the Board’s decision regarding their continuity in office. Should the Board decide against their continuity, they are required to tender their resignation, in the following circumstances:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

27

C.1.20 Are supermajorities, other than those provided for in law, required for any type of decision?

NO

Where applicable, describe the differences.

C.1.21 Explain whether there are specific requirements, other than those relating to directors, to be appointed chair of the board of directors.

NO

C.1.22 Indicate whether the bylaws or the board regulations establish an age limit for directors:

YES

Remarks

As stipulated in BBVA’s Regulations of the Board of Directors, directors will resign from their posts, in any event, upon reaching 75 years of age, and must submit their resignation at the first meeting of the Bank’s Board of Directors to be held after the General Shareholders’ Meeting approving the accounts for the year in which they reach said age.

C.1.23 Indicate whether the bylaws or board regulations establish a limited mandate or other stricter requirements, in addition to those provided for in law, for independent directors:

NO

C.1.24 Indicate whether the bylaws or the regulations of the board of directors establish specific rules for proxy voting within the board of directors, how this is carried out and, in particular, the maximum number of proxies that a director may have and whether there are any limits on the types that may be delegated, beyond the limitations provided for in law. Where applicable, provide a brief description of these rules.

Article 6 of the BBVA Regulations of the Board of Directors establishes that directors are required to attend meetings of the Corporate Bodies and meetings of the Board Committees on which they sit, except for a justifiable reason. Directors will participate in the deliberations, discussions and debates on matters submitted for their consideration.

However, as set forth in Article 21 of the Regulations of the Board of Directors, should it not be possible for directors to attend any of the meetings of the Board of Directors, they may grant proxy to another director to represent and vote in their place. This may be done by a letter or email sent to the Company with the information required for the proxy director to be able to follow the absent director’s instructions. Applicable legislation states, however, that non-executive directors may only grant proxy to another non-executive director.

C.1.25 Indicate the number of meetings that the board of directors has held during the financial year. Where applicable, indicate how many times the board has met without the chair in attendance. In calculating this number, proxies granted with specific instructions will be counted as attendances.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

28

Indicate how many meetings were held by the lead director with the other board members, without any executive director being in attendance or represented:

Remarks

BBVA’s Board of Directors has a Lead Director who performs the duties set forth in applicable legislation, as well as those stipulated by Article 5 ter of the Regulations of the Board of Directors. With regards to the assigned duties, over the course of the financial year, the Lead Director has maintained ongoing contact, meetings and conversations with other directors at the Bank in order to seek their opinions on corporate governance and operation of the Bank’s Corporate Bodies, for the purpose of facilitating their evolution and the proper performance of their duties, for which he has maintained during the financial year 2018 a total of 12 meetings.

Moreover, the Lead Director holds the role of Chairman of the Board’s Audit and Compliance Committee and Appointments Committee, as well as is member of the Risk Committee, all of which are composed of non-executive directors and, in the case of the Audit and Compliance Committee, of independent directors. Thus, performing these roles allowed him, in compliance with the assigned duties, to maintain 43 periodic meetings with the Bank’s non-executive directors on occasion of the meetings of these Committees.

Indicate how many meetings of the board’s different committees were held during the financial year:

C.1.26 Indicate how many meetings were held by the board of directors throughout the financial year and provide details on the attendance of its members:

Remarks

The Board of Directors holds monthly ordinary meetings in accordance with the annual meeting schedule drawn up before the beginning of the financial year, and extraordinary meetings as often as deemed necessary. The Board of Directors therefore held 13 meetings throughout the 2018 financial year. The directors either attended or were represented at all of the Board’s meetings.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

29

C.1.27 Indicate whether the individual or consolidated annual financial statements that are presented to the board for approval are certified beforehand:

NO

Where appropriate, identify the person(s) who has/have certified the company’s individual and consolidated annual financial statements for board approval:

C.1.28 Explain the mechanisms, if any, established by the board of directors to prevent the individual and consolidated statements from being presented at the general meeting with a qualified auditors’ report.

Article 29 of BBVA’s Regulations of the Board of Directors establishes that the Audit and Compliance Committee will exclusively comprise independent directors tasked with assisting the Board of Directors in overseeing the Group’s financial information and discharge of its control function. Accordingly, the following duties are within its remit: to oversee the effectiveness of the Company’s internal control system, internal audit area and risk management systems in the process of preparing and reporting financial information, including tax-related risks, and to discuss with the external auditor any significant weaknesses detected in the internal control system during the audit, without undermining its independence, and to oversee the process of preparing and reporting financial information. To this end, the Audit and Compliance Committee may submit recommendations or proposals to the Board of Directors.

Moreover, Article 3 of the Audit and Compliance Committee Regulations establishes that the Committee will check at appropriate intervals that the external audit schedule is being conducted under the agreed conditions, and that it meets the requirements of the competent authorities and of the Bank’s governing bodies. The Committee will also periodically—at least once a year—request from the external auditor an evaluation of the quality of the internal control procedures regarding the preparation and reporting of Group financial information.

The Committee shall be apprised of any relevant infringements, situations requiring adjustments, or anomalies that may be detected during the course of the external audit. Relevant in this context signifies those issues that, in isolation or as a whole, may give rise to a significant and substantive impact or harm to assets, earnings or the reputation of the Group; discernment of such matters shall be at the discretion of the auditor who, if in doubt, must opt to report on them.

In the performance of these duties, the Audit and Compliance Committee maintains direct and ongoing contact with the heads of the external auditor through monthly meetings it has attended without the presence of executives. At these meetings, the Committee provides detailed information on its activity and the corresponding results to the heads of the external auditor, which has enabled the Committee to continuously monitor its work, ensuring that this is performed under the best conditions and without interference from management.

C.1.29 Is the secretary of the board a director?

NO

If the secretary is not a director, complete the following table:

C.1.30 Indicate the specific mechanisms established by the company to preserve the independence of the external auditors, and, if any, the mechanisms to preserve the independence of financial analysts, investment banks and rating agencies, including how legal measures have been implemented in practice.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

30

As set forth in BBVA’s Audit and Compliance Committee Regulations, one of the Committee’s duties, described in section C.2.1, is to ensure the independence of the external auditor through a dual approach:

This matter comes under particular focus at the Audit and Compliance Committee’s monthly meetings with representatives of the external auditor. These meetings take place without the presence of Bank executives, to check the progress and quality of the external auditor’s work in detail and confirm its independence in the performance of its tasks. The Committee also oversees the engagement of additional services to ensure compliance with the provisions of the Committee Regulations and applicable legislation and thus the independence of the auditor.

Moreover, in accordance with the provisions of point f), section 4 of Article 529 quaterdecies of the Spanish Corporate Enterprises Act and Article 30 of the BBVA Regulations of the Board of Directors, the Audit and Compliance Committee must issue, each year, before the audit report is issued, a report expressing its opinion regarding the independence of the external auditor.

This report must, under all circumstances, contain a reasoned assessment of any kind of additional services provided by the auditors to the Group’s entities, considered individually and as a whole, over and above the legal audit and in relation to the regime of independence or the rules governing account auditing. Each year, the external auditor must issue a report confirming its independence via-à-vis BBVA or entities linked to BBVA, either directly or indirectly, with detailed and itemised information on any kind of additional services provided to these entities by the external auditor, or by the individuals or entities linked to it, as set out in the consolidated text of the Spanish Account Auditing Act.

In compliance with the legislation in force, the relevant reports from the external auditor and the Audit and Compliance Committee confirming the external auditor’s independence were issued in 2018.

In addition, as BBVA’s shares are listed on the New York Stock Exchange, it is subject to compliance with the Sarbanes Oxley Act and its implementing regulations.

BBVA has in place a policy for communication and interaction with shareholders and investors that has been adopted by the Board of Directors. The policy is guided by the principle of equal treatment for all shareholders and investors, who are in the same position as to information, involvement and the exercise of their rights as shareholders and investors, inter alia.

Moreover, the principles and channels set out in the policy for communication and interaction with shareholders and investors govern, where applicable, BBVA relations with other stakeholders, such as financial analysts, Bank share management firms and depository institutions, and proxy advisors, among others.

C.1.31 Indicate whether the company has changed its external auditor during the financial year. If so, identify the incoming and outgoing auditors:

NO

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

31

If there were any disagreements with the outgoing auditor, explain these disagreements:

NO

C.1.32 Indicate whether the auditing firm does any other work for the company and/or its group other than the audit. If so, declare the amount of fees received for such work and the percentage that these fees represent of the total fees billed to the company and/or its group:

YES

C.1.33 Indicate whether the audit report of the annual financial statements for the previous financial year contained reservations or qualifications. If so, indicate the reasons given by the chair of the audit committee to the shareholders at the general meeting to explain the content and scope of such reservations or qualifications.

NO

C.1.34 Indicate the number of consecutive financial years during which the current audit firm has been auditing the annual financial statements for the company and/or its group. Likewise, indicate the total number of financial years audited by the current audit firm as a percentage of the total number of years in which the annual financial statements have been audited:

C.1.35 Indicate and, where applicable, provide details of a procedure for directors to obtain the information they need to prepare meetings of the management bodies with sufficient time:

YES

Details of the procedure

As set forth in Article 6 of the Regulations of the Board of Directors, directors will be provided in advance with the information needed to form an opinion with respect to the matters within the remit of the Bank’s Corporate Bodies, and may ask for any additional information and advice required to perform their duties. They may also ask the Board of Directors for external expert help for any matters put to their consideration whose special complexity or importance so requires.

These rights will be exercised through the Chairman or Secretary of the Board of Directors, who will attend to requests by providing the information directly or by establishing suitable arrangements within the organisation for this purpose, unless a specific procedure has been established in the regulations governing the Board Committees.

Furthermore, as set forth in Article 24 of the Regulations of the Board of Directors, the directors will be provided with such information or clarifications as deemed necessary or appropriate with regard to the matters to be discussed at the meeting, either before or after the meetings are held.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

32

Similarly, BBVA has in place an informational model to allow decisions to be made on the basis of sufficient, complete and consistent information, and, also, to facilitate appropriate oversight of performance.

Thus, the Bank’s Corporate Bodies have a procedure for verifying the information that is submitted to them for consideration, co-ordinated by the Board Secretariat with the areas responsible for information, through the Governing Bodies’ Information Department, in order to provide directors with sufficient, adequate and complete information in time for the meetings of the Bank’s various Corporate Bodies in order to enable directors to best perform their duties. Prior to such meetings, information is made available to the Bank’s Corporate Bodies via an online system, to which all members of the Board of Directors have access, thereby ensuring its availability.

C.1.36 Indicate and, where applicable, provide details of whether the company has set out rules that require directors to inform and, where applicable, resign under circumstances that may prejudice the company’s standing and reputation:

YES

Explanation of the rules

As set forth in Article 12 of the Regulations of the Board of Directors, directors must also inform the Board of Directors of any circumstances that may affect them and harm the company’s standing and reputation, and any circumstances that may have an impact on their suitability to perform their role.

Directors must offer their resignation to the Board of Directors and accept its decision regarding their continuity in office. Should the Board decide against their continuity, they are required to tender their resignation when, for reasons attributable to the directors in their condition as such, serious damage has been done to the Company’s net worth, standing or reputation or when they are no longer suitable to hold the status of director at the Bank.

C.1.37 Indicate whether any member of the board of directors has informed the company that he/she has been accused or ordered to stand trial for any offences stated in Article 213 of the Spanish Corporate Enterprises Act:

NO

Indicate whether the board of directors has examined the case. If so, explain the grounds for the decision taken as to whether or not the director should retain his/her directorship or, where applicable, describe the actions taken or that are intended to be taken by the board of directors on the date of this report.

C.1.38 Detail any significant agreements reached by the company that come into force, are amended or concluded in the event of a change in the control of the company stemming from a public takeover bid, and its effects.

The company has not reached significant agreements that come into force, are amended or concluded in the event of a change in the control of the company stemming from a public takeover bid.

C.1.39 Identify on an individual basis, when referring to directors, and in aggregate form for all other cases, and indicate in detail any agreements between the company and its directors, managers or employees that have guarantee or ring-fencing severance clauses for when such persons resign or are wrongfully dismissed or if the contractual relationship comes to an end owing to a public takeover bid or other kinds of transactions.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

33

Indicate whether, in addition to the circumstances provided for in law, the bodies of the company or of its group must be notified of and/or approve these contracts. If so, specify the procedures, the circumstances provided for and the nature of the bodies responsible for approval or notification:

Remarks

The Board of Directors adopts the resolutions relating to the basic contractual conditions for members of Senior Management, pursuant to the provisions of Article 17 of the Regulations of the Board of Directors, hereby notified to the General Shareholders’ Meeting through this Report and through the information contained in the Annual Financial Statements, but does not approve the conditions applicable to other employees.

C.2 Committees of the board of directors

C.2.1 Detail all of the committees of the Board of Directors, their members and the proportion of executive, proprietary, independent and other external directors sitting thereon:

EXECUTIVE COMMITTEE

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

34

Explain the duties that have been delegated or assigned to this committee, other than those that have already been described in section C.1.10, and describe both the procedures and organisational and operational rules of the committee. For each of these duties, indicate its most significant actions during the financial year and how it has, in practice, exercised each of the duties attributed to it, whether in law, in the bylaws or in other corporate resolutions.

Pursuant to Article 27 of BBVA’s Regulations of the Board of Directors, the Executive Committee shall be made aware of matters delegated by the Board of Directors, in accordance with the legislation currently in force, the Bylaws or the Regulations of the Board.

The functions of the Executive Committee include assisting the Board of Directors in its general supervisory role, in particular, in supervising the progress of the business and monitoring the risks to which the Bank is, or may be, exposed, as well as in decision-making on matters that fall within the scope of powers attributed to the Board of Directors, provided that they do not constitute non-delegable powers under current legislation, Bylaws or Regulations of the Board.

Accordingly, prior to it being presented to the Board of Directors, the Committee was granted powers for monitoring the Group’s activities and results; the strategic plan, budget, and investment policy and financing; general policies to be adopted by the Board; as well as analysing and monitoring the evolution of the Group’s main risks, among other matters.

Similarly, it has been granted decision-making powers for investments and divestments, except for their amount and strategic nature, which are within the Board’s remit; powers to approve corporate policies and determine exposure limits for each type of risk; appoint and/or re-appoint administrators in investee companies, as well as the authority to grant powers.

With respect to the Committee’s most significant actions during the 2018 financial year, particularly noteworthy were: the analysis and monitoring of the annual, half-yearly and quarterly results of the Bank and its Group, the monthly performance of the Group’s activities and results, as well as its business areas; the monitoring and analysis of the proposals submitted by the Bank’s executive areas prior to their submission for the Board’s consideration, in order for it to consider the various strategic and prospective documents prepared annually by the Group, including: the Risk Appetite Framework, annual budget, self-assessment reports on the Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Adequacy Assessment Process (ILAAP) and recovery plan, with due monitoring of any changes to these types of documents and to the Group’s strategic plan and annual budget for the financial year.

In the same vein, the Committee oversaw the management of the main risks affecting the Group, in particular, aspects related to changes in the macroeconomic environment and other factors that impacted the Group’s management and activities over the course of the financial year; the results of main competitors, as well as any developments in BBVA share prices.

It also analysed corporate transactions within its remit, as well as other matters or projects arising from the day-to-day management of the businesses; supervised and approved new corporate policies on various subjects and modifications to them, as applicable, mainly in relation to risks.

Lastly, particularly noteworthy is the information received over the course of the financial year about the most salient aspects of the engagement policy that BBVA has in place in relation to corporate governance with institutional investors and its road show results over the course of the financial year; about the most relevant aspects of legislative and regulatory developments affecting financial institutions, as well as the Group’s authorisation to appoint administrators in subsidiaries or investee companies, and the granting of powers vested in it.

With regards to the Committee’s rules of organisation and operation, Article 28 of the Regulations of the Board of Directors establishes that the Executive Committee will meet on the dates indicated in the annual meeting schedule and at the request of the Chair or acting Chair.

All other aspects of its organisation and operation will be subject to the provisions established for the Board of Directors by the Regulations of the Board of Directors. Once the Executive Committee meeting minutes have been approved, they will be signed by the meeting’s secretary and countersigned by whoever chaired the meeting.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

35

AUDIT AND COMPLIANCE COMMITTEE

Explain the duties assigned to this committee, including, where appropriate, any that are in addition to those provided for by law, and describe both the procedures and organisational and operational rules of the committee. For each of these duties, indicate its most significant actions during the financial year and how it has, in practice, exercised each of the duties attributed to it, whether in law, in the bylaws or in other corporate resolutions.

As set forth in Article 30 of the Regulations of the Board of Directors, the duties entrusted to the Audit and Compliance Committee include the following:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

36

With regards to organisational and operational rules, Article 31 of the Regulations of the Board of Directors states that the Audit and Compliance Committee will meet as often as required to fulfil its functions, although an annual meeting schedule will be drawn up in line with its duties.

The meetings may also be attended by the executives to whom the Accounting, Internal Audit and Compliance departments report, and at the proposal of these executives, by such other employees in those areas with knowledge of or responsibility for the matters on the agenda. However, only the Committee members and the Secretary will be present when the results and conclusions of the meeting are assessed.

The Committee may engage external advisory services for relevant issues when it considers that these cannot be properly provided by experts or technical staff within the Group on grounds of specialisation or independence. The usual channel for a request of this nature will be through the reporting lines of the Company. However, in exceptional cases the request may be notified directly to the person in question.

For all other matters, the system for convening meetings, setting quorums, passing resolutions, drafting minutes and other details of its operation will be in accordance with the provisions established in the Regulations of the Board of Directors for the Board of Directors insofar as they are applicable, and with that established in the specific Regulations of this Committee.

The most important actions carried out by the Audit and Compliance Committee in the 2018 financial year are detailed in section H of this Report.

Identify the directors who are members of the audit committee and have been appointed on the basis of knowledge and experience of accounting or auditing, or both, and give the appointment date of the chair of this committee to the post.

APPOINTMENTS COMMITTEE

Explain the duties assigned to this committee, including, where appropriate, any that are in addition to those provided for by law, and describe both the procedures and organisational and operational rules of the committee. For each of these duties, indicate its most significant actions during the financial year and how it has, in practice, exercised each of the duties attributed to it, whether in law, in the bylaws or in other corporate resolutions.

Pursuant to the provisions of Article 33 of the Regulations of the Board of Directors, the Appointments Committee’s primary focus is to assist the Board of Directors in matters relating to the selection and appointment of members of the Board of Directors, and also to perform the following duties:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

37

To this end, the Committee will evaluate the balance of knowledge, skills and experience on the Board of Directors, as well as the conditions that the candidates must meet to cover the vacancies that arise, evaluating the dedication of time considered necessary so that they can adequately carry out their duties, based on the needs that the Company’s governing bodies have at all times.

The Committee will ensure that, when filling new vacancies, the selection procedures are not implicitly biased in such a way that involves any kind of discrimination or, in particular, hinders the selection of female directors, trying to ensure that women who match the professional profile sought are included among potential candidates.

Also, when formulating its proposals for the appointment of directors, the Committee will take into consideration, if it considers them to be suitable, any requests that may be made by any member of the Board of Directors of potential candidates to fill the vacancies that have arisen.

Article 34 of the Regulations of the Board of Directors regulates the organisational and operational rules of Appointments Committee, establishing that it will meet as often as necessary to fulfil its duties, convened by its Chairman or by whomever stands in therefor, pursuant to the provisions of Article 32 of the Regulations of the Board.

The Committee may request that persons with tasks within the Group organisation that are related to the Committee’s duties attend its sessions. It may also obtain advice as necessary to form opinions within its remit, which will be done through the Secretary of the Board.

For all other matters, the system for calling meetings, setting quorums, passing resolutions, drafting minutes and other details of its operation will be in accordance with the provisions established in the Regulations of the Board of Directors for the Board of Directors insofar as they are applicable.

The most important actions carried out by the Appointments Committee in the 2018 financial year are detailed in section H of this Report.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

38

REMUNERATIONS COMMITTEE

Explain the duties assigned to this committee, including, where appropriate, any that are in addition to those provided for by law, and describe both the procedures and organisational and operational rules of the committee. For each of these duties, indicate its most significant actions during the financial year and how it has, in practice, exercised each of the duties attributed to it, whether in law, in the bylaws or in other corporate resolutions.

The Remunerations Committee’s focus is to assist the Board of Directors in matters relating to the remuneration policy for directors, senior managers and any employees whose professional activities have a significant impact on the Bank’s risk profile (“Identified Staff”), ensuring that the established remuneration policy is observed. Thus, as provided for under Article 36 of the Regulations of the Board of Directors, it will perform the following functions:

Moreover, Article 37 of the Regulations of the Board of Directors establishes that the Remunerations Committee will meet as often as necessary to fulfil its duties, convened by its Chairman or by whomever stands in therefor, pursuant to the provisions of Article 35 of the Regulations of the Board. The Committee may request that persons with tasks within the Group organisation that are related to the Committee’s duties attend its sessions. It may also obtain advice as necessary to form opinions within its remit, which will be done through the Secretary of the Board. For all other matters, the system for calling meetings, setting quorums, passing resolutions, drafting minutes and other details of its operation will be in accordance with the provisions established in the Regulations of the Board of Directors for the Board of Directors insofar as they are applicable.

The most important actions carried out by the Remunerations Committee in the 2018 financial year are detailed in section H of this Report.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

39

RISK COMMITTEE

Explain the duties assigned to this committee and describe both the procedures and organisational and operational rules of the committee. For each of these duties, indicate its most significant actions during the financial year and how it has, in practice, exercised each of the duties attributed to it, whether in law, in the bylaws or in other corporate resolutions.

The functions of the Risk Committee are listed below, along with an explanation of the actions taken by the Committee in the 2018 financial year to fulfil each one:

This function has been carried out by the Risk Committee with the necessary scope and detail for verifying their accuracy and appropriateness. This process took into account all of the necessary information, with the appropriate level of detail, and received support from the Head of Global Risk Management, Senior Management and the various areas of the Group participating in these processes, particularly the Risk area.

In particular, the Committee conducted an in-depth analysis of the various proposals made by the Risk Area to establish a new Risk Appetite Framework for the Group. This entailed evaluating the statements, metrics and limits that the framework comprises, taking into account the behaviour of the current appetite framework, the macroeconomic prospects of the respective regions and many other factors. This analysis was conducted before being submitted for the consideration of the Executive Committee and, if applicable, the approval of the Board.

The Risk Committee analysed the corporate policies proposed by the Risk Area for each type of risk, prior to submitting them to the Executive Committee. In 2018, it played a role in the processes to modify the corporate policies for retail risk, wholesale risk, liquidity and funding risk, structural interest-rate risk, structural exchange-rate risk, structural equities risk, market risk in market and insurance activities, model risk and operational risk. Together, these form the strategy and allow the Group’s risk culture to be strengthened. For this, it had the information necessary to adequately analyse the proposed modifications.

When the Risk Committee was informed that the determined risk limits had been exceeded while it conducted its monitoring, supervision and control work, it specifically monitored the reasons for this and the proposals regarding the action plans made for their recovery. If these action plans approved by the Corporate Bodies were implemented, the Risk Committee monitored them until the limits exceeded had recovered.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

40

Throughout the 2018 financial year, the Risk Committee monitored the evolution of the different risks to which the Group is exposed—both financial (credit risk, structural risks, market risk, insurance risk etc.) and non-financial (operational risks)—as part of the BBVA Group General Risk Management and Control Model and in accordance with the Risk Appetite Framework approved by the Corporate Bodies.

The Committee therefore received and analysed information from the Risk Area suitably frequently, received the support of the Group’s Head of Global Risk Management, those in charge of each type of risk in the corporate field and the risk directors of the Group’s main entities, and spoke directly with each one to discuss this topic.

All of this afforded the Committee direct knowledge of the Group’s risks, both globally and locally, allowing it to perform its duty of monitoring the evaluation of the Group’s risks, regardless of the type of risk, the business area in which it originates and even the sector or portfolio to which it belongs.

As part of this important duty, the Risk Committee also regularly monitored compliance with the metrics and limits established for the 2018 financial year, with the necessary detail and frequency to ensure adequate control of said indicators. To complete its control of the Risk Appetite Framework, the Committee received information about the key internal and external variables that affect the compliance of the Risk Appetite Framework, even if they are not directly part of it. This was received prior to being monitored by the Executive Committee and the Board of Directors.

In addition to the above, each month, the committees of the Corporate Risk Area informed the Risk Committee of the main credit risk operations in their respective areas of competency, enabling the Committee to monitor the Group’s most significant cases of exposure. Each month, the Risk Committee also had access to information about the qualitative risk operations authorised by the Risk Area.

Continue in section H of this Report.

TECHNOLOGY AND CYBERSECURITY COMMITTEE

Explain the duties assigned to this committee and describe both the procedures and organisational and operational rules of the committee. For each of these duties, indicate its most significant actions during the financial year and how it has, in practice, exercised each of the duties attributed to it, whether in law, in the bylaws or in other corporate resolutions.

The functions of the Board’s Technology and Cybersecurity Committee, which fall into two categories, are listed below, along with an explanation of the actions taken by the Committee in the 2018 financial year to fulfil its relevant functions:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

41

To ensure compliance with these duties, the Technology and Cybersecurity Committee has performed the following actions:

Furthermore, the Committee has been informed of the compliance risks associated with information technology, such as those derived from managing data with regard to the regulation on personal data protection and the new regulation on payment services, as well as the procedures established to identify, manage, control and, if necessary, mitigate these types of risks.

Likewise, the Committee has been informed of any significant events that have occurred in relation to cybersecurity, including those that have directly affected the Bank or the Group’s companies, as well as those that have affected important (national or international) entities or companies, in order that the Committee is aware of the threats to which the Group is exposed (or may be exposed) and of the technological defences BBVA possesses at any time to combat possible attacks.

To ensure compliance with these duties, the Technology and Cybersecurity Committee has performed the following duties:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

42

The rules and procedures on the organization and operation of the Technology and Cybersecurity Committee are detailed in section H of this Report.

C.2.2 Fill in the following table with information on the number of female directors sitting on the committees of the board of directors at the close of the last four financial years:

C.2.3 Indicate, where applicable, if there are regulations for the board committees, where they can be consulted and any amendments made to them during the financial year. Indicate whether an annual report on the activities of each committee has been prepared voluntarily.

The Regulations of the Board of Directors, available on the Company’s website, www.bbva.com, regulate the composition, duties and rules of the organisation and operation of all of the Board Committees that are regulatory in nature. The Regulations of the Board of Directors also regulate the composition, duties and rules of the organisation and operation of the Executive Committee. As part of the annual process to evaluate their operation, all of the Board Committees have prepared and submitted a report to the Board of Directors detailing the main activity and operation of performing their delegated duties over the course of the 2018 financial year.

AUDIT AND COMPLIANCE COMMITTEE: The Audit and Compliance Committee also has specific Regulations approved by the Board, which are available on the Company’s website, that govern its operation and powers, among other matters.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

43

Furthermore, as part of the self-assessment process, the Chairman of the Audit and Compliance Committee submitted a report to the Board of Directors regarding this Committee’s activities over the course of the 2018 financial year, which is explained in greater detail in section C.1.17 above.

APPOINTMENTS COMMITTEE: As part of the self-assessment process, the Chairman of the Appointments Committee presented a report to the Board of Directors regarding the activities conducted by this Committee over the course of the 2018 financial year, which is explained in greater detail in section C.1.17 above.

REMUNERATIONS COMMITTEE: As part of the self-assessment process, the Chair of the Remunerations Committee presented a report to the Board of Directors regarding the activities conducted by this Committee over the course of the 2018 financial year, which is explained in greater detail in section C.1.17 above.

RISK COMMITTEE: The Risk Committee also has specific Regulations approved by the Board, which are available on the Company’s website, that govern its duties and procedural standards, among other matters.

Furthermore, as part of the self-assessment process, the Chairman of the Risk Committee submitted a report to the Board of Directors regarding this Committee’s activities over the course of the 2018 financial year, which is explained in greater detail in section C.1.17 above.

TECHNOLOGY AND CYBERSECURITY COMMITTEE: The Technology and Cybersecurity Committee has specific Regulations approved by the Board, which are available on the Company’s website, that govern its duties and organisational and operational standards, among other matters.

Furthermore, as part of the self-assessment process, the Chairman of the Technology and Cybersecurity Committee submitted a report to the Board of Directors regarding this Committee’s activities over the course of the 2018 financial year, which is explained in greater detail in section C.1.17 above.

D RELATED-PARTY TRANSACTIONS AND INTRA-GROUP TRANSACTIONS

D.1 Explain the procedure and competent bodies, if any, for approving related-party and intra-group transactions.

Procedure for approving related-party transactions

Article 17 v) of the Regulations of the Board of Directors establishes that the Board of Directors is responsible for approving, as applicable, the transactions that the Company, or its Group companies may make with Directors or with shareholders who, individually or in concert, hold a significant interest. This includes shareholders represented on the Company’s Board of Directors or the boards of other Group companies, and parties related to them, with the exceptions established by law.

Moreover, Article 8 of the Regulations of the Board of Directors establishes that approval of the transactions conducted by the Company or by Group companies with directors, the approval of which is the responsibility of the Board of Directors, will be granted subject to a prior report by the Audit and Compliance Committee where appropriate. The only exceptions to this approval will be transactions that simultaneously meet the three following specifications: (i) they are carried out under contracts with standard terms and are applied en masse to a large number of customers; (ii) they go through at market rates or prices set in general by the party acting as supplier of the goods or services; and (iii) they are worth less than 1% of the Company’s annual revenues.

D.2 Detail transactions deemed to be significant for their amount or content between the company or its group companies, and the company’s significant shareholders:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

44

D.3 Detail any transactions deemed to be significant for their amount or content between the company or its group companies, and the directors or executives of the company:

D.4 Report any material transactions carried out by the company with other entities belonging to the same group, provided that these are not eliminated in the preparation of the consolidated financial statements and do not form part of the company’s ordinary business activities in terms of their purpose and conditions.

In any event, provide information on any intra-group transactions with companies established in countries or territories considered tax havens:

D.5 Detail any significant transactions between the company or its group companies and other related parties, which have not been listed in the previous entries.

D.6 Detail the mechanisms established to detect, determine and resolve possible conflicts of interest between the company and/or its group, and its directors, executives or significant shareholders.

Articles 7 and 8 of the Regulations of the Board of Directors regulate issues relating to possible conflicts of interest as follows:

Article 7

Directors must adopt necessary measures to avoid finding themselves in situations where their interests, whether for their own account or for that of others, may enter into conflict with the corporate interest and with their duties with respect to the Company, unless the Company has granted its consent under the terms established in applicable legislation and in these Regulations of the Board of Directors.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

45

Likewise, they must refrain from participating in deliberations and votes on resolutions or decisions in which they or a related party may have a direct or indirect conflict of interest, unless these are decisions relating to appointment to or severance from positions on the governing body.

Directors must notify the Board of Directors of any situation of direct or indirect conflict that they or parties related to them may have with respect to the Company’s interests.

Article 8

The duty of avoiding situations of conflicts of interest referred to in the previous article obliges the directors to refrain from, in particular:

The above provisions will also apply should the beneficiary of the prohibited acts or activities described in the previous subsections be a related party to the director. However, the Company may dispense with the aforementioned prohibitions in specific cases, authorising a director or a related party to carry out a certain transaction with the Company, to use certain corporate assets, to take advantage of a specific business opportunity or to obtain an advantage or remuneration from a third party.

When the authorisation is intended to dispense with the prohibition against obtaining an advantage or remuneration from third parties, or affects a transaction whose value is over 10% of the corporate assets, it must necessarily be agreed by a General Meeting resolution.

The obligation not to compete with the Company may only be dispensed with when no damage is expected to the Company or when any damage that is expected is compensated by the benefits that are foreseen from the dispensation. The dispensation will be conferred under an express and separate resolution of the General Meeting.

In other cases, the authorisation may also be resolved by the Board of Directors, provided that the independence of the members conferring it is guaranteed with respect to the director receiving the dispensation. Moreover, it will be necessary to ensure that the authorised transaction will not do harm to the corporate net worth or, where applicable, that it is carried out under market conditions and that the process is transparent.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

46

Approval of the transactions of the Company or its Group companies with directors, needing to be approved by the Board of Directors, will be granted after receiving a report from the Audit and Compliance Committee. The only exceptions to this approval will be transactions that simultaneously meet the three following specifications: 1) they are carried out under contracts with standard terms and are applied en masse to a large number of customers; 2) they go through at market rates or prices set in general by the party acting as supplier of the goods or services; and 3) they are worth less than 1% of the Company’s annual revenues.

Since BBVA is a credit institution, it is subject to the provisions of Spanish Act 10/2014, of 26 June, on the regulation, supervision and solvency of credit institutions, whereby the directors and general managers or similar may not obtain credits, bonds or guarantees from the Bank on whose board or management they work, above the limit and under the terms established in article 35 of Royal Decree 84/2015, implementing Act 10/2014, unless expressly authorised by the Bank of Spain.

Furthermore, all members of the BBVA Board of Directors and Senior Management are subject to the Company’s Internal Standards of Conduct in the Securities Markets. These Standards are intended to control possible Conflicts of Interest. It establishes that everyone subject to it must notify the head of their area or the Compliance Unit of situations that could potentially and under specific circumstances may entail Conflicts of Interest that might be vulnerable to compromising their impartiality, before they engage in any transaction or conclude any business in the securities market in which such may arise.

D.7 Are more than one of the Group’s companies listed in Spain?

NO

Identify the other companies listed in Spain and their relationship with the company:

Identity and relationship with other listed Group companies

Indicate whether the respective areas of business and any potential relations between them, as well as any potential business relations between the other listed company and other group companies, have been publicly defined:

NO

Define any potential business relations between the parent company and the listed subsidiary

company, and between the listed subsidiary company and other group companies

Identify the mechanisms established to resolve any potential conflicts of interest between the listed company and other group companies:

Mechanisms to resolve potential conflicts of interest

E RISK CONTROL AND MANAGEMENT SYSTEMS

E.1 Explain the scope of the company’s Risk Control and Management System, including risks of a tax-related nature.

The BBVA Group has a general Risk Control and Management model (hereafter the “Model”) adapted to its business model, its organisation and the geographical areas where it operates. This Model allows the BBVA Group to operate within the framework of the strategy and the risk control and management policy defined by the Bank’s corporate bodies and to adapt to an ever-changing economic and regulatory environment, addressing risk management on a global level adapted to the circumstances at any moment. The Model establishes a risk management system that is adapted to the Bank’s risk profile and strategy.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

47

This Model is applied comprehensively in the Group and is made up of the basic elements set out below:

I. Governance and organisation

The risk governance model in BBVA is characterised by the strong involvement of its corporate bodies, both in establishing the risk strategy and in the continuous monitoring and supervision of its implementation. Thus, it is the corporate bodies that approve the risk strategy and the corporate policies for the different types of risks. The risk function is responsible within the scope of its management for implementing and developing the risk strategy, being accountable for it to the corporate bodies. The responsibility for the day-to-day management of risks corresponds to the businesses, which engage in their business following the policies, rules, procedures, infrastructures and controls that are based on the framework set by the Corporate Bodies and defined by the risk function. To carry out this work adequately, the risk function in the BBVA Group has been set up as a single, global function that is independent of the commercial areas.

II. Risk Appetite Framework

The Group’s Risk Appetite Framework is approved by the BBVA’s Corporate Bodies and determines the risks and the associated risk levels that the Group is prepared to assume to achieve its objectives, considering the organic development pattern of the business. These are expressed in terms of solvency, liquidity and funding, profitability and recurrence of results, which are reviewed periodically or if there are any substantial changes in the Bank’s business or relevant corporate operations. The determination of the Risk Appetite Framework has the following objectives:

III. Decisions and processes

The transfer of the Risk Appetite Framework to ordinary management is underpinned by three basic elements:

IV. Evaluation, monitoring and reporting

Risk’s evaluation, monitoring and reporting is a cross-cutting element that allows the Model to have a dynamic and anticipatory vision, enabling compliance with the Risk Appetite Framework approved by the corporate bodies, even under unfavourable scenarios. The realization of this process is integrated into the activity of the risk units, both corporate and geographical and/or business, and is developed in the following phases:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

48

Continue in Section H of this Report.

E.2 Identify the corporate bodies responsible for drawing up and enforcing the Risk Control and Management System, including tax-related risks.

The Board of Directors (hereinafter referred to as the “Board”) approves the risk strategy and oversees internal management and control systems. Specifically, in relation to the risk strategy, the Board approves the Group’s Risk Appetite statement, the core metrics and the main metrics by type of risk, as well as the General Risk Management and Control Model.

The Board of Directors is also responsible for approving and monitoring the strategic and business plan, the annual budgets and management targets, as well as the investment and funding policy, in a consistent way and in line with the approved Risk Appetite Framework. For this reason, the processes for defining the Risk Appetite Framework proposals and strategic and budgetary planning at Group level are co-ordinated by the executive area for submission to the Board.

To ensure the integration of the Risk Appetite Framework into the management process, on the basis established by the Board of Directors, the Executive Committee approves the metrics for each type of risk relating to profitability, recurrence of results and the Group’s basic limit structure for the different geographical areas, risk types, asset classes and portfolios. This Committee also approves specific corporate policies for each type of risk.

Lastly, the Board of Directors has a committee specialising in risks, the Risk Committee, which assists the Board and the Executive Committee in determining the Group’s risk strategy and the risk limits and policies, respectively, analysing and assessing the proposals submitted to those bodies in advance. The amendment of the Group’s risk strategy and the elements composing it, including the Risk Appetite Framework metrics within its remit, is the exclusive power of the Board, while the Executive Committee is responsible for amending the metrics by type of risk within its scope of decision and the Group’s basic structure of limits (core limits), when applicable. In both cases, the same aforementioned decision-making process is applicable to the amendments; amendment proposals are submitted by the executive area (specifically, by the Group’s Chief Risk Officer) and are analysed by the Risk Committee and later submitted to the Board of Directors and/or to the Executive Committee, as appropriate.

Moreover, the Risk Committee, the Executive Committee and the Board itself monitor, to the necessary degree, the implementation of the risk strategy and the Group’s risk profile. For this, the risk function regularly reports on the development of the Group’s Risk Appetite Framework metrics to the Board and to the Executive Committee, after their analysis by the Risk Committee, whose role in this monitoring and control work is particularly important.

The head of the risk function in the executive line, the Group’s Chief Risk Officer (CRO), carries out his/her work with the independence, authority, rank, experience, knowledge and resources required. This Officer is appointed by the Bank’s Board of Directors, as a member of its Senior Management, and has direct access to the corporate bodies (Board of Directors, Executive Committee and Risk Committee), to which it reports on a regular basis on the situation of the risks in the Group.

For optimal performance, the Chief Risk Officer is supported by a structure consisting of cross-cutting risk units in the corporate area and specific risk units in the Group’s geographical areas and/or business areas. Each of these units is headed by a Chief Risk Officer for the geographical and/or business area who, within his/her area of responsibility, carries out risk control and management functions and is responsible for applying the corporate policies and rules approved at Group level in a consistent manner, adapting them if necessary to local requirements and reporting to the local Corporate Bodies.

The Chief Risk Officers of the geographical and business areas report both to the Group’s Chief Risk Officer and to the head of their geographical and/or business area. This dual reporting system aims to ensure the independence of the local risk management function from the operating functions and enable its alignment with the Group’s corporate policies and goals related to risks.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

49

The risk function has a decision-making process supported by a structure of committees. The Global Risk Management Committee (GRMC) is the highest-level body in the risk area and, among other duties, proposes, examines and, where applicable, approves the internal regulatory risk framework and the procedures and infrastructures needed to identify, assess, measure and manage the risks that the Group faces in its business activity. The GRMC also approves portfolio risk limits.

For tax-related risk, the Tax Department establishes the control mechanisms and internal rules necessary to ensure compliance with the tax laws in force and the tax strategy approved by the Board of Directors, which must inspire the Group’s fiscal decisions and integrate the results of the BEPS project from OECD as well as the guidelines of Chapter XI, Part of the “OECD Guidelines for Multinational Enterprises”. This function is subject to supervision by the Audit and Compliance Committee of the BBVA Group, and is evidenced by the appearances made before the same by the Head of the Tax Function of the BBVA Group.

E.3 Indicate the primary risks, including tax-related risks and, where significant, risk derived from corruption (the latter can be understood to be within the scope of Royal Decree Law 18/2017) that could prevent business targets from being met.

BBVA has processes to identify risks and analyse scenarios, enabling dynamic and advance risk management. These risk-identification processes are forward-looking to ensure the identification of emerging risks, and take into account the concerns of both the business and corporate areas as well as those of Senior Management.

Risks are identified and measured in a consistent manner and in line with approved methodologies. Their measurement includes the design and application of scenario analyses and stress testing, and considers the controls to which the risks are subject.

Likewise, a forward projection is performed for the Risk Appetite Framework variables in stress scenarios, with the aim of identifying possible deviations from the established thresholds. If such deviations are detected, the appropriate measures are adopted to keep those variables within the target risk profile.

In this regard, there are a number of emerging risks that could impact the Group’s business performance. These risks are organised into the following large blocks:

World economic growth remained strong during the 2018 financial year, although it slowed more than was expected in the second half of the year, due to worse performance than anticipated in trade and in the industrial sector, and to significantly heightened financial tensions, particularly in developed economies, caused by increased uncertainty. The worsening economic performance in Europe and China was accompanied by a slowdown in Asian countries and the deceleration of the expansionary cycle in the United States. Given the situation, both the Federal Reserve (Fed) and the ECB have been more cautious and patient in terms of standardising monetary policy, and their decisions moving forwards will depend on the performance of the economy. Protectionism remains the main short-term risk, not only due to its direct impact on the commercial channel, but also due to its indirect impact on confidence and financial volatility. There are also concerns regarding the intensity of activity adjustment in the US and China in the coming quarters and increased political uncertainty in Europe.

In summary, uncertainty surrounding the economic outlook remains high, mainly due to the fear of increased protectionism and the increased perception of risk in terms of global growth.

Financial institutions are exposed to a complex regulatory environment that is changing at the hands of governments and regulators, which may impact their growth capacity and the performance of certain business activities due to higher liquidity and capital requirements and lower profitability ratios. The Group monitors changes in the regulatory framework on an ongoing basis to enable it to anticipate and adapt to those changes sufficiently in advance, adopt the best practices and the most efficient and rigorous criteria for their implementation.

The financial sector is currently subject to a heightening level of scrutiny from regulators, governments and society itself. Negative news or inappropriate conduct can seriously damage an institution’s reputation and affect its ability to conduct a sustainable business. The attitudes and conduct of the Group and of its members are governed by the principles of integrity, honesty, long-term vision and best practices, thanks to the Internal Control Model, the Code of Conduct, tax strategy and the Group’s Responsible Business strategy, among others.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

50

Continue in Section H of this Report.

E.4 Identify whether the company has a risk tolerance level, including tax-related risks.

The BBVA Group’s Risk Appetite Framework, approved by the Corporate Bodies, determines the risks and the associated risk levels that the Group is prepared to assume to achieve its objectives, considering the organic development pattern of the business. These are expressed in terms of solvency, liquidity and funding, profitability and recurrence of results, which are reviewed periodically or if there are any substantial changes in the Bank’s business or relevant corporate operations.

The Risk Appetite Framework is expressed through the following elements:

In addition to this Framework, there is a level of management limits that is defined and managed by the risks function when developing the basic structure of limits, with the aim of ensuring that advance management of risks by risk subcategory within each type or by sub-portfolio is in line with those core limits and in general with the established Risk Appetite Framework.

The corporate risk area works with the various geographies and/or business areas to define their Risk Appetite Framework, so that it is co-ordinated with, and integrated into the Group’s Risk Appetite, making sure that its profile is in line with the one defined.

The Risk Appetite Framework is integrated within management, and the processes for defining the Risk Appetite Framework proposals are co-ordinated with strategic and budgetary planning at Group level.

As stated previously, the core metrics in BBVA’s Risk Appetite Framework measure the Group’s performance in terms of solvency, liquidity, funding, profitability and results recurrence. Most of the core metrics are accounting and/or regulation-based; they are therefore disclosed to the market regularly in BBVA Group’s annual and quarterly financial reports. The Group’s risk profile evolved over the 2018 financial year in line with the metrics forming part of the approved Risk Appetite Framework.

E.5 State what risks, including tax-related risks, have occurred during the financial year.

Risk is inherent to financial activity, and the occurrence of minor and major risks is therefore an inseparable part of the Group’s activities. BBVA thus provides detailed information in its annual financial statements (note 7 in the Report and note 19 in the consolidated accounts covering tax-related risks) regarding the developments of such risks, since their very nature can permanently affect the Group in undertaking its activities.

E.6 Explain the response and supervision plans for the primary risks faced by the company, including tax-related risks, and the procedures followed by the company to ensure that the Board of Directors responds to any new challenges.

The BBVA Group’s internal control system takes its inspiration from the best practices developed both in the COSO (Committee of Sponsoring Organizations of the Treadway Commission) “Enterprise Risk Management—Integrated Framework” and in the “Framework for Internal Control Systems in Banking Organisations” drawn up by the Basel Bank for International Settlements (BIS).

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

51

The control model has a system comprising three lines of defence:

The control activity of the first and second lines of defence for operational risks will be coordinated by the Non Financial Risks unit, which will also be responsible for providing these units with a common internal control methodology and global tools. The Group’s Head of Non Financial Risks is responsible for the function and reports his/her activities to the CRO and to the Board’s Risk Committee, assisting it in any matters where requested.

Furthermore, the Group has specific Internal Risk Control and Internal Validation units within the corporate risk area. These units are independent from the areas that develop models, manage processes and run controls.

Its scope of action is global, in terms of both geography and type of risk, reaching all areas of the organization.

The main function of Internal Risk Control is to ensure the existence of a sufficient regulatory framework, a process and measures defined for each type of risk identified in the Group, and for those other types of risk that may potentially affect the Group, to control its application and operation, and to ensure that the risk strategy is integrated into the Group’s management. In this sense, the Internal Risk Control unit contrasts the development of the functions of the units that develop the risk models, manage the processes and implement the controls.

The Group’s Head of Internal Risk Control is responsible for the function and reports its activities and work plans to CRO and to the Board’s Risk Committee, assisting it in any matters where requested.

To perform its duties, the area has a team structure at both the corporate level and in the most important geographies where the Group operates. As in the case of the corporate area, local units are independent of the business areas that execute the processes, and of the units that execute the controls. They report functionally to the Internal Risk Control unit. The unit’s lines of action are established at Group level and it is then responsible for their local-level adaptation and implementation, and for reporting on the most relevant aspects.

Internal Validation is responsible, among other duties, for the independent review and validation, internally, of the models used for the management and control of the Group’s risks.

With regard to tax risks, the Tax Department establishes the policies and control processes for guaranteeing compliance with the tax laws currently in force and the tax strategy approved by the Board of Directors.

Lastly, and in order to face the new challenges of the industry, the BBVA Group has a governance system that allows the Board of Directors to be informed of the real and potential risks that affect or may affect the Group at any time. Thus, to the work carried out by the different control areas (risks, compliance and internal audit) and the corresponding committees of the Board (Risk Committee and Audit and Compliance Committee, respectively), it is necessary to add the prospective monitoring and supervision that performs the Technology and Cybersecurity Committee of the Board of Directors. The important work carried out by this Committee allows the Board of Directors to be permanently informed of the main technological risks to which the Group is exposed to (including those related to risks on information security and cybersecurity), as well as to the strategies and current technological trends, and relevant events in cybersecurity subject that affect the Group or that may affect it in the future, among other functions.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

52

F INTERNAL CONTROL AND RISK MANAGEMENT SYSTEMS OVER FINANCIAL REPORTING (ICFR)

Describe the mechanisms comprising the risk management and control systems for financial reporting (ICFR) in your entity.

F.1 The entity’s control environment

Give information on the key features of at least:

F.1.1. Which bodies and/or functions are responsible for: (i) the existence and maintenance of an adequate and effective ICFR; (ii) its implementation and (iii) its supervision.

Pursuant to Article 17 of its Regulations, the Board of Directors approves the financial information that BBVA is required to publish periodically as a listed company. The Board of Directors has an Audit and Compliance Committee, whose mission is to help the Board to oversee financial information and exercise control over the BBVA Group.

In this respect, the BBVA Audit and Compliance Committee Regulations establish that the Committee’s duties include monitoring the sufficiency, suitability and effective operation of the internal control systems in the process of drawing up and preparing financial information, so as to rest assured of the correctness, accuracy, sufficiency and clarity of the financial information of the Bank and its consolidated Group.

The BBVA Group complies with the requirements imposed by the Sarbanes Oxley Act (“SOX”) for each financial year’s consolidated annual accounts due to its status as a publicly traded company listed with the United States Securities Exchange Commission (“SEC”). The main Group executives are involved in the design, compliance and maintenance of an effective internal control model that guarantees the quality and veracity of the financial information. The Finance & Accounting (“F&A”) area has been responsible during 2018 for producing the consolidated annual financial statements and maintaining the control model for financial information generation. Specifically, this function is performed by the Financial Internal Control area, which is integrated within the Group’s general internal control model, which is outlined below.

BBVA Group established an internal control model comprising two key elements. It has maintained this model throughout 2018. The first element is the control structure, organised into three lines of defence (3LD); the second is a governance scheme known as Corporate Assurance.

In accordance with the most advanced standards of internal control, the three-lines-of-defence model is configured as follows:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

53

Furthermore, to reinforce the internal control environment, the Group employs a governance scheme named Corporate Assurance, which establishes a framework for monitoring the internal control model and for escalating the main issues relating to internal control within the Group to Senior Management. The Corporate Assurance model (in which the business areas, support areas and the areas specialising in internal control participate) is organised into a system of committees that analyse the most relevant issues related to internal control in each geographical area, with the participation of the country’s top managers. These committees report to the Group’s Global Committee, chaired by the Chief Executive Officer with the assistance of the main global executives responsible for the business and control areas.

The effectiveness of this internal control system is assessed periodically for those risks that may affect the correct compilation of the Group’s financial statements. The assessment is co-ordinated by the Internal Financial Control area and involves control specialists from business and support areas. The Group’s Internal Audit area also performs its own assessment of the internal control system with regard to the generation of financial information. In addition, the external auditor of the BBVA Group issues an opinion every year on the effectiveness of internal control over financial reporting based on criteria established by COSO (Committee of Sponsoring Organizations of the Treadway Commission) and in accordance with PCAOB (the US Public Company Accounting Oversight Board) standards. This opinion appears in Form 20-F, which is filed every year with the SEC.

The result of the annual internal assessment of the System of Internal Control over Financial Reporting is reported to the Group’s Audit and Compliance Committee by the heads of Internal Control and Internal Financial Control.

F.1.2. Whether, especially in the process of drawing up financial information, the following elements exist:

The financial information is drafted by the local Financial Management areas for each country and the related consolidation work was done in 2018 by the F&A Area, which has overall responsibility for the drafting and reporting of accounting and regulatory information of the Group for 2018.

BBVA’s organisational structure clearly defines lines of action and responsibility for the areas involved in the generation of financial information, both at the individual entity level and consolidated group level, and also provides the channels and circuits necessary for the proper communication thereof. The units responsible for drawing up these financial statements have a suitable distribution of tasks and the necessary segregation of functions to draw up these statements in an appropriate operational and control framework.

Additionally, there is an accountability model aimed at extending the culture of, and commitment to internal control. Those in charge of the design and operation of the processes that have an impact on financial reporting certify that all the controls associated with its operation under their responsibility are sufficient and have worked correctly.

BBVA has a Code of Conduct that is approved by the Board of Directors and reflects BBVA’s concrete commitments with regard to one of the principles of its Corporate Culture: Integrity in the consideration and undertaking of its business. This Code likewise establishes the corresponding channel for whistleblowers regarding possible infringements of the Code. It is the subject of ongoing training and refresher programmes that include key personnel in the financial function.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

54

Following the update to the Code in 2015, communication campaigns to share its new content have been in place since 2016, making use of new formats and digital channels. In addition, a training plan has been developed at a global level, reaching the entire workforce of the Group.

The Code of Conduct can be accessed on the Bank’s website (www.bbva.com) and on the employees’ website (Intranet). Additionally, Group members undertake personally and individually to observe its principles and rules in an express declaration of awareness and adhesion.

The duties of the Audit and Compliance Committee include ensuring that internal codes of ethics and conduct, and those relating to conduct in securities markets, applicable to all Group personnel are compliant with regulatory requirements and are appropriate for the Bank.

Additionally, BBVA has adopted a structure of Corporate Integrity Management Committees (with individual powers at jurisdiction or Group entity levels, as applicable). Their joint scope of action covers all the Group businesses and activities and their main duty is to ensure effective application of the Code of Conduct. There is also a Corporate Integrity Management Committee, whose scope of responsibility extends throughout BBVA. The main mission of this committee entails ensuring uniform application of the Code in BBVA.

The Compliance Unit in turn independently and objectively promotes and supervises to ensure that BBVA acts with integrity, particularly in areas such as money-laundering prevention, conduct with clients, security market conduct, corruption prevention, and other areas that could entail a reputational risk for BBVA. The unit’s duties include fostering the knowledge and application of the Code of Conduct, promoting the drafting and distribution of its implementing standards, assisting in the resolution of any concern that may arise regarding the interpretation of the Code, and managing the Whistleblowing Channel.

Preservation of the Corporate Integrity of BBVA transcends merely personal accountability for individual actions, it calls for all employees to have zero tolerance for activities that do not comply with the Code of Conduct or that could harm the reputation or good name of BBVA. This attitude is reflected in everyone’s commitment to whistle-blowing, by timely communication, of situations that, even when unrelated to their activity or area of responsibility, could be infringe regulations or contradict the values and guidelines of the Code.

The Code of Conduct itself establishes the communication guidelines to follow and contemplates a Whistleblowing Channel, simultaneously guaranteeing the duty of discretion of reporting parties, the confidentiality of the investigations and the prohibition of retaliation or adverse consequences in light of communications made in good faith.

Telephone lines and email inboxes have been set up in each jurisdiction for these communications. A list of these appears on the Group Intranet.

As described in the previous section, BBVA has adopted a structure of Corporate Integrity Management Committees (with individual powers at jurisdiction or Group entity levels, as applicable), whose joint scope of action covers all the Group businesses and activities and whose functions and responsibilities (explained in greater detail in their corresponding regulations) include:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

55

In addition, periodic reports are made to the Audit and Compliance Committee, which supervises and controls their proper functioning (independently managed by the Compliance area).

Specific training and periodic refresher courses are given on accounting and tax regulations, internal control and risk management for areas involved in preparing and reviewing the financial and tax-related information and in evaluating the internal control system, to help them perform their functions correctly.

There is an annual training programme for all members of the F&A area on aspects related to the generation of financial information and to new regulations concerning accounting, financial and tax matters. This programme also includes other courses tailored to the needs of the area. These courses are taught by professionals from the area and renowned external providers.

In addition to the area-specific training, general Group training is also provided, and includes courses on finance and technology, among other topics.

Additionally, the BBVA Group has a personal development plan for all employees, which forms the basis of a personalised training programme to deal with the areas of knowledge necessary to perform their functions.

F.2 Financial reporting risk assessment

Give information on at least:

F.2.1. The key features of the risk identification process, including error and fraud risks, with respect to:

The ICFR was developed by the Group Management in accordance with international standards set forth by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”), which establishes five components on which the effectiveness and efficiency of internal control systems must be based:

In order to identify the risks with a greater potential impact in the generation of financial information, the processes through which such information is generated are analysed and documented, and an analysis of the risk situation that may arise in each is later conducted.

Based on the corporate internal control and operational risk methodology, the risks are categorised by type, including error and fraud (internal/external), and their probability of occurrence and possible impact are analysed.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

56

The process of identifying risks in the generation of Financial Statements, including risks of error, falsity and omission, is conducted by the parties responsible for each of the processes involved in the generation of financial information, in collaboration with the Internal Financial Control area which, in turn, manages mitigation plans. The scope of the annual/quarterly or monthly assessment of their controls is determined based on the significance of the risks, thus ensuring coverage of the risks considered critical for the financial statements.

The assessment of the aforementioned risks and the design and effectiveness of their controls begins with the management’s understanding of and insight into the business and the analysed operating process, considering criteria of quantitative materiality, likelihood of occurrence and economic impact, in addition to qualitative criteria associated with the type, complexity and nature of the risks or of the business structure itself.

The system for identifying and assessing the risks of internal control over financial reporting is dynamic. It evolves continuously, always reflecting the reality of the Group’s business, changes in operating processes, the risks affecting them and the controls that mitigate them.

All this is documented in a corporate management tool developed and managed by Operational Risk (STORM). This tool documents all the risks and controls, by process, that are managed by the different control specialists, including the Financial Internal Control unit.

Each of the processes identified in the BBVA Group for drawing up financial information aim to record all financial transactions, value the assets and liabilities in accordance with applicable accounting regulations and provide a breakdown of the information in accordance with regulator requirements and market needs.

The financial reporting control model analyses each of the aforementioned processes to ensure that identified risks are properly covered by efficient controls. The control model is updated when changes arise in the relevant processes for producing financial information.

The F&A organisation includes a Consolidation department that carries out a monthly process of identification, analysis and updating of the Group’s consolidation perimeter.

In addition, the information from the consolidation department on new companies set up by the Group’s different units and the changes made to existing companies is compared with the data analysed by two specific committees whose function is to analyse and document the changes in the composition of the corporate group (Holding Structure Committee and Investments in Non-Banking Companies Committee, both corporate).

In addition, as part of special purpose vehicle control, the Internal Audit and Compliance areas of the Bank submit a periodic report of the Group’s structure to the Audit and Compliance Committee.

The model of internal control over financial reporting applies to processes for directly drawing up such financial information and to all operational or technical processes that could have a relevant impact on the financial, accounting, tax-related or management information.

As explained above, all the specialist control areas apply a standard methodology and use a common tool (STORM) to document the identification of the risks, of the controls that mitigate those risks and of the assessment of their effectiveness.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

57

There are control specialists in all the operational or support areas, and therefore any type of risk that may affect the Group’s operations is analysed under that methodology (market, credit, operational, technological, financial, legal, tax-related, reputational or any other type of risk) and is included in the ICFR insofar as it may have an impact on the financial information.

The process for identifying risks and assessing the design, effectiveness and suitability of the controls is documented at least once a year, and is overseen by the Internal Audit area.

Moreover, the Group’s Head of Internal Audit and head of Internal Financial Control report annually to the Audit and Compliance Committee on analysis work that has been carried out, on the conclusions of the assessment of the control model relating to the generation of financial information, and on the process for downstream certification of the effectiveness of the control model. This process is undertaken by the financial officers of the main entities and holding control specialists. This work follows the SOX methodology in compliance with the legal requirements, under the regulation, on systems of internal control over financial reporting, and is included in Form 20-F, submitted annually to the SEC, as indicated in first point of control environment.

F.3 Control activities

Give information on the main features, if at least the following exist:

F.3.1. Procedures for review and authorisation of financial information and the description of the ICFR, to be published on the stock markets, indicating who is responsible for it, and the documentation describing the activity flows and controls (including those concerning risk of fraud) for the different types of transactions that may materially impact the financial statements, including the procedure for closing the accounts and the specific review of the relevant judgements, estimates, valuations and projections.

All of the processes relating to the generation of financial information are documented, as is the corresponding control model, including potential risks associated with each process and the controls put in place to mitigate them. As explained in point F.2.1, the aforementioned risks and controls are recorded in the corporate tool STORM, which also includes the result of the assessment of the operation of the controls and the degree of risk mitigation.

In particular, the main processes relating to the generation of financial information are: accounting, consolidation, financial reporting, financial planning and monitoring, and financial and tax management. The analysis of these processes, their risks and their controls is also supplemented by that of all other critical risks that may have a financial impact from business areas or other support areas.

Likewise, there are review procedures for the areas responsible for generating the financial and tax-related information disseminated to the securities markets, including the specific review of relevant judgements, estimates and projections.

As noted in the annual financial statements themselves, it is occasionally necessary to make estimates to determine the amount at which some assets, liabilities, income, expenses and commitments should be recorded. These estimates are mainly related to:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

58

These estimates are made based on the best information available on the financial statement closing date and, together with the other relevant issues for the closing of the annual and six-monthly financial statements, are analysed and authorised by an F&A Technical Committee and submitted to the Audit and Compliance Committee before being filed by the Board of Directors.

F.3.2. Internal control procedures and policies for information systems (among others, access security, change control, their operation, operational continuity and segregation of functions) that support the relevant processes in the entity with respect to drawing up and publishing financial information.

The internal control models include procedures and controls regarding the operation of information and access security systems, the segregation of functions, and the development and modification of computer applications used to generate financial information.

The existing internal control and operational risk methodology comprises a set of controls by category, which include, among others, two categories relating to this matter: access control and segregation of functions. Both categories of controls are identified in the model of internal control of financial information and are analysed and assessed periodically, in order to guarantee the integrity and reliability of the information drawn up.

Furthermore, there is a corporate-level procedure for managing system access profiles. This procedure is overseen by the Group’s Internal Engineering & Organization Control unit. This unit is also in charge of reviewing control processes in change management (development in test environments and putting changes into production), incident management, operation management, media and backup copy management, and management of business continuity, among other things.

With all these mechanisms, the BBVA Group can confirm that adequate management of access control is maintained, the correct and necessary steps are taken to put applications into production as well as ensuring their subsequent support, the creation of backup copies, and assurance of continuity in the processing and recording of operations.

In summary, the entire process of preparing and publishing financial information has established and documented the procedures and control models necessary to provide reasonable assurance of the correctness of the BBVA Group’s public financial information.

F.3.3. Internal control procedures and policies designed to supervise the management of activities subcontracted to third parties and those aspects of evaluation, calculation and assessment outsourced to independent experts which may materially impact the financial statements.

The internal control model includes considers controls and procedures for the management of subcontracted activities or those aspects of evaluation, calculation and assessment of assets or liabilities outsourced to independent experts.

There is a set of standards and an Outsourcing Committee that establishes and oversees the requirements that must be met at Group level with regard to the activities to be subcontracted. There are procedural manuals for the outsourced financial processes that identify the procedures to be followed and the controls to be applied by the service provider units and outsourcing units. The controls established in the outsourced processes concerning the generation of financial information are also tested by the Internal Financial Control area.

The valuations from independent experts used for matters relevant for generating financial information are included within the standard circuit of review procedures executed by internal control, internal auditing and external auditing.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

59

F.4 Information and communication

Give information on the main features, if at least the following exist:

F.4.1. A specific function in charge of defining and maintaining accounting policies (accounting policy department or area) and resolving queries or conflicts stemming from their interpretation, ensuring fluent communication with those in charge of operations in the organisation, and an up-to-date manual of accounting policies, communicated to the units through which the entity operates.

The organisation has two Technical Committees for Accounting (the Accounting Working Group) and Solvency. The purpose of these committees is to analyse, study and issue standards that may affect the compilation of the Group’s financial and regulatory information, to determine the accounting and solvency criteria required to ensure that transactions are booked correctly, and to calculate capital requirements within the framework of the applicable standards.

The Group also has an accounting policies Manual, which is updated and made available to all Group units by means of the Intranet. This manual is the tool that guarantees that all the decisions related to accounting policies or specific accounting criteria to be applied in the Group are supported and are standardised. The Accounting Policies Manual is approved in the Accounting Working Group and is documented and updated for use and analysis by all the Group’s entities.

F.4.2. Mechanisms to capture and prepare financial reporting in standardised formats, for application and use by all of the units of the entity or the group, that support the main financial statements and the notes, and the detailed information on ICFR.

The Group’s F&A area and the countries’ financial management units are responsible for the processes for preparing financial statements in accordance with the current accounting and consolidation manuals. There is also a consolidation computer application that collects the accounting information of the various companies within the Group and performs the consolidation processes, including the standardisation of accounting criteria, aggregation of balances and consolidation adjustments.

Control measures have also been implemented in each of the aforementioned processes, both locally and at consolidated level, to ensure that all the data underpinning the financial information is collected in a comprehensive, exact and timely manner. There is also a single and standardised financial reporting system that is applicable to and used by all the Group units and supports the main financial statements and the explanatory notes. There are also control measures and procedures to ensure that the information disclosed to the markets includes a sufficient level of detail to enable investors and other users of the financial information to understand and interpret it.

F.5 Supervision of the system’s operation

Give information on the key features of at least:

F.5.1. The ICFR supervision activities carried out by the audit committee and whether the entity has an internal audit function with powers that include providing support to the audit committee in its task of supervising the internal control system, including the ICFR. Likewise, information will be given on the scope of the ICFR assessment carried out during the financial year and of the procedure by which the person in charge of performing the assessment communicates its results, whether the entity has an action plan listing the possible corrective measures, and whether its impact on financial reporting has been considered.

The internal control units of the business areas and of the support areas conduct a preliminary assessment of the internal control model, assess the risks identified in the processes, the effectiveness of controls, and the degree of mitigation of the risks, as well as identifying weaknesses, and designing, implementing and monitoring the mitigation measures and action plans.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

60

BBVA also has an Internal Audit unit that supports the Audit and Compliance Committee with regard to the independent supervision of the internal financial information control system. The Internal Audit function is entirely independent of the units that draw up the financial information.

All the weaknesses in controls, mitigation measures and specific action plans are documented in the corporate tool STORM and submitted to the internal control and operational risk committees of the areas, as well as to the local or global Corporate Assurance Committees, based on the significance of the detected issues.

In summary: both the weaknesses identified by the internal control units and those detected by the internal or external auditor have an action plan in place to correct or mitigate the risks.

During the 2018 financial year, internal control areas conducted a full assessment of the financial information internal control system, and, to date, no material or significant weakness have been revealed therein. The assessment was reported to the Audit and Compliance Committee.

Additionally, in compliance with the SOX, the Group annually assesses the effectiveness of the model of internal control over financial reporting on a group of risks (within the perimeter of SOX companies and critical risks) that could affect the drawing up of financial statements at local and consolidated levels. This perimeter includes risks and controls of other specialties that are not directly financial (regulatory compliance, technology, risks, operational, human resources, procurement, legal, etc.).

F.5.2. Whether there is a discussion procedure via which the auditor (in line with the auditing technical standards), the internal audit function and other experts can inform senior management and the audit committee or the entity’s directors of significant weaknesses in the internal control encountered during the review processes for the annual financial statements or any others within their remit. Also provide information on whether there is an action plan to try to correct or mitigate the weaknesses observed.

As mentioned in the preceding section (F.5.1) of this Annual Corporate Governance Report, the Group does have a procedure in place whereby the internal auditor, the external auditor and the heads of Internal Financial Control report to the Audit and Compliance Committee any significant internal control weaknesses detected in the course of their work. Any significant or material weaknesses, if present, will likewise be reported. Thus, a plan of action is prepared for all detected weaknesses, which is presented to the Audit and Compliance Committee.

Since BBVA is listed with the SEC, the BBVA Group’s auditor annually issues its opinion on the effectiveness of the internal control over financial reporting contained in the Group’s consolidated annual financial statements on 31 December each year, under PCAOB (Public Company Accounting Oversight Board) standards, with a view to filing the financial information with the SEC on Form 20-F. The latest report issued on the financial information for the 2017 financial year is available on www.sec.gov.

The internal control oversight carried out by the Audit and Compliance Committee, described in the Audit and Compliance Committee Regulations published on the Group website, includes the following activities:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

61

The external auditor and the Head of Internal Audit regularly attend all meetings of the Audit and Compliance Committee and are properly informed of the matters addressed therein.

F.6 Other relevant information

F.7 External auditor report

Report on:

F.7.1. Whether the ICFR information disclosed to the markets has been submitted by the external auditor for review, in which case the entity must attach the corresponding report as an annex. Otherwise, explain the reasons why it was not.

The information related to the BBVA Group’s internal control over financial information described in this report is reviewed by the external auditor, which issues its opinion on the control system and on its effectiveness in relation to the statements published at the close of each financial year.

On 5 April 2018, the BBVA Group, as a private foreign issuer in the United States, filed the Annual Report (Form 20-F) for the financial year ending on 31 December 2017, which was published on the SEC website on that same date.

In accordance with the requirements set out in Section 404 of the Sarbanes-Oxley Act of 2002 by the Securities and Exchange Commission (SEC), the aforementioned Annual Report (Form 20-F) included certification of the Group’s executive principles with regard to the establishment, maintenance and assessment of the Group’s system of internal control over financial reporting. Form 20-F report also included the opinion of the external auditor regarding the effectiveness of the Bank’s system of internal control over financial reporting at year-end 2017.

G EXTENT OF COMPLIANCE WITH CORPORATE GOVERNANCE RECOMMENDATIONS

Indicate the degree of monitoring carried out by the company with regard to the recommendations of the Good Governance Code of Listed Companies.

If any recommendations are not being followed or are only being followed in part, a detailed explanation of the reasons for this should be given so that shareholders, investors and the market in general have sufficient information to assess the actions of the company. General explanations will not be acceptable.

1. The bylaws of listed companies should not place an upper limit on the votes that can be cast by a single shareholder, or impose other obstacles to the takeover of the company by means of share purchases on the market.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

62

COMPLIANT

2. When a dominant and subsidiary company are both listed, they should provide detailed disclosure on:

a) The activity they engage in and any business dealings between them, as well as between the listed subsidiary and other group companies.

b) The mechanisms in place to resolve possible conflicts of interest.

NOT APPLICABLE

3. During the annual general meeting the chairman of the board should verbally inform shareholders in sufficient detail of the most relevant aspects of the company’s corporate governance, supplementing the written information circulated in the annual corporate governance report. In particular:

a) Changes taking place since the previous annual general meeting.

b) The specific reasons for the company not following a given Good Governance Code recommendation, and any alternative procedures followed in its stead.

COMPLIANT

4. The company should draw up and implement a policy of communication and contacts with shareholders, institutional investors and proxy advisors that complies in full with market abuse regulations and accords equitable treatment to shareholders in the same position.

This policy should be disclosed on the company’s website, complete with details of how it has been put into practice and the identities of the relevant interlocutors or those charged with its implementation.

COMPLIANT

5. The board of directors should not make a proposal to the general meeting for the delegation of powers to issue shares or convertible securities without pre-emptive subscription rights for an amount exceeding 20% of capital at the time of such delegation.

When a board approves the issuance of shares or convertible securities without pre-emptive subscription rights, the company should immediately post a report on its website explaining the exclusion as envisaged in company legislation.

PARTIALLY COMPLIANT

The General Shareholders’ Meeting on 17 March 2017 delegated to the Board of Directors a power to increase share capital and issue convertible securities, along with the power to wholly or partially exclude pre-emptive subscription rights in respect of capital increases and issues of convertible securities carried out using such delegated power. The power to exclude pre-emptive subscription rights is limited, overall, to 20% of share capital as it stood at the time of the delegation, except for the issuance of contingently convertible securities, the conversion of which is intended to satisfy regulatory solvency requirements as to eligibility as capital instruments in accordance with applicable regulations, because such instruments are not dilutive for shareholders.

6. That listed companies which draft the reports listed below, whether under a legal obligation or voluntarily, publish them on their web page with sufficient time before the General Shareholders’ Meeting, even when their publication is not mandatory:

a) Report on auditor independence.

b) Reviews of the operation of the audit committee and the nomination and remuneration committee.

c) Audit committee report on third-party transactions.

d) Report on corporate social responsibility policy.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

63

COMPLIANT

7. The company should broadcast its general meetings live on the corporate website.

COMPLIANT

8. The audit committee should strive to ensure that the board of directors can present the company’s accounts to the general meeting without limitations or qualifications in the auditor’s report. In the exceptional case that qualifications exist, both the chairman of the audit committee and the auditors should give a clear account to shareholders of their scope and content.

COMPLIANT

9. The company should disclose its conditions and procedures for admitting share ownership, the right to attend general meetings and the exercise or delegation of voting rights, and display them permanently on its website.

Such conditions and procedures should encourage shareholders to attend and exercise their rights and be applied in a non-discriminatory manner.

COMPLIANT

10. When an accredited shareholder exercises the right to supplement the agenda or submit new proposals prior to the general meeting, the company should:

a) Immediately circulate the supplementary items and new proposals.

b) Disclose the attendance card template and proxy or remote voting form, duly modified so that new agenda items and alternative proposals can be voted on in the same terms as those submitted by the board of directors.

c) Put all these items or alternative proposals to the vote applying the same voting rules as for those submitted by the board of directors, with particular regard to presumptions or deductions about the direction of votes.

d) After the general meeting, disclose the breakdown of votes on such supplementary items or alternative proposals.

NOT APPLICABLE

11. In the event that a company plans to pay for attendance at the general meeting, it should first establish a general, long-term policy in this respect.

NOT APPLICABLE

12. The Board of Directors should perform its duties with unity of purpose and independent judgement, according the same treatment to all shareholders in the same position. It should be guided at all times by the company’s best interest, understood as the creation of a profitable business that promotes its sustainable success over time, while maximising its economic value.

In pursuing the corporate interest, it should not only abide by laws and regulations and conduct itself according to principles of good faith, ethics and respect for commonly accepted customs and good practices, but also strive to reconcile its own interests with the legitimate interests of its employees, suppliers, clients and other stakeholders, as well as with the impact of its activities on the broader community and the natural environment.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

64

COMPLIANT

13. The board of directors should have an optimal size to promote its efficient functioning and maximise participation. The recommended range is accordingly between five and fifteen members.

COMPLIANT

14. The board of directors should approve a director selection policy that:

a) Is concrete and verifiable;

b) Ensures that appointment or re-election proposals are based on a prior analysis of the board’s needs; and

c) Favours a diversity of knowledge, experience and gender.

That the resulting prior analysis of the needs of the Board of Directors is contained in the supporting report from the appointments committee published upon a call from the General Shareholders’ Meeting submitted for ratification, appointment or re-appointment of each director.

The director selection policy should pursue the goal of having at least 30% of total board places occupied by women directors before the year 2020.

The appointments committee should run an annual check on compliance with the director selection policy and set out its findings in the annual corporate governance report.

COMPLIANT

15. Proprietary and independent directors should constitute an ample majority on the board of directors, while the number of executive directors should be the minimum practical bearing in mind the complexity of the corporate group and the ownership interests they control.

COMPLIANT

16. The percentage of proprietary directors out of all non-executive directors should be no greater than the proportion between the ownership stake of the shareholders they represent and the remainder of the company’s capital.

This criterion can be relaxed:

a) In large cap companies where few or no equity stakes attain the legal threshold for significant shareholdings.

b) In companies with a plurality of shareholders represented on the board but not otherwise related.

COMPLIANT

17. Independent directors should be at least half of all board members.

However, when the company does not have a large market capitalisation, or when a large cap company has shareholders individually or concertedly controlling over 30 percent of capital, independent directors should occupy, at least, a third of board places.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

65

COMPLIANT

18. Companies should disclose the following director particulars on their websites and keep them regularly updated:

a) Background and professional experience.

b) Directorships held in other companies, listed or otherwise, and other paid activities they engage in, of whatever nature.

c) Statement of the director class to which they belong, in the case of proprietary directors indicating the shareholder they represent or have links with.

d) Dates of their first appointment as a board member and subsequent re-elections.

e) Shares held in the company, and any options on the same.

COMPLIANT

19. Following verification by the appointments committee, the annual corporate governance report should disclose the reasons for the appointment of proprietary directors at the urging of shareholders controlling less than 3 percent of capital; and explain any rejection of a formal request for a board place from shareholders whose equity stake is equal to or greater than that of others applying successfully for a proprietary directorship

NOT APPLICABLE

20. Proprietary directors should resign when the shareholders they represent dispose of their ownership interest in its entirety. If such shareholders reduce their stakes, thereby losing some of their entitlement to proprietary directors, the latters’ number should be reduced accordingly.

NOT APPLICABLE

21. The board of directors should not propose the removal of independent directors before the expiry of their tenure as mandated by the bylaws, except where they find just cause, based on a proposal from the appointments committee. In particular, just cause will be presumed when directors take up new posts or responsibilities that prevent them allocating sufficient time to the work of a board member, or are in breach of their fiduciary duties or come under one of the disqualifying grounds for classification as independent enumerated in the applicable legislation.

The removal of independent directors may also be proposed when a takeover bid, merger or similar corporate transaction alters the company’s capital structure, provided the changes in board membership ensue from the proportionality criterion set out in recommendation 16.

COMPLIANT

22. Companies should establish rules obliging directors to disclose any circumstance that might harm the organisation’s name or reputation, tendering their resignation as the case may be, and, in particular, to inform the board of any criminal charges brought against them and the progress of any subsequent trial.

The moment a director is indicted or tried for any of the offences stated in company legislation, the board of directors should open an investigation and, in light of the particular circumstances, decide whether or not he or she should be called on to resign. The board should give a reasoned account of all such determinations in the annual corporate governance report.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

66

COMPLIANT

23. Directors should express their clear opposition when they feel a proposal submitted for the board’s approval might damage the corporate interest. In particular, independents and other directors not subject to potential conflicts of interest should strenuously challenge any decision that could harm the interests of shareholders lacking board representation.

When the board makes material or reiterated decisions about which a director has expressed serious reservations, then he or she must draw the pertinent conclusions. Directors resigning for such causes should set out their reasons in the letter referred to in the next recommendation.

The terms of this recommendation also apply to the secretary of the board, even if he or she is not a director.

COMPLIANT

24. Directors who give up their place before their tenure expires, through resignation or otherwise, should state their reasons in a letter to be sent to all members of the board. Whether or not such resignation is disclosed as a material event, the motivating factors should be explained in the annual corporate governance report.

COMPLIANT

25. The appointments committee should ensure that non-executive directors have sufficient time available to fulfil their responsibilities effectively.

The regulations of the board of directors should lay down the maximum number of company boards on which directors can serve.

COMPLIANT

26. The board should meet with the necessary frequency to properly perform its functions, eight times a year at least, in accordance with a calendar and agendas set at the start of the year, to which each director may propose the addition of initially unscheduled items.

COMPLIANT

27. Director absences should be kept to a strict minimum and quantified in the annual corporate governance report. In the event of absence, directors should delegate their powers of representation with the appropriate instructions.

COMPLIANT

28. When directors or the secretary express concerns about some proposal or, in the case of directors, about the company’s performance, and such concerns are not resolved at the meeting, they should be recorded in the minute book if the person expressing them so requests.

COMPLIANT

29. The company should provide suitable channels for directors to obtain the advice they need to carry out their duties, extending if necessary to external assistance at the company’s expense.

COMPLIANT

30. Regardless of the knowledge directors must possess to carry out their duties, they should also be offered refresher programmes when circumstances so advise.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

67

COMPLIANT

31. The agendas of board meetings should clearly indicate on which points directors must arrive at a decision, so they can study the matter beforehand or gather together the material they need.

For reasons of urgency, the chairman may wish to present decisions or resolutions for board approval that were not on the meeting agenda. In such exceptional circumstances, their inclusion will require the express prior consent, duly minuted, of the majority of directors present.

COMPLIANT

32. Directors should be regularly informed of movements in share ownership and of the views of major shareholders, investors and rating agencies on the company and its group.

COMPLIANT

33. The chairman, as the person charged with the efficient functioning of the board of directors, in addition to the functions assigned by law and the company’s bylaws, should prepare and submit to the board a schedule of meeting dates and agendas; organise and co-ordinate regular evaluations of the board and, where appropriate, the company’s first executive; exercise leadership of the board and be accountable for its proper functioning; ensure that sufficient time is given to the discussion of strategic issues, and approve and review refresher courses for each director, when circumstances so advise.

COMPLIANT

34. When a lead independent director has been appointed, the Bylaws or Regulations of the Board of Directors should grant him or her the following powers over and above those conferred by law: chair the board of directors in the absence of the chairman or vice chairmen; give voice to the concerns of non-executive directors; maintain contacts with investors and shareholders to hear their views and develop a balanced understanding of their concerns, especially those to do with the company’s corporate governance; and co-ordinate the chairman’s succession plan.

COMPLIANT

35. The board secretary should strive to ensure that the board’s actions and decisions are informed by the governance recommendations of the Good Governance Code of relevance to the company.

COMPLIANT

36. The board in full should conduct an annual evaluation, adopting, where necessary, an action plan to correct weakness detected in:

a) The quality and efficiency of the board’s operation.

b) The performance and membership of its committees

c) The diversity of board membership and competences.

d) The performance of the chairman of the board of directors and the company’s first executive.

e) The performance and contribution of individual directors, with particular attention to the chairmen of board committees.

The evaluation of board committees should start from the reports they send the board of directors, while that of the board itself should start from the report of the appointments committee.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

68

Every three years, the board of directors should engage an external consultant to aid in the evaluation process. This consultant’s independence should be verified by the appointments committee.

Any business dealings that the consultant or members of its corporate group maintain with the company or members of its corporate group should be detailed in the annual corporate governance report.

The process followed and areas evaluated should be detailed in the annual corporate governance report.

COMPLIANT

37. When an executive committee exists, its membership mix by director class should resemble that of the board. The secretary of the board should also act as secretary to the executive committee.

PARTIALLY COMPLIANT

The current composition of the Executive Committee of BBVA was agreed by the Board of Directors at its meeting on 27 June 2018, and it was considered that it had the most suitable composition for the performance of its functions.

Thus, in accordance with Article 26 of the BBVA Regulations of the Board of Directors, which establishes that there should be a majority of non-executive directors over executive directors, the Executive Committee of the Board of Directors, as of 31 December 2018, partially reflects the participation of the different categories of director on the Board of Directors; the Chairman and Secretary of the Executive Committee hold the same positions on the Board of Directors, and it is composed of two executive directors and four non-executive directors, of whom one is an independent director and three are external directors, giving a majority of non-executive directors in accordance with the Regulations of the Board of Directors.

38. The board should be kept fully informed of the business transacted and decisions made by the executive committee, and all board members should receive a copy of the committee’s minutes.

COMPLIANT

39. All members of the audit committee, particularly its chairman, should be appointed with regard to their knowledge and experience in accounting, auditing and risk management matters. A majority of committee places should be held by independent directors.

COMPLIANT

40. Listed companies should have a unit in charge of the internal audit function, under the supervision of the audit committee, to monitor the effectiveness of reporting and internal control systems. This unit should report functionally to the board’s non-executive chairman or the chairman of the audit committee.

COMPLIANT

41. The head of the unit handling the internal audit function should present an annual work programme to the audit committee, inform it directly of any incidents arising during its implementation and submit an activities report at the end of each year.

COMPLIANT

42. The audit committee should have the following functions over and above those legally assigned:

1. With respect to internal control and reporting systems:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

69

a) Monitor the preparation and the integrity of the financial information prepared on the company and, where appropriate, the group, checking for compliance with legal provisions, the accurate demarcation of the consolidation perimeter, and the correct application of accounting principles.

b) Monitor the independence of the unit handling the internal audit function; propose the selection, appointment, re-election and removal of the head of the internal audit service; propose the service’s budget; approve its priorities and work programmes, ensuring that it focuses primarily on the main risks the company is exposed to; receive regular report-backs on its activities; and verify that senior management are acting on the findings and recommendations of its reports.

c) Establish and supervise a mechanism whereby staff can report, confidentially and, if appropriate and feasible, anonymously, any potentially significant irregularities that they detect in the course of their duties, in particular financial or accounting irregularities.

2. With regard to the external auditor:

a) Investigate the issues giving rise to the resignation of the external auditor, should this come about.

b) Ensure that the remuneration of the external auditor does not compromise its quality or independence.

c) Ensure that the company notifies any change of external auditor to the CNMV as a material event, accompanied by a statement of any disagreements arising with the outgoing auditor and the reasons for the same.

d) Ensure that the external auditor has a yearly meeting with the board in full to inform it of the work undertaken and developments in the company’s risk and accounting positions.

e) Ensure that the company and the external auditor adhere to current regulations on the provision of non-audit services, limits on the concentration of the auditor’s business and other requirements concerning auditor independence.

COMPLIANT

43. The audit committee should be empowered to meet with any company employee or manager, even ordering their appearance without the presence of another senior officer.

COMPLIANT

44. The audit committee should be informed of any structural or corporate changes the company is planning, so the committee can analyse the operation and report to the board beforehand on its economic conditions and accounting impact and, in particular and when applicable, the exchange ratio proposed.

COMPLIANT

45. Risk control and management policy should identify at least:

a) The different types of financial and non-financial risk the company is exposed to (including operational, technological, legal, social, environmental, political and reputational risks), with the inclusion under financial or economic risks of contingent liabilities and other off-balance-sheet risks.

b) The determination of the risk level the company sees as acceptable.

c) The measures in place to mitigate the impact of identified risk events should they occur.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

70

d) The internal control and reporting systems to be used to control and manage the above risks, including contingent liabilities and off-balance-sheet risks.

COMPLIANT

46. Companies should establish an internal risk control and management function in the charge of one of the company’s internal departments or units and under the direct supervision of the audit committee or some other dedicated board committee. This function should be expressly charged with the following responsibilities:

a) Ensure that risk control and management systems are functioning correctly and, specifically, that major risks the company is exposed to are correctly identified, managed and quantified.

b) Participate actively in the preparation of risk strategies and in key decisions about their management.

c) Ensure that risk control and management systems are mitigating risks effectively in the frame of the policy drawn up by the board of directors.

COMPLIANT

47. Appointees to the appointments and remuneration committee – or of the appointments committee and remuneration committee, if separately constituted – should have the right balance of knowledge, skills and experience for the functions they are called on to discharge. The majority of their members should be independent directors.

COMPLIANT

48. Large cap companies should operate separately constituted appointments and remuneration committees.

COMPLIANT

49. The appointments committee should consult with the company’s chairman and first executive, especially on matters relating to executive directors.

When there are vacancies on the board, any director may approach the appointments committee to propose candidates that it might consider suitable.

COMPLIANT

50. The remuneration committee should operate independently and have the following functions in addition to those assigned by law:

a) Propose to the board the standard conditions for senior officer contracts.

b) Monitor compliance with the remuneration policy set by the company.

c) Periodically review the remuneration policy for directors and senior officers, including share-based remuneration systems and their application, and ensure that their individual compensation is proportionate to the amounts paid to other directors and senior officers in the company.

d) Ensure that potential conflicts of interest do not undermine the independence of any external advice the committee engages.

e) Verify the information on director and senior officers’ pay contained in corporate documents, including the annual directors’ remuneration report.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

71

COMPLIANT

51. The remuneration committee should consult with the company’s chairman and first executive, especially on matters relating to executive directors and senior officers.

COMPLIANT

52. The rules of composition and operation of supervision and control committees should be set out in the board of directors’ regulations and aligned with those governing legally mandatory board committees as specified in the preceding sets of recommendations. They should include at least the following terms:

a) Committees should be formed exclusively by non-executive directors, with a majority of independents.

b) They should be chaired by independent directors.

c) The board should appoint the members of such committees with regard to the knowledge, skills and experience of its directors and each committee’s terms of reference; discuss their proposals and reports; and provide report-backs on their activities and work at the first board plenary following each committee meeting.

d) They may engage external advice, when they feel it necessary for the discharge of their functions.

e) Meeting proceedings should be minuted and a copy made available to all board members.

COMPLIANT

53. The task of supervising compliance with corporate governance rules, internal codes of conduct and corporate social responsibility policy should be assigned to one board committee or split between several, which could be the audit committee, the appointments committee, the corporate social responsibility committee, where one exists, or a dedicated committee established ad hoc by the board under its powers of self-organisation, with at the least the following functions:

a) Monitor compliance with the company’s internal codes of conduct and corporate governance rules.

b) Oversee the communication and relations strategy with shareholders and investors, including small and medium-sized shareholders.

c) Periodically evaluate the effectiveness of the company’s corporate governance system, to confirm that it is fulfilling its mission to promote the corporate interest and catering, as appropriate, to the legitimate interests of remaining stakeholders.

d) Review the company’s corporate social responsibility policy, ensuring that it is geared to value creation.

e) Monitor corporate social responsibility strategy and practices and assess compliance in their respect.

f) Monitor and evaluate the company’s interaction with its stakeholder groups.

g) Evaluate all aspects of the non-financial risks the company is exposed to, including operational, technological, legal, social, environmental, political and reputational risks.

h) Coordinate non-financial and diversity reporting processes in accordance with applicable legislation and international benchmarks.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

72

COMPLIANT

54. The corporate social responsibility policy should state the principles or commitments the company will voluntarily adhere to in its dealings with stakeholder groups, specifying at least:

a) The goals of its corporate social responsibility policy and the support instruments to be deployed.

b) The corporate strategy with regard to sustainability, the environment and social issues.

c) Concrete practices in matters relative to: shareholders, employees, clients, suppliers, social welfare issues, the environment, diversity, fiscal responsibility, respect for human rights and the prevention of illegal conducts.

d) The methods or systems for monitoring the results of the practices referred to above, related risks and their management.

e) The mechanisms for supervising non-financial risk, ethics and business conduct.

f) Channels for stakeholder communication, participation and dialogue.

g) Responsible communication practices that prevent the manipulation of information and protect the company’s honour and integrity.

COMPLIANT

55. The company should report on corporate social responsibility developments in its management’s report or in a separate document, using an internationally accepted methodology.

COMPLIANT

56. Director remuneration should be sufficient to attract and retain individuals with the desired profile and compensate the commitment, abilities and responsibility that the post demands, but not so high as to compromise the independent judgement of non-executive directors.

COMPLIANT

57. Variable remuneration linked to the company and the director’s performance, the award of shares, options or any other right to acquire shares or to be remunerated on the basis of share price movements, and membership of long-term savings schemes such as pension and retirement plans and other social insurance should be confined to executive directors.

The company may consider the share-based remuneration of non-executive directors provided they retain such shares until the end of their mandate. The above condition will not apply to any shares that the director must dispose of to defray costs related to their acquisition.

COMPLIANT

58. In the case of variable awards, remuneration policies should include limits and technical safeguards to ensure they reflect the professional performance of the beneficiaries and not simply the general progress of the markets or the company’s sector, or circumstances of that kind.

In particular, variable remuneration items should meet the following conditions:

a) Be subject to predetermined and measurable performance criteria that factor the risk assumed to obtain a given outcome.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

73

b) Promote the long-term sustainability of the company and include non-financial criteria that are sufficient for long-term value creation, such as compliance with the company’s internal rules and procedures and its risk control and management policies.

c) Be focused on achieving a balance between the delivery of short, medium and long-term objectives, such that performance-related pay rewards ongoing achievement, maintained over sufficient time to appreciate its contribution to long-term value creation. This will ensure that performance measurement is not based solely on one-off, occasional or extraordinary events.

COMPLIANT

59. A major part of variable remuneration components should be deferred for a long enough period to ensure that predetermined performance criteria have effectively been met.

COMPLIANT

60. Remuneration linked to company earnings should bear in mind any qualifications stated in the external auditor’s report that reduce their amount.

COMPLIANT

61. A relevant percentage of executive directors’ variable remuneration should be linked to the award of shares or financial instruments whose value is linked to the share price.

COMPLIANT

62. Following the award of shares, share options or other rights on shares derived from the remuneration system, directors should not be allowed to transfer a number of shares equivalent to twice their annual fixed remuneration, or to exercise the share options or other rights on shares for at least three years after their award.

The above condition will not apply to any shares that the director must dispose of to defray costs related to their acquisition.

COMPLIANT

63. Contractual arrangements should include provisions that permit the company to reclaim variable components of remuneration when payment was out of step with the director’s actual performance or based on data subsequently found to be misstated.

COMPLIANT

64. Termination payments should not exceed a fixed amount equivalent to two years of the director’s total annual remuneration and should not be paid until the company confirms that he or she has met the predetermined performance criteria.

COMPLIANT

H OTHER INFORMATION OF INTEREST

1. If there is any other aspect relevant to the corporate governance in the company or in the group entities that has not been addressed in the rest of the sections of this report, but is necessary to include to provide more comprehensive and well-grounded information on the corporate governance structure and practices in the entity or its group, give a brief description of them.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

74

2. This section may also include any other relevant information, clarification or detail related to previous sections of the report if they are relevant and not reiterative.

In particular, indicate whether the company is subject to corporate governance legislation from a country other than Spain and, if so, include the mandatory information to be provided, if different from that required by this report.

3. The company may also indicate if it has voluntarily signed up to other international, industry-wide or any other codes of ethical principles or best practices. Where applicable, identify the code in question and the date of signing. In particular, indicate whether it has adhered to the Código de Buenas Prácticas Tributarias (Spanish code of best tax practices) of 20 July 2010.

The data in this report refers to the financial year ending 31 December 2018, except in those cases when another reference date is specifically stated.

As an explanation to section A.3, the percentage of direct voting rights held by non-executive directors through financial instruments corresponds to number of “theoretical shares” accumulated as a result of the remuneration system with deferred delivery of shares approved by resolution of the General Shareholders’ Meeting. In application of this resolution and in accordance with the Remuneration Policy for BBVA Directors, the Board of Directors annually allocates a number of “theoretical shares” to each non-executive director, corresponding to 20% of the annual cash remuneration received the previous financial year. These will be delivered, where applicable, on the date on which they leave their positions as directors for reasons other than serious dereliction of their duties. Details of the annual allocation carried out by the Board can be found in Note 54 of the Annual Report on the Bank’s consolidated annual financial statements for the 2018 financial year, regarding remuneration and other benefits received by the Board of Directors and members of the Bank’s Senior Management.

For executive directors, the percentage of direct voting rights through financial instruments corresponds to the number of Annual Variable Remuneration (AVR) shares received for previous financial years, which was deferred and is yet to be paid out as of the date of this report, provided that the conditions for such are met. Thus, this includes the percentage corresponding to the deferred 50% of the 2015 AVR, which will be received in 2019, the deferred 50% of the 2016 AVR, which will be received in 2020, and 60% of the deferred 2017 AVR, which will correspond to 60% delivered in 2021, 20% in 2022 and the remaining 20% in 2023. The final amount is subject to the applicable multi-year indicators, which may reduce the deferred amount, or even forfeit it, but never increase it. The final amount is also subject to the malus and clawback clauses set out in the remuneration policy applicable in each financial year.

Further to Section A.9, relating to income from treasury-share trading, Rule 21 of Circular 4/2017 and IAS 32, Paragraph 33, expressly prohibit the recognition, in the profit and loss account, of gains or losses made through transactions carried out with its own capital instruments, including their issuance and redemption. Said profits and losses are directly booked against the company’s net equity. In the table of significant variations, the date of entry of CNMV Model IV in the registries of that organism, model corresponding to the communications with treasury shares and the reason for such communication.

Further to Section A.12, there are no legal or statutory restrictions on the exercise of voting rights. Thus, in accordance with article 31 of Company Bylaws, each voting share will confer the right to one vote on the holder present or represented at the General Meeting.

Moreover, there are no statutory restrictions on the acquisition or transfer of share capital holdings.

However, as for the legal restrictions on the acquisition or transfer of shares in the company’s share capital, Spanish Act 10/2014, of 26 June, on the regulation, supervision and solvency of credit institutions establishes that the direct or indirect acquisition of a significant holding (as defined in article 16 of that Act) is subject to assessment by the Bank of Spain as set out in Articles 16 et seq. of that Act. Additionally, Article 25 of Royal Decree 84/2015, implementing Act 10/2014, establishes that the Bank of Spain shall evaluate proposals for

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

75

acquisitions of significant shares and submit a proposal to the European Central Bank regarding whether to oppose this acquisition or not. This same article establishes the criteria that should be considered during said evaluation and the applicable timelines.

Further to Section C.1.5, the periodic analysis process carried out by the Appointments Committee, will also consider the composition of the different Board Committees that assist this Corporate Body in the performance of its duties and which constitute an essential element of BBVA’s corporate governance. The Corporate Bodies will also be assessed to ensure they have a suitable and diverse composition, combining individuals who have experience and knowledge of the Group, its businesses and the financial sector in general with others who have training, skills, knowledge and experience in other areas and sectors that enable the right balance to be attained in the composition of Corporate Bodies to improve operation and performance of their duties.

This allows the Board of Directors and its Committees to have suitable compositions that are always adapted to their needs, so they can therefore perform their functions effectively. In this sense, both the Board’s composition and the rotation process are aligned with the Bank’s strategy, which enables the Group to continue taking steps forward in its current digital transformation process.

Within the framework of the continuous Board rotation process, the Appointments Committee, in performing its duties, has in recent financial years put in place different selection processes for directors; these are aimed at identifying the most suitable candidates at all times, based on the needs of the Corporate Bodies, which favour diversity in experience, knowledge, skills and gender, as well as a level of independence of the Board.

In the last financial year, as part of the ordered rotation process for Corporate Bodies, the selection processes agreed upon by the Appointments Committee led to appointment proposals for three new directors, with the aim of selecting candidates that would (i) supplement the existing knowledge and experience of the Corporate Bodies, particularly in the financial (banking activity, risks, regulation and supervision of the financial sector) and technological fields, and (ii) increase diversity in terms of gender and international experience, while always considering the dedication of time deemed necessary for directors to perform their duties and respect for the rules on limitations and incompatibilities and on conflicts of interest, as established in the Regulations of the Board and applicable regulations.

The appointment proposals for three new directors, which were approved at the General Shareholders’ Meeting in 2018, directly contributed to achieving the targets established in the Policy, with at least 50% of the total number of directors being independent directors, increasing the proportion of women on the Board, to bring this closer to the target percentage included in the Policy; this also reinforced the knowledge of the Corporate Bodies regarding financial (in particular, relating to banking activity, risks, regulation and supervision of the financial sector) and technological fields, and adding to the international profile of the Corporate Bodies.

In addition, the Bank’s Corporate Bodies have made very important decisions regarding its executive directors, with a new Group Executive Chairman and a new Chief Executive Officer being appointed by the Board of Directors at the end of the financial year, following the Board’s approval of the succession plans for these two positions proposed by the Appointments Committee.

In this regard, and in relation to the Succession Plans for both the Group Executive Chairman and the Chief Executive Officer, in compliance with the principles established by the aforementioned Regulations of the Board and the Policy, the Appointments Committee analysed and determined the required profile and established the conditions for performing the role that the candidate must meet with regard to status of the director, expected dedication, knowledge, skills and experience, as well as business and professional reputation and other conditions deemed important by the Committee to ensure continuity of the decision-making process of the Corporate Bodies, in particular continuing to drive the transformation process that the Group is currently undergoing.

The Board of Directors therefore has a diverse composition, combining people with extensive financial and banking experience and knowledge with profiles that have experience and knowledge in various areas that are of interest to the Bank and its Group, such as auditing, legal and academic fields, multinational business, digital

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

76

businesses and technology, both nationally and internationally. This enables the Board overall to have a suitable balance in its composition and suitable knowledge of the Bank’s and the Group’s environment, activities, strategies and risks, helping it to better perform its functions.

Moreover, in accordance with the provisions of Article 540 of the Corporate Enterprises Act, which stipulates that a brief description of the diversity policy, with regard to directors and to members of management, must be provided, BBVA employs a selection and appointment policy for members of BBVA’s Senior Management. Said policy is designed to ensure that individuals in Senior Management positions at BBVA have the capacity to properly exercise the responsibilities conferred upon them. Thus, members of BBVA Senior Management must have top-level academic and technical qualifications, professional skills—underpinned by their professional careers to date—applicable to the responsibilities associated with the role to be fulfilled, a recognised honourable professional reputation, and commitment to BBVA’s values.

Thus, pursuant to the provisions of the Policy on the assessment of internal talent, performance is assessed in terms of the achievement of objectives, potential to assume greater responsibilities in the future, and individuals’ professional capabilities and skills. These assessments may be supported by means of review sessions during which members of Senior Management analyse the profiles of certain employees and share their opinions on the achievements and strengths of each individual. Moreover, for the selection of external candidates for Senior Management positions, references and top-level executive search firms are used. The Talent & Culture area ensures that external candidates possess top-level academic and technical qualifications, that their professional careers to date adequately encompass the responsibilities associated with the roles to be fulfilled, that they have recognised professional reputations, and that, during their careers at other organisations, they have demonstrated a high level of alignment with BBVA’s values. The candidates identified through the company’s external selection process are considered alongside internal candidates, in order to select the individual that best fits the role to be fulfilled.

Moreover, in accordance with the BBVA Board Regulations, the duties of the Board of Directors include appointing members of Senior Management, following a report from the Bank’s Appointments Committee. Prior to the proposal and appointment of members of Senior Management, the Bank follows a selection process that is governed by the aforementioned principles and criteria, and that comprises the following stages: (i) review and analysis of the duties to be performed in the position, and the profiles of the candidates best suited to assume the position — this process ends with the selection of a final candidate to assume the position; (ii) assessment by the Suitability Committee of the suitability of the proposed candidate, in accordance with the specific procedure established by the Bank in that regard; (iii) presentation, if the candidate is considered suitable, of the proposed appointment to the Appointments Committee in order for the latter to prepare its report to the Board of Directors; and (iv) submission of the proposal to the Board of Directors for approval, with said proposal accompanied by the report of the Appointments Committee.

Further to Section C.1.9, the supervision and control Board Committees, with regulatory nature, also have certain duties delegated by the Board of Directors, the most notable of which are as follows:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

77

In order to complete the information included in Section C.1.13, it is indicated that:

The amount indicated under the heading “Remuneration of the Board of Directors accrued during the financial year”, corresponds, according to the instructions of this Report, with the amount declared as total remuneration accrued according to table c) “Summary of Remunerations” of the Section C.1. of the Annual Report on the Remuneration of BBVA’s directors, which includes: fixed remuneration and remuneration in kind of executive and non-executive directors received in 2018; the Initial Portion (40%) of the Annual Variable Remuneration (“AVR”) for the year 2018 of the executive directors, in cash and in monetized shares, which will be received in 2019, if conditions are met; as well as 50% of the deferred AVR for the year 2015, in cash and in shares, including its update, whose delivery corresponds in 2019 if conditions are met. Likewise, the same remuneration concepts are included for the directors who stepped down from their position during 2018.

An individual breakdown of these amounts for each director can be found in Note 54 of the Bank’s consolidated Annual Report for the 2018 financial year.

At the time of drafting this report, both the Initial Portion (40%) of the AVR for the 2018 financial year and the Deferred Portion of the 2015 deferred AVR have not been paid.

In order to calculate the cash value of the shares corresponding to the Initial Portion of 2018 AVR for executive directors has been calculated based on the average closing price of BBVA shares according to the trading sessions that took place between 15 December 2018 and 15 January 2019, inclusive, which in accordance with the Remuneration Policy for BBVA Directors it is used to determine the portion in shares for the 2018 AVR. This price stood at €4.77 per share. Similarly, in order to calculate the cash value of the shares corresponding to the deferred part of 2015 AVR, the reference price used is based on the average closing price of BBVA shares according to the trading sessions that took place between 15 December 2015 and 15 December 2016, both inclusive, which in accordance with the Policy applicable in 2015 it was the criterion that served to determine the part in shares of the AVR 2015. This price stood at €6.63 per share

The total amount indicated does not include the remuneration of BBVA Chief Executive Officer (CEO) Onur Genç, who was appointed by resolution of the Board of Directors on 20 December 2018, since no remuneration was accrued due to his condition as CEO or as member of the Board during 2018. Therefore, his remuneration linked to his previous position as Chairman and CEO of BBVA Compass can be found in Note 54 of the Annual Report on the Bank’s consolidated Annual Report for the 2018 financial year.

With regard to the “Amount of accrued entitlements by current directors in regard to pensions” indicated in Section C.1.13 of this Report, as at 31 December 2018, the Bank had undertaken pension commitments in favour of Carlos Torres Vila and José Manuel González-Páramo Martínez-Murillo to cover contingencies of retirement, disability and death in accordance with the provisions of the Bylaws, the Remuneration Policy for BBVA Directors and the directors’ respective employment contracts with the Bank. The main characteristics of the pension systems are detailed in the Remuneration Policy for BBVA Directors and in Note 54 of the Annual Report for the financial year 2018, which includes the amounts of the rights accrued by said directors.

The balance of the item “Provisions - Funds for pensions and similar obligations” on the Group’s consolidated balance sheet at 31 December 2018 includes EUR 79 million as post-employment provision commitments maintained with former members of the Board of Directors.

In order to complete the information included in Section C.1.14, it is indicated that:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

78

The item “Total remuneration of Senior Management” includes the remuneration of members of Senior Management listed as such as at 20 December 2018 (15 members), comprising: fixed remuneration and remuneration in kind received during the 2018 financial year; the Initial Portion (40%) of the AVR for the year 2018, the portion in cash (50%) and in shares (50%), which will be received in 2019, if conditions are met; as well as 50% of the deferred AVR for the year 2015, in cash (50%) and in monetized shares (50%), including its update, whose delivery corresponds in 2019 if conditions are met.

This concepts can be found in Note 54 of the Bank’s consolidated Annual Report for the 2018 financial year.

At the time of drafting this Report, both the Initial Portion (40%) of the AVR for the 2018 financial year and the Deferred Part of the 2015 AVR have not been paid.

In order to calculate the cash value of the shares corresponding to the deferred part of 2015 AVR, the reference price used is based on the average closing price of BBVA shares according to the trading sessions that took place between 15 December 2015 and 15 January 2016, both inclusive, which in accordance with the Policy applicable in 2015 it was the criterion that served to determine the part in shares of the AVR 2015. This price stood at €6.63 per share.

The total amount indicated does not include the remuneration of the 5 members of Senior Management, who were appointed on December 20, 2018 by agreement of the Board since no remuneration was accrued due to the performance of their duties as senior manager during 2018. However, its remuneration associated with its previous positions is reported in Note 54 of the Bank’s consolidated Annual Report for the 2018 financial year. The main characteristics of the forecast systems are: defined contribution systems; the possibility of receiving the retirement pension in advance is not foreseen; and it has been established that 15% of the contributions agreed upon have the status of “discretionary pension benefits”, in accordance with the requirements of the applicable regulations. These amounts are detailed in Note 54 of the Bank’s consolidated Annual Report for the financial year 2018.

The balance of the item “Provisions—Funds for pensions and similar obligations” in the consolidated balance sheet of the Group as of December 31, 2018 includes EUR 253 million as post-employment provision commitments maintained with former members of Senior Management from the Bank.

With regard Section C.1.17, regarding the evaluation process and the evaluated areas carried out by the Board of Directors, the quality and efficiency of operation of the Audit and Compliance, Risk, Appointments, Remunerations, and Technology and Cybersecurity Committees, has been realized based on the reports submitted by their respective Chairmen:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

79

All of the above has been reflected in the Reports for evaluation by the Board of Directors and the Executive Committee of Banco Bilbao Vizcaya Argentaria, S.A. for the 2018 financial year, prepared by the Appointments Committee and submitted to the Board of Directors for its consideration, where, in addition to that stipulated in preceding paragraphs, the composition of the Board and its Committees, the Bank’s Corporate Governance System, the operation of the Corporate Bodies, the activity of the Board of Directors over the 2018 financial year, and the structure and organisation of the Committees, are taken into consideration.

With regard to Section C.1.27, as BBVA shares are listed on the New York Stock Exchange, it is subject to the supervision of the Securities & Exchange Commission (SEC) and, thus, to compliance with the Sarbanes Oxley Act and its implementing regulations, and for this reason each year the Group Executive Chairman, the Chief Executive Officer and the executive tasked with preparing the Accounts sign and submit the certifications described in sections 302 and 906 of this Act, related to the content of the Annual Financial Statements. These certificates are contained in the annual registration statement (Form 20-F) which the Company files with this authority for the official record.

Further to Section C.2.1, we provide brief indications regarding what the regulations establish about the composition of each of the Board Committees:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

80

Moreover, as a continuation of the most significant actions of the Board Committees and its organizational and operational rules included in Section C.2.1

In particular, prior to their approval by the Board, the Committee oversaw the preparation of the individual and consolidated annual financial statements for the financial year, the half-yearly and quarterly financial statements, as well as other relevant financial information, including the CNMV (Comisión Nacional del Mercado de Valores — Spanish National Securities Market Commission) Registration Document, US SEC Form 20-F, and the Prudential Relevance Report.

In addition, within the financial information monitoring process, the Committee monitored the adequacy, appropriateness and effective operation of the internal control systems used in the preparation of financial information, including the tax systems, along with both internal reports and those of the external auditor on the effectiveness of the internal financial control.

With regards to activities related to the external auditor, the Committee has maintained appropriate relationships with the heads of the external auditor, during each of the monthly meetings it has held, in order to ascertain the planning, stage and progress of the work in connection with the audit of the Bank and Group annual financial statements, of the interim financial statements, and of other financial

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

81

information subject to review during the account auditing. It has also received and analysed the opinion reports and communications required by account auditing legislation, from the auditor, among which the following are of note: the work carried out on the Group’s financial information, the external auditor’s additional report for the Audit and Compliance Committee, and the confirmations of its independence with regards to the Bank.

Similarly, in relation to the independence of the external auditor, the Committee has ensured that internal procedures are implemented to safeguard against situations that may give rise to independence conflicts. It has also opposed declarations made by the external auditor concerning confirmation of its independence with regard to BBVA and its Group, and issued the corresponding reports in accordance with applicable legislation.

With regards to Internal Audit tasks, the Committee approved the Internal Audit Annual Work Plan for the financial year, overseeing the organisational measures set out in the Area for the performance of its functions; provided ongoing monitoring and supervised the Area’s activities and reports, ascertained the results of its most relevant work, identified any weaknesses and opportunities for improvement; and considered the recommendations proposed by the Internal Audit as a result of its review work. The Committee also resolved to carry out an external evaluation of the Internal Audit function, overseeing the conclusions of the work carried out by the external consultant in order to identify opportunities for improvement and best practices in the field.

With regards to the Compliance Area, the Committee has repeatedly reviewed the Area’s activities over the course of the financial year, overseeing the results of its examinations and the degree of progress in the implementation of planned measures, proposals for the approval and review of policies related to compliance, data protection or anti-corruption, monitoring of issues concerning MiFID regulations, and any other issues which may have arisen in this area of the Group’s activities. Moreover, the Committee approved the Compliance Area activities’ Annual Plan, carrying out a repeated review of its degree of progress and achievement.

The Committee also reviewed the changes to the structure of the Group companies, provided ongoing monitoring of the main issues relating to the Group’s legal and tax risks, and supervised the Group’s tax management along with the results of the inspection processes carried out on the matter.

Similarly, the Committee was made aware of the major communications and inspections carried out by the Group’s main supervisors, both domestic and foreign, in relation to matters within their remit.

Lastly, during the Bank’s General Shareholders’ Meeting held in 2018, the Committee informed shareholders of the main issues related to the matters within its remit, including overseeing the process of preparing Bank and Group financial information, which had been provided to shareholders for their approval, the result of the account auditing and of the function that it had carried out in this matter, as well as the main issues related to the matters described in this section and other issues that were handled.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

82

The Committee considered it advisable to perform succession planning for the Group Executive Chairman of the Bank.

As a result, the Committee launched the succession plan for the Group Executive Chairman, analysing the Bank’s Corporate Governance System, and also analysed the required profile of the candidate for Chairman.

Following this, the Committee selected Carlos Torres Vila as the most suitable candidate for the role, and agreed to submit a favourable opinion to the Board of Directors regarding its approval of the succession plan and appointment of Carlos Torres Vila as successor to the former Group Executive Chairman when he resigns from his post.

Also, given that the CEO of the Bank was selected to succeed the Chairman of the Board, the Committee considered a successor for the CEO role in preparation for the current CEO becoming Group Executive Chairman, in order for this succession to be carried out in an orderly manner.

In connection with this, the Committee drafted and adopted the skills profile needed for the position, which would serve as the basis for analysing the candidates, after which the Committee selected Onur Genç as the most suitable candidate for the position of Chief Executive Officer.

As a result of this, the Committee agreed to submit a favourable opinion to the Board of Directors regarding its approval of the succession plan for the Chief Executive Officer and the appointment of Onur Genç to this role.

The Committee also analysed the proposed appointments and removals of senior managers as a result of the new organisational structure, in accordance with the provisions established at the selection and appointment Policy of senior managers.

The Committee reviewed and verified the suitability of the proposed new senior managers, as reflected in its reports submitted to the Board.

Firstly, in implementation of the remuneration policies adopted, the Committee has analysed the following matters and, where appropriate, submitted the corresponding proposals to the Board:

With regard to non-executive directors, the Committee has analysed the remunerations established for performance of the role of director and for membership to the various Committees, and proposed to the Board that the amounts agreed by this body in previous sessions—which have not been updated since 2007—not be updated in 2018.

With regard to executives directors, the Committee has submitted to the Board the necessary proposals for: settling and paying the Annual Variable Remuneration for 2017; updating the deferred last third of the variable remuneration for the 2014 financial year, which was paid in the first quarter of 2018; reviewing the remuneration conditions (target fixed and variable) of the executive directors for the 2018 financial year, proposing to the Board that the amounts not be updated; scales of achievement of the multi-year performance indicators regarding the Annual Variable Remuneration for the 2017 financial year, as well as the related peer group and Total Shareholder Return (TSR) indicator; determining the annual and multi-year indicators for calculating the Annual Variable Remuneration for the 2018 financial year and their corresponding weightings; the targets and scales of achievement for calculating the 2018 Annual Variable Remuneration; and the minimum thresholds for Attributable Profit and Capital Ratio set for the generation of variable remuneration.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

83

With regard to those matters relating to the policy applicable to Senior Management, the Committee has revised the basic contractual conditions and received information on their annual performance indicators for the 2018 financial year and on the settlement of the Annual Variable Remuneration for the 2017 financial year for each member of Senior Management.

In terms of matters relating to the remunerations policy applicable to the Identified Staff, including Senior Management, the Committee has determined that the multi-year performance indicators used to calculate the Annual Variable Remuneration for the 2018 financial year, and their achievement scales used to calculate the deferred Annual Variable Remuneration for the 2017 financial year, should be the same as those established for executive directors.

As regards its function of ensuring compliance with the remuneration policy established by the Bank, the Committee has reviewed the implementation of such by the Group over the course of the 2017 financial year, including the Remuneration Policy for the Identified Staff and the procedure for identifying said group, and has also received information on the result of the process for identifying the Identified Staff within the BBVA Group during the 2018 financial year.

Finally, among its other functions, the Committee has submitted the Annual Report on the Remuneration of Directors to the Board for its approval and subsequent submission to the General Shareholders’ Meeting for a vote, and it has also proposed to the Board a resolution to increase the maximum variable remuneration level of up to 200% of the fixed component applicable to a specific number of members of the Identified Staff.

Detailed information on the activities of the Remunerations Committee is available on the Company’s website (www.bbva.com).

The Committee confirmed that the Group’s risk management and control model is adequate and that the Group has a structured Risk Area both at corporate level and in each geographical area and/or business area, adding that it functions correctly and that it provides the Committee with the information required to understand the Group’s risk exposure at any time, which enables the Committee to fulfil its monitoring, supervision and control functions.

The Risk Committee previously analysed the credit risk proposals that, due to the nature of the requestor (members of the BBVA Board of Directors or Senior Management), had been submitted to the Board of Directors for consideration.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

84

In 2018, the Committee received recurring information on the evolution of metrics and analysis in terms of profitability and capital, which evaluate the resulting pricing alignment in financing and credit activity against the risk strategy and risk transfer in the Group. Additionally, the Committee monitored the profitability of portfolios and businesses and the performance of the profitability indicators incorporated into the Risk Appetite Framework. All of this enabled the Committee to confirm that the prices of the assets and liabilities offered to customers were aligned with the Bank’s business model and risk strategy.

The Committee checked that the variable remuneration proposed in line with the Group’s Remuneration Policy is compatible with an adequate and effective risk management strategy and that it does not offer incentives to assume risks that exceed the level tolerated by the Group.

The Committee was informed of the Risk Area’s structure, resources and incentive scheme as well as its means, systems and tools (including those in development stage), having verified that the Group has adequate resources for its strategy.

The Committee receives regular information about the asset valuation and risk classification systems from both the model development and validation perspectives. This information is accompanied by a recurring report of the status of the different tools and projects developed at corporate level and for each geographical area and/or business area, as well as their existing levels of classification. In addition, with regard to the asset valuation system, the Committee receives information about the cost of risk and the hedging cost, as well as the trends of the portfolios of risk in market activities.

The Committee received one-off information about issues relating to the risk models and to the supervisory activity performed as part of the process for reviewing the Group’s internal models and the Internal Validation area.

During the 2018 financial year, the Risk Committee reviewed the Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Adequacy Assessment Process (ILAAP) Reports to monitor the drafting of the stress scenarios and confirm that they were aligned with the Risk Appetite Framework. To do so, the Committee received the help of the Risk and

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

85

Finance Areas among others, which enabled it to ensure that they accurately reflected the Group’s situation in the analysed fields.

In addition, the Risk Committee participated in the review of the Group’s Recuperation Plan with the aim of evaluating its alignment with the Risk Appetite Framework, again with the help of the Risk and Finance Areas, among others.

This was all done prior to being considered and, where applicable, approved by the Executive Committee and the Board of Directors.

The previous functions are carried out by the Risk Committee within the context of a culture that maintains the consistency of the Group’s General Risk Control and Management Model and ensures the implementation thereof at all levels of the organisation.

During the 2018 financial year, the Committee verified the progress and effectiveness of the various actions drawn up by the Risk Area to strengthen the risk culture in the Group, to enable employees to perform their functions in a secure environment, and to encourage the mitigation of risks to which their activities are exposed.

Finally, with regard to the Risk Committee’s organisational and operational rules and procedures, and in accordance with the provisions of the Regulations of the Board of Directors and of its own Regulations, this Committee meets as often as necessary to fulfil its duties, establishing a meeting schedule in accordance with the tasks to be carried out.

The Committee regularly receives help at its sessions from the Group’s Head of Global Risk Management, those in charge of each type of risk in the corporate field and the risk directors of the Group’s main entities, as well as the help of those people who, within the Group’s organisation, carry out tasks related to the Committee’s functions. It also conducts both internal and external assessments that it considers necessary to form opinions within its remit.

The Committee may request that persons with tasks within the Group organisation that are related to the Committee’s duties attend its meetings. In particular, the Committee maintains direct and ongoing contact with the executives responsible for the Group’s Engineering and Cybersecurity areas, from which it receives the information required to perform its duties, which is analysed during the Committee’s sessions.

The Committee can also conduct external assessments deemed necessary to form opinions on matters within its remit.

With respect to Section D (Related-party and Intragroup Transactions), see Note 53 of the BBVA Consolidated Annual Financial Statements for the 2018 financial year. Section D.4 details the transactions conducted by Banco Bilbao Vizcaya Argentaria, S.A. at the close of the financial year, with the company issuing securities on international markets, carried out as part of ordinary trading related to the management of outstanding issuances, guaranteed by BBVA. Moreover, with respect to Section D.4, please refer to the section entitled “Offshore financial centres” in the BBVA Consolidated Management Report for the 2018 financial year.

Likewise, in relation to Section D.7, BBVA holds significant holdings in three listed companies, which are not considered as subsidiaries and are not part of the BBVA Group. Additionally, as part of its ordinary operations, BBVA holds stakes in other listed companies, the participation in them is insignificant and these companies cannot be considered as subsidiaries belonging to the BBVA Group.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

86

As a complement to the provisions of Section E.1, the information related to the Infrastructure of the General Risk Control and Management Model is detailed below: the Group has the human and technological resources needed to effectively manage and monitor risks in order to carry out the functions set out in the Group’s risk Model and achieve its goals. With respect to human resources, the Group’s risk function has an adequate workforce in terms of number, skills, knowledge and experience. With respect to technology, the Group’s risk function assures the integrity of the measurement techniques, management information systems and the provision of the infrastructure required to support risk management, using the tools appropriate to the needs derived from the different types of risks in their admission, management, valuation and monitoring. Likewise, the Group promotes the development of a risk culture that ensures consistent application of the Risk Control and Management model in the Group, and that guarantees that the risk function is understood and internalised at all levels of the organisation.

Regarding taxation, BBVA has defined a tax-risk management policy based on a suitable control environment, a system for identifying risks and a monitoring process including continuous improvement of the effectiveness of the established controls. This management model was evaluated and approved by an independent expert.

As a complement to the information indicated in Section E.3, the information related to business, operational and legal risks is detailed below:

Many current proceedings in Spain involve plaintiffs demanding, both in Spanish courts and through preliminary rulings at the Court of Justice of the European Union, that certain clauses commonly appearing in mortgage loan agreements with financial institutions be declared as unfair (clauses relating to mortgage expenses or early maturity, the use of certain benchmark interest rates, starting fees etc.). The resolutions from these types of proceedings brought against other banking institutions may affect the Group indirectly.

The Group is involved in investigations by competition authorities in several countries which may result in sanctions and claims for damages by third parties.

As explained in the Other Non-Financial Risks section of the Non-Financial Information State in the management report, the Group could be similarly immersed in investigations by the judicial authorities without, up to now, receiving any formal notification to that effect, in relation to the contracting of allegedly irregular activities that, if confirmed, could have a negative reputational impact for the Bank. The Bank is conducting an internal investigation, and it is not possible to predict at this time the scope or duration of such investigations or their possible outcome or implications for the Group.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

87

The Group manages and continuously monitors such proceedings in defence of its interests, and makes the necessary provisions to cover itself based on the amount of disputes and judicial pronouncements, and the stage that proceedings are at. However, is difficult to predict the outcome of the aforementioned actions and proceedings—both those that the Bank is currently involved in and those that may arise in the future—and of rulings involving other banking institutions. As such, in the event that jurisprudential criteria are amended or disputes have unexpected outcomes, the provisions in place may be rendered insufficient.

The main risks derived from the corruption and bribery offenses are specified in the Compliance System section, section other behavioral standards of the Ethical Behavior Chapter of the Non-Financial Information State of the Management Report.

As to adherence to codes of ethics or good practice, it is to be noted that during the 2011 financial year the BBVA Board of Directors approved the Bank’s adhesion to the Code of Good Tax Practices approved by Large Corporations Forum according to the wording proposed by the Spanish Tax Agency (AEAT). During this financial year, it has been compliant with the contents of this Code. Moreover, BBVA is committed to applying the provisions of the Universal Declaration of Human Rights, the Principles of United Nations Global Compact (to which BBVA has formally adhered), the Equator Principles (to which BBVA has formally adhered since 2004), the United Nations Principles for Responsible Investment, the Green Bond Principles, the Green Loan Principles, those of the RE100, Science Based Targets and Grupo Español para el Crecimiento Verde (Spanish Green Growth Group) initiatives, and those of other conventions and treaties of international organisations such as the Organization for Economic Co-operation and Development and the International Labour Organization. In addition, BBVA is a member of the United Nations Environment Programme — Finance Initiative and the Thun Group of Banks on Human Rights, and follows the United Nations Principles for Responsible Banking. Moreover, BBVA is firmly committed to the United Nations Sustainable Development Goals and the Paris Agreement on Climate Change, and, since 2017, the Bank has been part of the pilot group of banks committed to implementing the recommendations regarding financing and climate change published in July by the Financial Stability Board of the G20.

This annual corporate governance report was approved by the company’s Board of Directors on 11 February 2019.

List whether any directors voted against or abstained from voting on the approval of this report.

NO

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

88

SIGNATURE

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.