UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 6-K

REPORT OF FOREIGN ISSUER

PURSUANT TO RULE 13a-16 OR 15d-16

UNDER THE SECURITIES EXCHANGE ACT OF 1934

For the month of February, 2018

Commission file number: 1-10110

BANCO BILBAO VIZCAYA ARGENTARIA, S.A.

(Exact name of Registrant as specified in its charter)

BANK BILBAO VIZCAYA ARGENTARIA, S.A.

(Translation of Registrant’s name into English)

Calle Azul 4,

28050 Madrid

Spain

(Address of principal executive offices)

Indicate by check mark whether the registrant files or will file annual reports under cover of Form 20-F or Form 40-F:

Form 20-F  ☒            Form 40-F  ☐

Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(1):

Yes  ☐            No  ☒

Indicate by check mark if the registrant is submitting the Form 6-K in paper as permitted by Regulation S-T Rule 101(b)(7):

Yes  ☐            No  ☒

ANNUAL CORPORATE GOVERNANCE REPORT ON THE PUBLICLY TRADED COMPANIES

ISSUER IDENTIFICATION

TAX ID No.: A-48265169

Registered name: BANCO BILBAO VIZCAYA ARGENTARIA, S.A.

Registered Address: Plaza de San Nicolás 4, 48005 Bilbao (Vizcaya)

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

1

ANNUAL CORPORATE GOVERNANCE REPORT

ON THE PUBLICLY TRADED COMPANIES

A. OWNERSHIP STRUCTURE

A.1 Fill in the following table on the company’s share capital:

Indicate if there are different classes of shares with different rights associated with them.

NO

A.2 Detail the direct and indirect owners of significant holdings in your company at year-end, excluding directors:

Indicate the most significant movements in the shareholder structure during the year:

A.3 Fill in the following tables with the members of the company’s Board of Directors with voting rights on company shares:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

2

Fill in the following tables with the members of the company’s Board of Directors with share options:

A.4 Where applicable, indicate any family, commercial, contractual or corporate relationships between holders of significant shareholdings, insofar as the company is aware of them, unless they are of little relevance or due to ordinary trading or exchange activities:

A.5 Where applicable, indicate any commercial, contractual or corporate relationships between holders of significant shareholdings, and the company and/or its group, unless they are of little relevance or due to ordinary trading or exchange activities:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

3

A.6 Indicate whether the company has been informed of any shareholder agreements that may affect it as set out under articles 530 and 531 of the Corporate Enterprises Act. Where applicable, briefly describe them and list the shareholders bound by such agreement:

NO

Indicate whether the company is aware of the existence of concerted actions amongst its shareholders. If so, describe them briefly.

NO

If there has been any amendment or breaking-off of said pacts or agreements or concerted actions, indicate this expressly:

A.7 Indicate whether any person or organization exercises or may exercise control over the company pursuant to article 5 of the Securities Exchange Act. If so, identify names:

NO

Name (person or company)

Comments

A.8 Fill in the following tables regarding the company’s treasury stock:

At year end:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

4

Give details of any significant changes during the year, pursuant to Royal Decree 1362/2007:

Explain the significant changes

Five treasury stock communications were made in 2017, of which one correspond to a change in the number of voting rights in the “Dividend Option”, which let shareholders decide whether to receive shares or cash for their dividend payment and the rest correspond to acquisitions passed the 1% threshold. These communications are detailed below:

A.9 Describe the conditions and term of the prevailing mandate from the general meeting to the Board of Directors to issue, buy back and transfer treasury stock.

To date, BBVA has not adopted any resolution using this delegated power.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

5

In exercising this delegation in 2017, BBVA executed two issues of perpetual securities that are contingently convertible (additional tier 1 capital instruments) with exclusion of the pre-emptive subscription rights, amounting to EUR 500 million and USD 1 billion, respectively.

A.9 bis Estimated floating capital:

A.10 Indicate whether there is any restriction on the transferability of securities and/or any restriction on voting rights. In particular, report the existence of any restrictions that might hinder the take-over of control of the company by purchasing its shares on the market.

NO

A.11 Indicate whether the General Meeting has agreed to adopt measures to neutralize a public takeover bid, pursuant to Act 6/2007.

NO

If so, explain the measures approved and the terms and conditions under which the restrictions would become inefficient:

A.12 Indicate whether the company has issued securities that are not traded on a regulated market in the EU.

YES

Where applicable, indicate the different classes of shares, and what rights and obligations each share class confers.

All the shares in BBVA’s capital have the same class and series, and confer the same voting and economic rights. There are no different voting rights for any shareholder. There are no shares that do not represent capital.

The Bank’s shares are admitted for trading on the Securities Exchanges in Madrid, Barcelona, Bilbao and Valencia, through the Spanish electronic trading platform (Continuous Market), and the stock markets in London and Mexico. BBVA American Depositary Shares (ADS) are traded on the New York Stock Exchange.

Additionally, as of 31 December 2017, shares of BBVA Banco Continental, S.A., Banco Provincial S.A., BBVA Colombia, S.A., BBVA Chile, S.A. and BBVA Banco Francés, S.A., were traded on their respective local securities markets and, for the latter entity, on the New York Stock Exchange and in the Latin American securities exchange (LATIBEX) on the Stock Market of Madrid.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

6

B GENERAL MEETING

B.1 Indicate, and where applicable give details, whether there are any differences from the minimum standards established under the Corporate Enterprises Act (CEA) with respect to the quorum and constitution of the General Meeting.

YES

Description of differences

Article 194 of the Corporate Enterprises Act establishes that, in limited companies, in order for a General Meeting (whether annual or extraordinary) to validly resolve to increase or reduce capital or make any other amendment to the Company Bylaws, bond issuance, the cancellation or restriction of first refusal subscription rights over new shares, or the conversion, merger or spin-off of the company or global assignment of assets and liabilities or the transfer the registered office abroad, the shareholders present and represented on first summons must own at least fifty percent of the subscribed capital with voting rights.

On second summons, twenty-five percent of said capital will be sufficient.

The above notwithstanding, article 25 of the BBVA Company Bylaws establishes that a reinforced quorum of two-thirds of subscribed capital with voting rights must attend the General Meeting at first summons or 60% of that capital at second summons, in order to adopt resolutions on replacing the corporate purpose, the transformation, total spin off, winding-up of the Company and amending that article of Bylaws establishing this reinforced quorum.

B.2 Indicate, and where applicable give details, whether there are any differences from the minimum standards established under the Corporate Enterprises Act (CEA) for the adoption of corporate resolutions:

NO

Describe any differences from the minimum standards established under the CEA.

B.3 Indicate the rules applicable to amendments to the company bylaws. In particular, report the majorities established to amend the bylaws, and the rules, if any, to safeguard shareholders’ rights when amending the bylaws.

Article 30 of the BBVA Company Bylaws establishes that the General Meeting is empowered to amend the Company Bylaws and to confirm and/or rectify Board of Directors’ interpretation of them.

To such end, the rules established under articles 285 et seq. of the Corporate Enterprises Act shall apply.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

7

The above paragraph notwithstanding, article 25 of the BBVA Company Bylaws establishes that in order to adopt resolutions regarding any change to the corporate purpose, transformation, total spin-off or winding up the Company and amendment of the second paragraph of said article 25, two-thirds of the subscribed voting capital must attend the General Meeting on first summons or 60% of that capital on second summons.

As regards the procedure for amending the Company Bylaws, article 4.2 c) of Act 10/2014 dated 26th June, on the regulation, supervision and solvency of credit institutions, establishes that the Bank of Spain shall be responsible for authorizing amendments to the bylaws of credit institutions, as set out by regulations.

Moreover, article 10 of Royal Decree 84/2015 dated 13rd February, implementing Act 10/2014, stipulates that the Bank of Spain shall have two months to decide following receipt of the request for the Company’s Bylaws amendment, which must be accompanied by a certification of minutes recording the agreement, a report substantiating the proposal drawn up by the board of directors and a project of new bylaws, identifying the cited amendments.

Notwithstanding the foregoing, article 10 of Royal Decree 84/2015 also establishes that no previous authorization from the Bank of Spain is required, though the latter must be notified, so that it may be entered into the Credit Entity Register, of amendments with the following purposes:

This communication must be made within fifteen working days following the adoption of the Bylaws amendment resolution.

Finally, to indicate that as a significant entity, BBVA is under the direct supervision of the European Central Bank (ECB) in cooperation with the Bank of Spain under the Single Supervision Mechanism, so the authorization of the Bank of Spain above mentioned shall be submitted to the ECB, prior to its resolution by the Bank of Spain.

B.4 Indicate the data on attendance at general meetings held during the year to which this report refers and the previous year:

B.5 Indicate the number of shares, if any, that are required to be able to attend the General Meeting and whether there are any restrictions on such attendance in the bylaws:

YES

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

8

B.6 Section repealed.

B.7 Indicate the address and means of access through the company website to the information on corporate governance and other information on the general meetings that must be made available to shareholders on the company’s website.

The content on corporate governance and other information on the latest general meetings are directly accessible through the Banco Bilbao Vizcaya Argentaria, S.A. corporate website, www.bbva.com, in the Shareholders and Investors, Corporate Governance and Remunerations Policy section.

C COMPANY MANAGEMENT STRUCTURE

C.1 Board of Directors

C.1.1 Maximum and minimum number of directors established in the bylaws:

C.1.2 Fill in the following table on the Board members:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

9

Indicate the severances that have occurred on the Board of Directors during the reporting period:

C.1.3 Fill in the following tables on the Board members and their different kinds of directorship:

EXECUTIVE DIRECTORS

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

10

EXTERNAL PROPRIETARY DIRECTORS

EXTERNAL INDEPENDENT DIRECTORS

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

11

Indicate whether any director considered an independent director is receiving from the company or from its group any amount or benefit under any item that is not the remuneration for his/her directorship, or maintains or has maintained over the last year a business relationship with the company or any company in its group, whether in his/her own name or as a significant shareholder, director or senior manager of an entity that maintains or has maintained such a relationship.

Where applicable, include a reasoned statement from the Board with the reasons why it deems that this director can perform his/her duties as an independent director.

OTHER EXTERNAL DIRECTORS

Identify all other external Directors and explain why these cannot be considered proprietary or independent Directors and detail their relationships with the company, its executives or shareholders.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

12

Indicate any changes that may have occurred during the period in the type of directorship of each director:

C.1.4 Fill in the following table with information regarding the number of female directors over the last 4 years, and the category of their directorships:

C.1.5 Explain the measures, if any, that have been adopted to try to include a number of female directors on the Board that would mean a balanced presence of men and women.

Explanation of measures

Article 2 of the Regulations of the Board of Directors establishes that the appointment of members of the Board corresponds to the General Shareholders’ Meeting notwithstanding the Board’s capacity to co-opt Members in the event of any vacancy. Thus, the Appointments Committee’s mission is to assist the Board of Directors in matters concerning the selection and appointment of directors and, in particular, to submit to the Board of Directors the proposals for the appointment, re-election or removal of independent directors and to report on the proposals for the appointment, re-election or removal of all other directors.

To such end, article 33 of the Regulations of the Board of Directors establish that the Appointments Committee will assess the balance of skills, knowledge and expertise that the Board of Directors requires, as well as the conditions that candidates should meet to fill the vacancies arising, assessing the dedication of time necessary to be able to suitably perform their duties in light of the needs that the Company’s governing bodies may have at any given time. The Committee will ensure that, in line with the principles set out in the BBVA Regulations of the Board of Directors, when filling new vacancies, the selection procedures are not marred by implicit biases that may involve any kind of discrimination or, in particular, hinder the selection of female directors, trying to ensure that women who display the professional profile being sought are included as potential candidates.

BBVA’s director selection policy states that the selection, appointment and rotation procedures for the Board of Directors shall be aimed at attaining a composition of the company’s governing bodies that enable the powers established by law, Company Bylaws and its own regulations to be properly discharged in the company’s best

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

13

interest. To this effect, the Board of Directors shall ensure that the procedures enable the most suitable candidates to be identified at all times, based on the requirements of the governing bodies and that they favor diversity of experience, knowledge, skills and gender and, in general, do not suffer from implicit biases that may involve any kind of discrimination.

Specifically, its shall ensure that the selection procedures do not involve discrimination in selecting female members and that in 2020 the number of female board members will represent at least 30% of the total number of members of the Board of Directors. In turn, it shall ensure that the composition of the Board has an appropriate balance between the different types of board members and that non-executive members represent an ample majority over executive directors.

Furthermore, in order to ensure the suitable composition of the Board of Directors at all times, its structure, size and composition shall be periodically analyzed, setting out the corresponding candidate identification and selection processes to, where applicable, be put forward as new members of the Board of Directors, where deemed necessary or appropriate. This analysis process shall also consider the composition of the different Board committees that assist this corporate body in the performance of its duties and which comprise an essential element of BBVA’s corporate governance.

The governing bodies shall also be evaluated to ensure they have a suitable and diverse composition, combining individuals who have experience and knowledge of the Group, its businesses and the financial sector in general with others who have training, skills, knowledge and experience in other areas and sectors that enable the right balance to be attained in the composition of governing bodies to improve operation and performance of their duties.

In these selection processes carried out by the Appointments Committee, it has the support of prestigious consultants in the selection of international directors, who carry out an independent search for potential candidates that meet the profile defined in each case by the Appointments Committee.

During these processes, the external expert was expressly requested to include women with the suitable profile among the candidates to be presented and the Committee analyzed the personal and professional profiles of all the candidates presented on the basis of the information provided by the consultancy firm, according to the needs of the Bank’s governing bodies at any given time. The skills, knowledge and expertise necessary to be a Bank director were assessed and the rules on incompatibilities and conflicts of interest as well as the dedication deemed necessary to be able to comply with the duties were taken into account.

BBVA currently has three female directors on its Board of Directors, i.e. 23.08% of its members, one of whom is a member of the Bank’s Executive Committee. However, if the proposals for re-election and appointment of directors that are going to submit to the General Meeting of 2018 are approved, the number of female directors will increase, which will be 4.

C.1.6 Explain the measures, if any, agreed by the Appointments Committee to ensure that selection procedures do not suffer from implicit biases that may hinder the selection of female directors, and that the company deliberately seeks and includes potential female candidates that meet the professional profile sought:

Explanation of measures

See above section.

The Appointments Committee, in compliance with the principles established in the Board of Directors’ Regulations and Selection, Appointment, Rotation and Diversity Policy of the Board of Directors, in the selection processes of the directors, ensures that among the potential candidates are women who meet the professional profile sought, and also takes care that in the selection procedures there are no implicit biases that might hinder the selection of female directors.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

14

When, despite any measures that might have been adopted, the number of female directors is low or zero, explain the reasons:

Explanation of reasons

C.1.6.bis Explain the conclusions of the Appointments Committee regarding verification of compliance with the board member selection policy. And, in particular, explain how this policy is fostering the goal for 2020 to have the number of female board members represent at least 30% of the total number of members of the board of directors.

As to the principles underpinning the director selection policy of BBVA, described in section C.1.5 above, the Appointments Committee has conducted throughout the year an ongoing analysis of the structure, size and composition of the Board of Directors and of the principles and aims established by the Bank’s director selection policy.

With regard to the suitability requirements necessary under the selection policy for the performance of the office, in particular, commercial and professional good repute, knowledge and experience appropriate to the performance of his/her duties and aptitude to exercise good governance of the Company, the Appointments Committee considered that the Board, as a whole, has an appropriate balance in its composition and an adequate knowledge of the environment, activities, strategies and risks of the Bank and its Group, thus supporting suitable operation.

The Committee believes that Bank directors have the required reputation to hold their position, the skills required and the availability to devote the time required to discharge their responsibilities.

As to the Board selection, appointment and rotation procedures, which are aimed at achieving a composition of the corporate bodies of the Bank that supports the proper exercise of their duties in the Company’s best interests, the Appointments Committee has thought it appropriate to continue the process of gradual rotation of the Board so as to open the way to directors with experience and knowledge of the financial sector and the culture and businesses of the Group, thus gradually recruiting people with different professional profiles and expertise to enhance the diversity of corporate bodies.

The Committee therefore endeavors to ensure that the selection, appointment and rotation procedures enable the most suitable candidates to be identified at all times, based on the requirements of the governing bodies and that they favor diversity of experience, knowledge, skills and gender and, in general, do not suffer from implicit biases that may involve any kind of discrimination, for which purpose it has had the assistance of a leading international independent consultancy firm on director selection.

Moreover, the Committee encourages the recruitment to the Board of new members who are able to fulfill or maintain the aims set out in the selection policy, while ensuring that selection processes are carried out to the highest standard of professionalism and independence.

In addition, the Committee has analyzed and considered, for the purposes of proposals for re-election and appointment of directors that are going to submit to the General Meeting of 2018, the terms of the selection policy requiring that by 2020 the number of women directors accounts for at least 30% of the entire Board, while ensuring that non-executive directors preserve an ample majority over executive directors, and, moreover, ensuring that the number of independent directors is at least 50% of the Board.

If the General Shareholders’ Meeting of 2018 adopts the respective proposals for appointment and re-election of directors, the number of women directors will increase to 4, which would imply a percentage of 26% of the total Board members (15), approaching the target of 30% set for 2020. The number of non-executive directors will continue to account for an ample majority of the Board (80%), and at least 50% of directors will be independent, in line with the provisions established in the selection policy.

Hence, in accordance with the conclusions reached by the Appointments Committee, BBVA’s corporate bodies would maintain a structure, size and composition according to their needs and, as in recent years, with a structure in which at least half of its directors are independent directors, in line with the provisions established in the Regulations of the Board of Directors and in the Selection, Appointment, Rotation and Diversity Policy of the Board of Directors.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

15

C.1.7 Explain the form of representation on the Board of shareholders with significant holdings.

C.1.8 Explain, where applicable, the reasons why proprietary directors have been appointed at the behest of a shareholder whose holding is less than 3% of the capital:

Indicate whether formal petitions have been ignored for presence on the Board from shareholders whose holding is equal to or higher than that of others at whose behest proprietary directors were appointed. Where applicable, explain why these petitions have been ignored.

NO

C.1.9 Indicate whether any director has stood down before the end of his/her term of office, if the director has explained his/her reasons to the Board and through which channels, and if reasons were given in writing to the entire Board, explain below, at least the reasons that were given:

C.1.10 Indicate any powers delegated to the managing directors(s):

C.1.11 Identify any members of the Board holding positions as directors or managers in other companies belonging to the listed company’s group:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

16

C.1.12 Detail, where applicable, any company directors that sit on Boards of other companies publicly traded on regulated securities markets outside the company’s own group, of which the company has been informed:

C.1.13 Indicate and, where applicable, if board regulations have established rules on the maximum number of company boards on which its directors may sit:

YES

Explanation of rules

Article 11 of the Board of Directors Regulations establishes that in the performance of their duties, directors will be subject to the rules on limitations and incompatibilities established under applicable regulations at any time and in particular to the provisions of Spanish Act 10/2014 on the regulation, supervision and solvency of credit institutions.

Article 26 of Act 10/2014 establishes that the directors of credit institutions may not hold at the same time more positions than those set out in one of the following combinations: (i) an executive position together with two non-executive positions; or (ii) four non-executive positions. Executive positions are defined as those performing management duties irrespective of the legal bond attributed by those duties. The following will count as a single position: 1) executive or non-executive positions held within the same group; 2) executive or non-executive positions held within: (i) entities belonging to the same institutional protection scheme; or (ii) companies in which the entity holds a significant stake. The positions held in non-profit organizations or entities pursuing non-commercial purposes shall not count when determining the maximum number of positions. Nonetheless, the Bank of Spain may authorize members of the Board of Directors to hold an additional non-executive post if it deems that such a post would not interfere with the correct performance of the activities thereof in the credit institution.

Also, in accordance with article 11 of the Board of Directors Regulations, BBVA directors may not:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

17

Non-executive directors may hold a directorship in the Bank’s associate companies or in any other Group company provided the directorship is not related to the Group’s holding in such companies. They must have prior approval from the Bank’s Board of Directors. For these purposes, holdings of the Bank or its Group in companies resulting from its ordinary business activities, asset management, treasury trading, derivative hedging and/or other transactions will not be taken into account.

C.1.14 Section repealed.

C.1.15 Indicate the overall remuneration for the Board of Directors:

C.1.16 Identify members of senior management that are not in turn executive directors, and indicate the total remuneration accruing to them during the year:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

18

C.1.17 Indicate the identity of the Board members, if any, who are in turn members of the Board of Directors in companies of significant shareholders and/or in entities of their group:

Detail the relevant affiliations, other than those considered in the above paragraph, that link Board members to significant shareholders and/or companies in their group:

C.1.18 Indicate whether there has been any change in the Board regulations during the year:

NO

Description of changes

C.1.19. Indicate procedures for selection, appointment, re-election, assessment and removal of directors. List the competent bodies, the procedures to be followed and the criteria to be employed in each procedure.

Selection, appointment and re-election procedure:

BBVA has established a policy setting out the main general principles applicable in the selection and appointment of directors. Additionally, articles 2 and 3 of the Board of Directors Regulations stipulate that the General Meeting is responsible for the appointment of members of the Board. However, if a seat falls vacant, the Board has the authority to co-opt members. In any event, persons proposed for appointment as directors must meet the requirements of prevailing legislation, the specific regulations applicable to credit institutions and he provisions of the Company Bylaws. In particular, directors should meet the necessary suitability requirements to exercise their directorship. Thus, they must be considered to be of commercial and professional good repute, with adequate knowledge and expertise to perform their duties and in situation in which they can exercise good governance of the entity.

The Board will ensure that the selection procedures for directors favour diversity in experience, knowledge, skills and gender and, in general, do not suffer from implicit biases that may imply any discrimination. The Board will submit its proposals to the General Meeting in such a way that there is an ample majority of non-executive directors over the number of executive directors on the Board. The proposals submitted to the General Meeting for appointment or re-election of directors and the appointments the Board makes directly to cover vacancies, exercising its powers of co-option, will be approved at proposal of the Appointments Committee in the case of independent directors, and following a report from said Committee for all other directors. In any case, the proposal must be accompanied by a report of the Board explaining the grounds on which the Board of Directors has assessed the competence, experience and merits of the proposed candidate, which will be attached to the minutes of the General Meeting or of the Board of Directors. The Board’s resolutions and deliberations on these matters will take place in the absence of the director whose re-election is proposed who, if present, must leave the meeting.

To such end, the Board of Directors Regulations establish that the Appointments Committee will evaluate the balance of skills, knowledge and expertise on the Board of Directors, as well as the conditions that candidates should display to fill the vacancies arising, assessing the dedication necessary to be able to suitably perform their duties in view of the needs that the Company’s governing bodies may have at any time. The Committee will ensure that when filling new vacancies, the selection procedures are not marred by implicit biases that may involve any discrimination and, in particular, those that hinder the selection of female directors, trying to ensure that women who display the professional profile being sought are included as potential candidates.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

19

Directors will stay in office for the term established by the Company Bylaws or, if they have been co-opted, until the first General Meeting is held.

Assessment:

As indicated in article 17 w) of the Board’s Regulations, the Board of Directors is responsible for assessing the quality and efficiency of its operation and assessment of the performance of the duties of the Chairman of the Board. Such assessment will always begin with the report submitted by the Appointments Committee. Likewise, evaluation of the operation of its Committees, on the basis of the report that these submit to it. Moreover, article 5 of the Board’s Regulations establishes that the Chairman, who is responsible for efficiently running of the Board, will organize and coordinate the regular assessment of the Board with the Chairs of the relevant Committees. Moreover, article 5 ter of the Board’s Regulations establishes that the Lead Director is especially empowered to conduct the regular assessment of the Chairman of the Board.

Pursuant to the provisions of the Board Regulations, as in previous years, in 2017 the Board of Directors assessed the quality and efficiency of its own running and that of its Committees, as well as the performance of the duties of the Chairman, both as Chairman of the Board and as the first executive of the Bank, based on the report of the Appointments Committee.

Severance:

Directors will stand down from office when the term for which they were appointed has expired, unless they are re-elected.

Directors must apprise the Board of any circumstances affecting them that might harm the Company’s reputation and credit and circumstances that may impact their suitability for the position. Directors must place their directorship at the disposal of the Board and accept its decision regarding their continuity or non-continuity in office, under the circumstances listed in section C.1.21 below. If its decision is negative, they are obliged to tender their resignation. In any event, directors will resign their positions on reaching 75 years of age. They must present their resignation at the first meeting of the Bank’s Board of Directors after the General Meeting of Shareholders that approves the accounts for the year in which they reach this age.

C.1.20 Explain to what degree the self- assessment has led to significant changes in its internal organization and the procedures applicable to its activities:

Description of changes

Article 17 of the Board of Directors Regulations establishes that the Board will assess the quality and efficiency of the Board’s operation, based on the report submitted by the Appointments Committee, which it has done in 2017, likewise producing certain changes (indicated below), similar to previous years, to continue the ongoing adaptation process of corporate governance to the regulatory requirements and best practices.

Thus, the entity has been analyzing its needs for improvement by introducing various measures throughout 2017 to continue to evolve its Corporate Governance system and practices in accordance with the new environment in which the entity carries out its activity and its own reality, including, among other measures, the following: (i) fresh progress in the development of the Corporate Bodies’ decision-making process, further specifying the involvement of the Board Committees and the interaction among the different Corporate Bodies; (ii) continuing improvement of Corporate Bodies’ reporting model to ensure that decisions are made on the basis of adequate, complete and standardized information and to enable proper oversight of performance; (iii) a new remuneration policy for the Board of Directors, where deferral has been extended and the share-based payment component has been amplified, introducing clawback arrangements for variable remuneration and modifying the pensions system toward a defined-contribution scheme, thus making strides toward alignment with international best practices; (iv) entrenchment of the Technology and Cybersecurity Committee, which has supported the Board in understanding the Group’s technology strategy and in the awareness and oversight of technology -related risks; and (v) development of a new organizational structure for Data with the creation of the “Head of Data” position at the highest level of the organization to drive the integration of global and strategic data management in all areas and businesses of the Bank, and of the “Data Protection Officer” position to equip the Group with a system for data control and protection that is suited to the new supervisory and business environment.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

20

C.1.20.bis Describe the assessment process and the assessed areas conducted by the board of directors assisted, as the case may be, by an external consultant, regarding the diversity in its composition and capacities, duties and composition of its committees, the performance of the chair of the board of directors and the first executive of the company, and the performance and contribution of each board member.

According to article 17 of the Board of Directors Regulations, the Board shall evaluate the quality and efficiency of its running and the performance of the functions of the Chairman of the Board, based in each case on the report submitted by the Appointments Committee. Likewise, the Board of Directors shall assess of the running of its Committees, based on the report they submit.

In the most recent assessment process carried out for 2017, the Board of Directors has assessed: (i) the quality and efficiency of the Board of Directors’ and of the Executive Committee`s operation, (ii) the performance of the Chairman of the Board of Directors; and (iii) the running of the Committees of the Board of Directors. The procedure to conduct these assessments was:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

21

C.1.20.ter Break down, where pertinent, the business relationship that the consultant or any company of its group maintains with the company or any company of its group.

C.1.21 Indicate the circumstances under which directors are obliged to resign.

In addition to the circumstances set out in applicable legislation, as established in article 12 of the BBVA Board of Directors Regulations, the directors shall resign from their office when the term for which they were appointed has expired, unless they are re-elected. Directors must apprise the Board of Directors of any circumstances affecting them that might harm the Company’s reputation and credit circumstances that may impact their suitability for the position.

As set out in article 12 of the BBVA Board of Directors Regulations, directors must place their office at the disposal of the Board of Directors and accept the Board’s decision regarding their continuity or non-continuity in office. Should the Board resolve they not continue, they will be obliged to tender their resignation, in the following circumstances:

C.1.22 Section repealed.

C.1.23 Are reinforced qualified majorities required, other than the legal majorities, for some type of resolution?

NO

If applicable, describe the differences.

C.1.24 Explain whether there are specific requirements, other than those regarding directors, to be appointed Chairman of the Board of Directors.

NO

C.1.25 Indicate whether the Chairman has a casting vote:

NO

C.1.26 Indicate whether the bylaws or the Board Regulations establish an age limit for directors:

YES

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

22

C.1.27 Indicate whether the bylaws or the Board Regulations establish a limited term of office for independent directors, other than that established by law:

NO

C.1.28 Indicate whether the bylaws or the Board Regulations establish specific rules for proxy voting in the Board of Directors, the way this is done and, in particular, the maximum number of proxies a director may have, and whether it has established any limit regarding the categories that may be delegated beyond the limits stipulated by legislation. If so, briefly give details on such rules.

The BBVA Board of Directors Regulations establishes that directors are required to attend the meetings of corporate bodies and the meetings of the Board Committees on which they sit, except for a justifiable reason. Directors shall participate in the deliberations, discussions and debates on matters submitted for their consideration.

However, article 21 of the Board of Directors Regulations establishes that should it not be possible for directors to attend any of the Board of Directors’ meetings, they may grant proxy to another director to represent and vote for them. This may be done by a letter or e-mail sent to the Company with the information required for the proxy director to be able to follow the absent director’s instructions, in observance of the applicable legislation, though non-executive directors may only grant their proxy to another director that is also non-executive.

C.1.29 Indicate the number of meetings the Board of Directors has held during the year. Where applicable, indicate how many times the Board has met without the Chairman in attendance. In calculating this number, proxies given with specific instructions will be counted as attendances.

If the Chairman is an executive Director, indicate the number of meetings held without an executive director present or represented and chaired by the Lead Director

Indicate the number of meetings of the Board’s different committees held during the year.

C.1.30 Indicate the number of meetings held by the Board of Directors during the year attended by all its members. In calculating this number, proxies given with specific instructions will be counted as attendances.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

23

C.1.31 Indicate whether the individual and consolidated financial statements presented for Board approval are certified beforehand:

NO

Where applicable, identify the person(s) who has(have) certified the Company’s individual and consolidated financial statements to be filed by the Board:

C.1.32 Explain the mechanisms, if any, established by the Board of Directors to prevent the individual and consolidated financial statements that it files from being presented to the General Meeting with a qualified auditors report.

Article 29 of BBVA’s Board of Directors Regulations establishes that the Audit and Compliance Committee will be formed exclusively by independent directors and its main task is to assist the Board of Directors in overseeing the financial information and the exercise of the Group control duties. In this regard, its functions are as follows: oversee the efficacy of the Company’s internal control, the internal audit and the risk management systems in the process of drawing up and reporting the financial information, including tax-related risks, as well as to discuss with the external auditor any significant weaknesses in the internal control system detected when the audit is conducted, without undermining its independence and oversee the process of drawing up and reporting the financial information. For such purposes, the Audit and Compliance Committee may submit recommendations or proposals to the Board of Directors.

Moreover, article 3 of the Audit and Compliance Committee Regulations establishes that the Committee shall verify that the external audit schedule is conducted under the agreed conditions at appropriate intervals, and that it meets the requirements of the competent authorities and the Bank’s governing bodies. The Committee will also periodically – at least once a year – request from the external auditor its evaluation of the quality of the group’s internal control procedures regarding the drafting and presentation the financial information of the Group.

The Committee shall also be apprised of any infringements, situations requiring adjustments, or anomalies that may be detected during the course of the external audit and are of a material nature; materiality in this context signifies those issues that, in isolation or as a whole, may give rise to a significant and substantive impact or harm to assets, earnings or the reputation of the Group; discernment of such matters shall be at the discretion of the external auditor who, if in doubt, must opt to report on them.

In exercising these duties, the Audit and Compliance Committee holds monthly meetings with the external auditor’s representatives without the presence of executives, to monitor their work on an ongoing basis, in order to guarantee that the activity is carried out under the best conditions and with no interference in management.

C.1.33 Is the company Secretary a director?

NO

Complete if the Secretary is not also a Director:

C.1.34 Section repealed.

C.1.35 Indicate the specific mechanisms the company has established, if any, to preserve the independence of the external auditors, the financial analysts, the investment banks and the rating agencies.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

24

The BBVA Audit and Compliance Committee Regulations establish that this Committee’s duties, described in section C.2.1, include ensuring the independence of the external auditor in two ways:

This matter is the subject of special attention by the Audit and Compliance Committee, which holds monthly meetings with the representatives of the external auditor, without the presence of Bank executives, to know the details of the progress and quality of their work, as well as to confirm their independence of the performance of their work. It also monitors the engagement of additional services to ensure compliance with the Committee’s Regulations and applicable legislation in order to safeguard the independence of the external auditor.

Moreover, in accordance with the provisions of point f), section 4 of article 529 quaterdecies of the Corporate Enterprises Act and article 30 of the BBVA Board of Directors Regulations, the Audit and Compliance Committee each year before the external auditor issues their report on the financial statements, has to issue a report expressing its opinion regarding the independence of the external auditor.

This report must in any event contain the reasoned assessment of the provision of additional services of any kind by the auditors to the Group’s entities, considered individually and as a whole, other than the legal audit and in relation to the regime of independence or the rules regulating the account audit activity. The external auditor must issue, also on an annual basis, a report confirming its independence via-à-vis BBVA or entities linked to BBVA, either directly or indirectly, with information on the additional services of any kind provided to these entities by the external auditor, or by the individuals or entities linked to them, as set out in the redrafted text of the Audit Act.

In keeping with the legislation in force, the relevant reports confirming the external auditor’s independence were issued in 2017.

In addition, as BBVA’s shares are listed on the New York Stock Exchange, it is subject to compliance with the provisions established in the Sarbanes Oxley Act and its implementing regulations.

Likewise, BBVA has in place a Shareholders and Investors Communication and Contact Policy that has been adopted by the Board of Directors. The policy is guided by the principle of equal treatment for all shareholders and investors, who are in the same position in terms of information, involvement and the exercise of their rights as shareholders and investors, inter alia.

Moreover, the principles and channels set out in the Shareholders and Investors Communication and Contact Policy govern, where applicable, BBVA relations with other interested parties, such as financial analysts, bank share management firms and depository institutions, and proxy advisors, among others.

C.1.36 Indicate whether the company has changed its external auditor during the year. If so, identify the incoming and outgoing auditors:

YES

If there were disagreements with the outgoing auditor, explain their grounds:

NO

Explanation of disagreements

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

25

C.1.37 Indicate whether the audit firm does other work for the company and/or its group other than the audit. If so, declare the amount of fees received for such work and the percentage of such fees on the total fees charged to the company and/or its group:

YES

C.1.38 Indicate whether the audit report on the annual financial statements for the previous year contained reservations or qualifications. If so, indicate the reasons given by the chair of the audit committee to explain the content and scope of such reservations or qualifications.

NO

C.1.39 Indicate the number of consecutive years during which the current audit firm has been auditing the financial statements for the company and/or its group. Likewise, indicate the percentage of the number of years audited by the current audit firm to the total number of years in which the annual financial statements have been audited:

C.1.40 Indicate and, where applicable, give details on the existence of a procedure for directors to engage external advisory services:

YES

Details of the procedure

Article 6 of the BBVA Board of Directors Regulations expressly recognizes that directors may request any additional information or advice they require to comply with their duties, and may request the Board of Directors for assistance from external experts on matters subject to their consideration whose special complexity or importance so requires.

The Audit and Compliance Committee, pursuant to article 31 of the Board of Directors Regulations, may engage external advisory services for relevant issues when it considers that these cannot be properly provided by experts or technical staff within the Group on grounds of specialization or independence.

Under articles 34, 37 and 40 of the Board of Directors Regulations and in accordance with the specific regulations of the Technology and Cyber-security Committee, the rest of the Committees may obtain such advice as may be necessary to establish an informed opinion on matters related to its business.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

26

C.1.41 Indicate and, where applicable, give details on the existence of a procedure for directors to obtain the information they need to prepare the meetings of the governing bodies with sufficient time:

YES

Details of the procedure

Article 6 of the Regulations of the Board of Directors establishes that directors will be apprised beforehand of sufficient information to be able to form their own opinions regarding the questions that the Bank’s governing bodies are empowered to deal with. They may request any additional information or advice they require to fulfill their duties.

Exercise of this right will be channeled through the Chairman or Secretary of the Board of Directors who will attend to requests by providing the information directly or by establishing suitable arrangements within the organization for this purpose, unless a specific procedure has been established in the regulations governing the Board of Directors Committees.

In accordance with article 24 of the Board Regulations, directors will be provided with any information or clarifications as they believe necessary or advisable in connection with the matters to be considered at the meeting. This can be done before or during the meetings.

BBVA has in place an informational model to allow decisions to be made based on sufficient, complete and consistent information, and, also, to facilitate appropriate oversight of performance.

Thus, the Bank’s corporate bodies have a procedure for verifying the information that is submitted for consideration to them, coordinated by the Board Secretariat with the areas responsible for information, through the Information of the Governing Bodies’ Department, in order to provide the directors for early consideration sufficient, adequate and complete information for the meetings of the Bank’s various corporate bodies and to enable directors to best perform their duties. The information that is made available to the Bank’s corporate bodies, prior to the holding of its sessions, is carried out through an electronic tool, to which all members of the Board of Directors have access, which ensures his availability.

C.1.42 Indicate and, where applicable give details, whether the company has established rules requiring directors to inform and, where applicable, resign under circumstances that may undermine the company’s standing and reputation:

YES

Explanation of rules

In accordance with article 12 of the Board of Directors Regulations, directors must apprise the Board of Directors of any circumstances affecting them that might harm the Company’s reputation and credit and circumstances that may impact their suitability for the position.

Directors must place their office at the disposal of the Board of Directors and accept its decision regarding their continuity or non-continuity in office. Should the Board resolve they not continue, they will be obliged to tender their resignation when for reasons attributable to the director in his or her condition as such, serious damage has been done to the Company’s net worth, credit and/or reputation or when they lose their suitability to hold the position of director of the Bank.

C.1.43 Indicate whether any member of the Board of Directors has informed the company of any legal suit or court proceedings against him or her for any of the offences listed in article 213 of the Corporate Enterprises Act:

NO

Indicate whether the Board of Directors has analyzed the case. If so, explain the grounds for the decision taken as to whether or not the director should retain his/her directorship or, where applicable, describe the actions taken or planned to be taken by the Board of Directors on the date of this report.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

27

C.1.44 Detail significant agreements reached by the Company that come into force, are amended or concluded in the event of a change in the control of the company stemming from a public takeover bid, and its effects.

C.1.45 Identify in aggregate terms and indicate in detail any agreements between the company and its directors, managers or employees that have guarantee or ring-fencing severance clauses for when such persons resign or are wrongfully dismissed or if the contractual relationship comes to an end due to a public takeover bid or other kinds of transactions.

Indicate whether these contracts must be disclosed to and/or approved by the Company governance bodies:

C.2 Board of Directors Committees

C.2.1 Detail all the Board Committees, their members and the proportion of executive, proprietary, independent and other external directors sitting thereon:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

28

EXECUTIVE OR DELEGATE COMMITTEE

Explain the committee’s duties, describe the procedure and organizational and operational rules and summarize the main actions taken during the year.

In accordance with article 27 of BBVA’s Board of Directors Regulations, the Executive Committee shall be apprised of matters delegated by the Board of Directors, in accordance with the pertinent legislation currently in force, the Company Bylaws or the Board Regulations. Among the functions of the Executive Committee is that of assisting the Board of Directors in its general supervision role, and in particular in the supervision of the progress of business and the monitoring of the risks to which the Bank is or may be exposed and in decision-making on matters that fall within the scope of the powers of the Board of Directors, provided that they do not constitute non-delegable powers under the Law, the Company Bylaws or the Board of Directors Regulations.

As regards its organizational and operating rules of this Committee, article 28 of the Board Regulations establishes that the Executive Committee shall meet on the dates set out in the annual calendar of meetings and at the request of the Chair or the Chair’s delegate. All other aspects of its organization and operation will be subject to the provisions established for the Board of Directors by the Board Regulations. Once the minutes of the meeting of the Executive Committee are approved, they shall be signed by the meeting’s Secretary and countersigned by whoever has chaired the meeting.

Directors will be given access to the approved minutes of the Executive Committee at the beginning of Board meetings, so that they can be apprised of the content of its meetings and the resolutions it has adopted.

Regarding the main actions of 2017, the Executive Committee analyzed the Bank’s and the Group’s annual, half-yearly and quarterly performance, and month-to-month developments in the business and results of the Group and of the business areas. The Committee has been briefed on developments in the Group’s Strategic Plan and on the annual budget for the year and on the main decisions of the Bank’s Assets and Liabilities Committee. The Committee has also fulfilled its duties of management, control and oversight of the main risks affecting the Group. The Committee considered the main features of the economic situation, the markets, and BBVA’s share price performance, as well as the results of BBVA’s main competitors. The Committee was briefed on the key aspects of legislative and regulatory developments affecting financial institutions. In advance of submission to the Board, the Committee has analyzed the main corporate transactions and projects in the course of the Group’s business. The Committee has heard and approved proposals for changes to corporate policies and other internal rules of the Bank. The Committee has been informed of the highlights of BBVA’s corporate governance engagement policy concerning institutional investors and, specifically, the results of the roadshow conducted throughout the year. Likewise, the Executive Committee has approved, among other matters, corporate transactions and projects that were within its scope of responsibility, the establishment and/or designation of those responsible for the branches and representative offices that the Bank has established in the abroad, as well as authorized the appointment of directors in subsidiaries and/or investees by the Group, in addition to the granting of powers.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

29

Indicate whether the composition of the Executive Committee reflects the distribution of different classes of directorship on the Board:

YES

Otherwise, explain the composition of the Executive Committee.

AUDIT AND COMPLIANCE COMMITTEE

Explain the committee’s duties, describe the procedure and organizational and operational rules and summarize the main actions taken during the year.

As established in article 30 of the Board of Directors Regulations, the duties of the Audit and Compliance Committee include the following:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

30

In keeping with the organizational and operating rules, article 31 of the Board Regulations states that the Audit and Compliance Committee shall meet as often as necessary to discharge its duties, though an annual calendar of meetings will be drawn up in accordance with its tasks. The officers responsible for the areas within their remit, in particular, Accounting, Internal Audit and Compliance, may be invited to attend Committee meetings. They may request that other staff be invited from their areas that have particular knowledge or responsibility in the matters contained on the agenda, when their presence at the meeting is deemed advisable. However, only the Committee members and the Secretary shall be present when the results and conclusions of the meeting are assessed. The Committee may hire external advisory services for matters of importance if, for reasons of specialization or independence, it considers that such services cannot be rendered by Group experts or technical personnel. The Committee may also call on the personal cooperation and reports of any employee when it considers that this is necessary to fulfill its duties with regard to relevant issues. The usual channel for a request of this nature shall be through the reporting lines of the Company. However, in exceptional cases the request may be notified directly to the person in question. In addition, its convocation, quorum of constitution, adoption of agreements, minutes and other ends of its operating regime shall be in accordance with the Board Regulations for the Board of Directors, as applicable, and with that established in the specific regulations of this Committee

The most important activities carried out by the Audit and Compliance Committee in 2017 are detailed in section C.2.5.

Identify the Director of the audit committee who has been appointed on the basis of knowledge and experience of accounting or auditing, or both and state the number of years that its Chairman has been in office.

APPOINTMENTS COMMITTEE

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

31

Explain the committee’s duties, describe the procedure and organizational and operational rules and summarize the main actions taken during the year.

The Appointments Committee is bound to assist the Board of Directors in matters relating to the selection and appointment of Board members. Thus, as provided for under article 33 of the Board of Directors Regulations, the Appointments Committee will discharge the following duties:

To such end, the Committee will assess the balance of skills, knowledge and expertise on the Board of Directors, as well as the conditions that candidates should display to fill the vacancies arising, assessing the time dedication necessary to be able to suitably perform their duties in view of the needs that the Company’s governing bodies may have at any time.

The Committee will ensure that when filling new vacancies, the selection procedures are not marred by implicit biases that may entail any discrimination and, in particular, discrimination that may hinder the selection of female directors, trying to ensure that women who display the professional profile being sought are included as potential candidates.

Likewise, when drawing up proposals within its scope of competence for the appointment of directors, the Committee will take into account, in case they may be considered suitable, any applications that may be made by any Board of Directors’ member for potential candidates to fill the vacancies.

Moreover, article 34 of the Board of Directors Regulations regulates the organizational and operating rules of the Appointments Committee, establishing that it will meet as often as necessary to fulfill its duties, convened by its Chair or by whoever stands in for its Chair pursuant to the provisions of article 32 of the Board Regulations. The Committee may request the attendance at its meetings of persons with tasks in the Group that are related to the Committee’s duties. It may also obtain advice as necessary to establish criteria related to its business. This will be done through the Secretary of the Board. For all other matters, the system for convening meetings, quorums, passing resolutions, drafting minutes and other details of its operation shall be in accordance with the Board Regulations for the Board of Directors, as applicable.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

32

Regarding the Appointments Committee’s activities in 2017, the Chair of the Committee submitted to the Board a report on the Committee’s ongoing analysis of the structure, size and composition of the Board of Directors to ensure that they remain suited to the best possible performance of the duties and functions of the corporate bodies, the analysis of fulfillment by directors of the criteria of independence and suitability and the absence of conflicts of interest for the exercise of their functions, and the review on the Board selection, appointment, rotation and diversity policy, which, together with the analysis of structure, size and composition, led to relevant proposals for the re-election and appointment of directors to be submitted to the upcoming General Meeting of the Company. Moreover, the Chair analyzed the assessment of the operation of the Board and of the Executive Committee and the performance of the Chairman’s duties as chairman of the Board and first executive of the Company. The Chair likewise reported on the Committee’s analysis of proposed appointments of new members of Senior Management of the Bank.

REMUNERATION COMMITTEE

Explain the committee’s duties, describe the procedure and organizational and operational rules and summarize the main actions taken during the year.

The Remuneration Committee’s main task is to assist the Board of Directors in matters related to the remuneration policy for directors, senior management and any employees, whose professional activities have a significant impact on the Bank’s risk profile, ensuring that the established remuneration policy is observed. Thus, as provided for under article 36 of the Board of Directors Regulations, it will discharge the following duties:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

33

Moreover, article 37 of the Board of Directors Regulations states that the Remuneration Committee will meet as often as necessary to fulfill its duties, convened by its Chair or by whoever stands in for its Chair pursuant to the provisions of article 35 of the Board Regulations. The Committee may request the attendance at its meetings of persons with tasks in the Group that are related to the Committee’s duties. It may also obtain advice as necessary to establish criteria related to its business. This will be done through the Secretary of the Board. For all other matters, the system for convening meetings, quorums, passing resolutions, drafting minutes and other details of its operation will be in accordance with the provisions of the Board of Directors Regulations for the Board insofar as they are applicable.

The most important activities carried out by the Remuneration Committee in 2017 are detailed in section H, as a complement of the section C.2.5.

RISK COMMITTEE

Explain the committee’s duties, describe the procedure and organizational and operational rules and summarize the main actions taken during the year.

The Risk Committee will be tasked with assisting the Board of Directors in determining and monitoring the Group’s risk control and management policy and its strategy in this area. Thus, as provided for under article 39 of the Board of Directors Regulations, it will discharge the following duties:

i. The Group’s risk appetite; and

ii. The setting of the level of risk considered acceptable according to the risk profile and capital at risk, broken down by the Group’s businesses and areas of activity.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

34

Moreover, article 40 of the Board Regulations regulates the organizational and operating rules of the Risk Committee, establishing that it will meet as often as necessary to fulfill its duties, convened by its Chair or by whoever stands in for its Chair pursuant to the provisions of article 38 of the Board Regulations, though an annual calendar of meetings will be drawn up in accordance with its tasks. The Committee may request the attendance at its meetings of the Group’s Chief Risk Officer, as well as the executives to whom the various risk areas report or the persons with tasks in the Group that are related to the Committee’s duties. It may also obtain advice as necessary to establish criteria related to its business. This will be done through the Secretary of the Board. The system for convening meetings, quorums, adopting resolutions, drafting minutes and other details of its procedures will be governed by the provisions defined in the Board Regulations for the Board of Directors insofar as they are applicable and by the specific Committee Regulations.

The most important activities carried out by the Risk Committee in 2017 are detailed in section H, as a complement of the section C.2.5.

TECHNOLOGY AND CYBER-SECURITY COMMITTEE

Explain the committee’s duties, describe the procedure and organizational and operational rules and summarize the main actions taken during the year.

According to its specific regulations, the purpose of the Technology and Cyber-security Committee is to assist the Board in the following areas: (i) the understanding and acknowledgement of the risks associated to technology and information systems related to the Group’s activity and the oversight of its management and control, particularly with regard to the cyber-security strategy; (ii) the acknowledgment and supervision of the infrastructure and technology strategy of the Group and how this is integrated into the development of its overall strategy; and (iii) ensuring that the Bank has determined plans and policies, and has the appropriate means, for managing the abovementioned matters.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

35

It will also perform the following functions:

For a better performance of its functions, channels for an appropriate coordination between the Technology and Cyber-security Committee and the Audit and Compliance Committee will be established to ensure: (i) that the Technology and Cyber-security Committee can have access to the conclusions of the work performed by the Internal Audit Department in technology and cyber-security matters; (ii) and that the Audit and Compliance Committee is informed on IT-related systems and processes that are related to or affect the Bank’s internal control systems and other matters falling within the scope of its functions. Additionally, channels for an appropriate coordination between the Technology and Cyber-security Committee and the Risk Committee will be established to ensure that the Risk Committee monitors the impact of technological risks within the scope of Operational Risk and other matters falling within the scope of its functions.

With regard to its functioning and organization, will meet as often as necessary to perform its duties, convened by its Chair or by whoever stands in for its Chair pursuant to its Regulations. The Committee may request the attendance at its meetings of persons with tasks within the Group that are related to the Committee’s duties. In particular, the Committee will maintain a direct and recurring contact with the executives responsible for the areas of Engineering and Cyber-security in the Group, for the purpose of receiving the necessary information for a better performance of the Committee’s duties. This information will be discussed in the meetings held.

The Committee may also engage external advisory services as may be necessary to establish an informed opinion on matters related to its duties. This will be done through the Secretariat of the Board. For all other matters, the system for convening meetings, quorums, passing resolutions, drafting minutes and other details of its operation will be in accordance with the provisions of the Board of Directors Regulations for the Board insofar as they are applicable.

The most important activities carried out by the Technology and Cyber-security Committee in 2017 are detailed in section C.2.5.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

36

C.2.2 Fill in the following table with information on the number of female directors sitting on Board Committees over the last four years:

C.2.3 Section repealed.

C.2.4 Section repealed.

C.2.5 Indicate, where applicable, the existence of regulations for the Board Committees, where they can be consulted and any amendments made to them during the year. Indicate whether an annual report on the activities of each committee has been prepared voluntarily.

The Board of Directors Regulations, available on the Company’s website, www.bbva.com, regulate the composition, functions and operating rules of the Board Committees which have regulatory nature. All the Board of Directors’ Committees have prepared and submitted to the Board of Directors a report which details the activity carried out by each Committee during 2017.

APPOINTMENTS COMMITTEE: The Chairman of the Appointments Committee presented to the Board of Directors a report on the activities of the Committee throughout 2017, which is explained in more detail in the section on the Appointments Committee in section C.2.1 above.

AUDIT AND COMPLIANCE COMMITTEE: The Audit and Compliance Committee has specific Regulations approved by the Board and available on the company’s website, which govern its operation and powers, among other matters.

The Chairman of the Audit and Compliance Committee submitted to the Board an activity report for 2017 describing the Committee’s main tasks relating to the functions that the Regulations of the Board of Directors ascribe to the Committee, indicating that the Committee had carried out its role without incident and in fulfillment of its duties as to monitoring and overseeing financial reporting, the system of internal control of financial and accounting reporting, internal and external audits, compliance matters, and regulatory affairs. Among other matters, he reported on the Supervisory Review and Evaluation Process (SREP) conducted by the European Central Bank, the implications for the financial statements of the Group of the entry into force of accounting standard IFRS 9, the role of the Committee in analyzing the major corporate transactions of the Group, the annual plan of the Compliance Area and its regular monitoring, and communications with Spanish and foreign supervisory and regulatory authorities. He also informed the Board regarding the changes in the Group’s corporate structure during 2017, the Group’s fiscal management and the tax and legal risks faced by the Group.

With respect to the external audit, it covered the working plans, schedules and communication with the persons responsible for the external audit for 2017, the Committee having ensured the independence of the external auditor in compliance with applicable regulations. As to the appointment of a new external auditor for BBVA and its Group for 2017, 2018 and 2019 as decided at the General Meeting of March 17, 2017, the Chair reported on the oversight work done by the Committee on the transition between the outgoing and incoming auditors, the statements and confirmations of independence from the new external auditor in accordance with applicable law, and the approval of the contractual framework that is to govern relations with the external auditor.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

37

RISK COMMITTEE: The Risk Committee has specific Regulations approved by the Board and available on the Company’s website, which govern matters including its duties and procedural standards, among other matters.

Likewise, the Chairman of the Risk Committee presented to the Board of Directors a report on the activities of the Committee in 2017, which is explained in more detail in section H of this report, as a complement of this section.

TECHNOLOGY AND CYBER-SECURITY COMMITTEE: The Technology and Cyber-Security Committee has specific Regulations approved by the Board and available on the Company’s website, which govern matters including its duties and procedural standards, among other matters.

The Chair of the Technology and Cybersecurity Committee submitted to the Board a report on the Committee’s activity since its constitution in 2016. The report described the tasks carried out by the Committee in relation to the duties set out in its Regulations, with an emphasis on matters relating to technology and cybersecurity strategy, such as review of the global strategic organization of the Engineering Area, review of the lines of work that make up the Group’s Transformation Plan, the strategy for evolving the Group’s communications infrastructure, and key plans of action as to technology strategy for 2017 and goals for the coming years.

As to cybersecurity, the Committee Chair briefed the Board on the work done by the Bank’s technical units facing cybersecurity risks and on the global cybersecurity incidents that took place in 2017.

C.2.6 Section repealed.

D RELATED-PARTY TRANSACTIONS AND INTRA-GROUP TRANSACTIONS

D.1 Explain the procedure, if any, for approving related-party and intra-group transactions.

Procedures for approving related party transactions

Article 17 v) of the Board of Directors Regulations establishes that the Board is responsible for approving, where applicable, the transactions that the Company or its Group companies may make with directors or with shareholders that individually or in concert hold a significant stake. This includes shareholders represented in the Board of Directors of the Company or of other Group companies or with parties related to them, with the exceptions provided for by law.

Moreover, article 8 of the Board of Directors Regulations establishes that approval of the transactions of the Company or its Group companies with directors needing to be approved by the Board of Directors will be granted after receiving a report from the Audit and Compliance Committee. The only exceptions to this approval will be transactions that simultaneously fulfill the following three characteristics: (i) they are carried out under contracts with standard terms and are applied en masse to a large number of customers; (ii) they go through at market rates or prices set in general by the party acting as supplier of the goods or services; and (iii) they are worth less than 1% of the Company’s annual revenues.

D.2 Detail any significant transactions, entailing a transfer of a significant amount or obligations between the company or its group companies, and the company’s significant shareholders:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

38

D.3 Detail any significant transactions entailing a transfer of a significant amount or obligations between the company or its group companies, and the directors and/or senior managers:

D.4 Detail the significant transactions in which the company has engaged with other companies belonging to the same group, except those that are eliminated in the process of drawing up the consolidated financial statements and that do not form part of the company’s usual trade with respect to its object and conditions.

In any event, provide information on any intragroup transactions with companies established in countries or territories considered tax havens.

D.5 State the amount of the transactions carried out with other related parties.

D.6 Detail the mechanisms established to detect, determine and resolve possible conflicts of interest between the company and/or its group, and its directors, managers and/or significant shareholders.

Articles 7 and 8 of the Board Regulations regulate issues relating to possible conflicts of interest as follows:

Article 7

Directors must adopt necessary measures to avoid finding themselves in situations where their interests, whether for their own account or for that of others, may enter into conflict with the corporate interest and with their duties with respect to the Company, unless the Company has granted its consent under the terms established in applicable legislation and in the Board of Directors Regulations.

Likewise, they must refrain from participating in deliberations and votes on resolutions or decisions in which they or a related party may have a direct or indirect conflict of interest, unless these are decisions relating to appointment to or severance from positions on the governing body.

Directors must notify the Board of Directors of any situation of direct or indirect conflict that they or parties related to them may have with respect to the Company’s interest.

Article 8

The duty of avoiding situations of conflict of interest referred to in the previous article obliges the directors to refrain from, in particular:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

39

The above provisions will also apply should the beneficiary of the prohibited acts or activities described in the previous subsections be a related party related to the director. However, the Company may dispense with the aforementioned prohibitions in specific cases, authorising a director or a related party to carry out a certain transaction with the Company, to use certain corporate assets, to take advantage of a specific business opportunity or to obtain an advantage or remuneration from a third party.

When the authorization is intended to dispense with the prohibition against obtaining an advantage or remuneration from third parties, or affects a transaction whose value is over 10% of the corporate assets, it must necessarily be agreed by a General Meeting resolution.

The obligation not to compete with the Company may only be dispensed with them no damage is expected to the Company or when any damage that is expected is compensated by benefits that are foreseen from the dispensation. The dispensation will be conferred under an express and separate resolution of the General Meeting.

In other cases, the authorization may also be resolved by the Board of Directors, provided the independence of the members conferring it is guaranteed with respect to the director receiving the dispensation. Moreover, it will be necessary to ensure that the authorized transaction will not do harm to the corporate net worth or, where applicable, that it is carried out under market conditions and that the process is transparent.

Approval of the transactions of the Company or its Group companies with directors needing to be approved by the Board will be granted after receiving a report from the Audit and Compliance Committee. The only exceptions to this approval will be transactions that simultaneously meet the following 3 specifications: 1) they are carried out under contracts with standard terms and are applied en masse to a large number of customers; 2) they go through at market rates or prices set in general by the party acting as supplier of the goods or services; and 3) they are worth less than one per cent of the Company’s annual revenues.

Since BBVA is a credit institution, it is subject to the provisions of Act 10/2014, dated 26th June, on the regulation, supervision and solvency of credit institutions, whereby the directors and general managers or similar may not obtain credits, bonds or guarantees from the Bank on whose board or management they work, above the limit and under the terms established in article 35 of Royal Decree 84/2015, which implemented Law 10/2014, unless expressly authorized by the Bank of Spain.

All the members of the Board of Directors and the Senior Management are subject to the Company’s Internal Standards of Conduct on the Securities Markets. These Standards are intended to control possible Conflicts of Interest. They establish that all Persons Subject to it must notify the head of their area or the Compliance Department of situations that could potentially and under specific circumstances may entail Conflicts of Interest that could compromise their impartiality, before they engage in any transaction or conclude any business in which they could arise in the scope of the securities markets.

D.7 Are more than one of the Group’s companies listed in Spain as publicly traded companies?

NO

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

40

Identify the listed subsidiaries in Spain:

Listed subsidiaries

Indicate whether the respective areas of business and any potential relations between them and any potential business relations between the holding company and the listed subsidiary and other group companies have been publicly defined;

Define any potential business relations between the holding company and the listed subsidiary

company and between the listed subsidiaries and other group companies

Identify the mechanisms established to resolve any potential conflicts of interest between the listed subsidiary and other companies of the group:

Mechanisms to resolve possible conflicts of interest

E RISK CONTROL AND MANAGEMENT SYSTEMS

E.1 Explain the scope of the company’s Risk Management System, including risks of a tax-related nature.

The BBVA Group has a General Risk Control and Management Model (hereinafter, “the Model”) adapted to its business model, organization and the geographical areas in which it operates. It allows it to operate within the framework of strategy and control policy and risk management defined by the Bank’s corporate bodies and adapt to an economic and regulatory environment, addressing risk management globally and adapted to the circumstances at any particular time. The Model makes provision for a suitable risk management system in relation to the Bank’s risk profile and strategy of the Company, which applies comprehensively across the Group. The Model is composed of the elements set out below:

I. Governance and organization.

The governance model for risk management at BBVA is characterized by a special involvement of its corporate bodies, both in setting the risk strategy and in the ongoing monitoring and supervision of its implementation. The corporate bodies therefore approve the risk strategy and the corporate policies for the different types of risks, being the risk management function in charge of its implementation and development in terms of management, reporting to the corporate bodies. The responsibility for the day-to-day management of risks lies with the businesses, whose activity is carried out in accordance with the policies, rules, procedures, infrastructures and controls defined by the risk management function, based on the framework set by the corporate bodies. To adequately carry out this task, BBVA Group’s risk management function has been configured as a single and global function independent of the commercial areas.

II. Risk Appetite Framework.

It is approved by the Board and determines the risks and risk levels that the Group is willing to assume to achieve its business objectives, taking into account the organic development of the business. These are expressed in terms of solvency, profitability, liquidity and funding or other metrics, which are reviewed periodically or if there are any substantial changes in the entity’s business. The determination of the Risk Appetite Framework has the following objectives:

III. Decisions and processes.

The transfer of the Risk Appetite Framework to ordinary management is underpinned by three basic elements:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

41

IV. Assessment, monitoring and reporting.

Assessment, monitoring and reporting is a cross-cutting element that should ensure that the Model has a dynamic and proactive vision to enable compliance with the Risk Appetite Framework approved by the corporate bodies, even in adverse scenarios. There are various phases:

V. Infrastructure.

This is an element that must ensure that the Group has the human and technological resources needed for effective management and supervision of risks in order to carry out the functions set out in the Group’s risk Model and achieve their aims. With respect to human resources, the Group’s risk function has an adequate workforce in terms of number, skills, knowledge and experience. With respect to technology, the Group’s risk function assures the integrity of the management information systems and the provision of the infrastructure required to support risk management, using the tools appropriate to the needs derived from the different types of risks in their admission, management, valuation and monitoring.

The Group promotes the development of a risk culture that ensures consistent application of the risk control and management model in the Group, and that guarantees that the risks function is understood and internalized at all levels of the organization.

Regarding taxation, BBVA has defined a tax-related risk management policy based on a suitable control environment, a system for identifying risks and a monitoring process including continuous improvement of the effectiveness of the established controls. This management model was evaluated and assessed by an independent expert.

E.2 Identify the corporate bodies responsible for drawing up and enforcing the Risk Management System, including tax-related risks.

The Board of Directors (hereinafter “the Board”) approves the risk strategy and supervises the internal control and management systems. Specifically, in relation to the risk strategy, the Board approves the Group’s Risk Appetite statement, the core metrics and the main metrics by type of risk, as well as the General Risk Management and Control Model.

The Board of Directors is also responsible for approving and monitoring the strategic and business plan, the annual budgets and management goals, as well as the investment and funding policy, in a consistent way and in line with the approved Risk Appetite Framework. For this reason, the processes for defining the Risk Appetite Framework proposals and strategic and budgetary planning at Group level are coordinated by the executive area for submission to the Board.

With the aim of ensuring the integration of the Risk Appetite Framework into management, on the basis established by the Board of Directors, the Executive Committee (“EC”) approves the rest of metrics by type of risk (in 2017, in relation to concentration, profitability and reputation) and the Group’s basic structure of limits in terms of geographic areas, types of risk, asset classes and portfolios. This Committee also approves specific corporate policies for each type of risk.

Lastly, the Board of Directors has set up a committee specializing in risks, the Risk Committee (“RC”), that assists the Board and the EC in determining the Group’s risk strategy and the risk limits and policies, respectively, analyzing and assessing beforehand the proposals submitted to those bodies. The amendment of the Group’s risk strategy and the elements composing it, including the Risk Appetite Framework metrics within its remit, is the exclusive power of the BBVA Board of Directors, while the Executive Committee is responsible for amending the metrics by type of risk within its scope of decision and the Group’s basic structure of limits (core limits), when applicable. In both cases, the amendments follow the same decision-making process described above, so the proposals for amendment are submitted by the executive area (CRO) and later analyzed, first by the RC, for later submission to the Board of Directors or to the EC, as appropriate.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

42

Moreover, the RC, the EC and the Board itself conduct proper monitoring of the risk strategy implementation and of the Group’s risk profile. The risks function regularly reports on the development of the Group’s Risk Appetite Framework metrics to the Board and to the Executive Committee, after their analysis by the Risk Committee, whose role in this monitoring and control work is particularly relevant.

The head of the risk function in the executive line, the Chief Risk Officer (CRO), carries out his work with the independence, authority, rank, experience, knowledge and resources required. This Officer is appointed by the Bank’s Board of Directors, as a member of its Senior Management, and has direct access to the corporate bodies (Board of Directors, EC and RC), to which it reports on a regular basis on the situation of the risks in the Group.

The CRO for the best performance of his functions is supported by a structure consisting of cross-cutting risk units in the corporate area and specific risk units in the Group’s geographical and/or business areas. Each of these units is headed by a Chief Risk Officer for the geographical and/or business area who, within his/her area of responsibility, carries out risk control and management functions and is responsible for applying the corporate policies and rules approved at Group level in a consistent manner, adapting them if necessary to local requirements and reporting to the local governing bodies.

The Chief Risk Officers of the geographical and/or business areas report both to the Group’s Chief Risk Officer and to the head of their geographical and/or business area. This dual reporting system aims to ensure the independence of the local risk management function from the operating functions and enable its alignment with the Group’s corporate policies and goals related to risks.

The risks function has a decision-making process supported by a structure of committees. The Global Risk Management Committee (GRMC) is the highest executive body in the risk area and proposes, examines and, where applicable, approves, among others, the internal risk regulatory framework and the procedures and infrastructures needed to identify, assess, measure and manage the risks facing the Group in its businesses, as well as the admission of operations involving more relevant risks.

Regarding the tax-related risk, the Tax Department establishes the control mechanisms and internal rules necessary to ensure compliance with the tax laws in force and the tax strategy approved by the Board of Directors. This function is subject to supervision by the Audit and Compliance Committee of the BBVA Group, and is evidenced by the appearances made before the same by the Head of the Fiscal Function of the BBVA Group.

E.3 Indicate the primary risks, including tax-related risks that could prevent business targets from being met.

BBVA has risk identification and scenario analysis processes in place that enables to conduct a dynamic and proactive risk management. These processes are forward-looking to ensure the identification of emerging risks, and take into account the concerns of both the business areas and the corporate areas and Senior Management.

Risks are captured and measured in a consistent way using the most appropriate methodologies in each case. Their measurement includes the design and application of scenario analyses and stress testing, and considers the controls the risks are subjected to.

A forward projection is performed of the Risk Appetite Framework variables in stress scenarios with the aim of identifying possible deviations from the established thresholds; if such deviations are detected, the appropriate measures are adopted to keep those variables within the target risk profile.

In this context, there are a series of emerging risks that could affect the Group’s business performance. These risks are described in the following main blocks:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

43

E.4 Identify whether the entity has a risk tolerance level, including tax-related risks.

The Group’s Risk Appetite Framework approved by the governing bodies determines the risks and the risk level that the Group is willing to assume to achieve its business objectives taking into account its natural development. These are expressed in terms of solvency, profitability, liquidity and funding or other metrics, which are reviewed periodically or if there are any substantial changes in the entity’s business or relevant corporate operations.

The Risk Appetite Framework is expressed through the following elements:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

44

In addition to this Framework, there is a level of management limits that is defined and managed by the risks function when developing the basic structure of limits, with the aim of ensuring that proactive management of risks by risk subcategory within each type or by subportfolio is in line with that basic structure of limits and in general with the established Risk Appetite Framework.

The corporate risk area works with the various geographical and/or business areas to define their Risk Appetite Framework, so that it is coordinated with, and integrated into the Group’s Risk Appetite, making sure that its profile is in line with the one defined.

The Risk Appetite Framework expresses the levels and types of risk that the Bank is willing to assume to be able to implement its strategic plan with no relevant deviations, even in situations of stress. The Risk Appetite Framework is integrated within management, and the processes for defining the Risk Appetite Framework proposals are coordinated with the strategic and budgetary planning at Group level.

As mentioned earlier, the core metrics of the BBVA Risk Appetite Framework measure the Group’s performance in terms of solvency, liquidity, funding, profitability and revenue recurrence. Most of the core metrics are accounting and/or regulatory metrics, and are therefore regularly disclosed to the market in the BBVA Group’s annual and quarterly financial reporting. In 2017 the Risk Appetite metrics changed in line with the metrics of the Risk Appetite Framework.

E.5 State what risks, including tax-related risks, have occurred during the year.

Risk is inherent to financial business, so the occurrence of risk to a greater or lesser extent is absolutely implicit in the Group’s activities. BBVA thus provides detailed information on its annual financial statements (note 7 in the Report and note 19 in the consolidated accounts covering tax-related risks) regarding the developments of such risks, since their very nature can permanently affect the Group in undertaking its activities.

Furthermore, as stated in note 24 to the financial statements, after the decision of the Court of Justice of the European Union on interest rate limitation clauses in consumer mortgage loans (known as “floor clauses”), BBVA recognized a provision to cover any future claims in this respect.

E.6 Explain the response and supervision plans for the principal risks faced by the company, including tax-related risks

The BBVA Group’s internal control system takes its inspiration from the best practices developed both in the “Enterprise Risk Management – Integrated Framework” of COSO (Committee of Sponsoring Organizations of the Treadway Commission) and in the “Framework for Internal Control Systems in Banking Organizations”, drawn up by the Basel Bank of International Settlements (BIS).

The control model has a system with three lines of defense:

The control activity of the first and second line of defense will be coordinated by the Internal Control Unit, which will also be responsible for providing these units with a common internal control methodology and global tools. The Group’s Head of Internal Risk Control is responsible for the function and reports its activities to the CRO and to the Board’s Risk Committee, assisting it in any matters where requested.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

45

In addition, within the risk area, the Group has units for Internal Risk Control and Internal Validation that are independent of the units that develop the models, manage the processes and execute the controls.

Its scope of action is global, both from the geographical point of view and in terms of the types of risks. It encompasses all the areas of the organization and is designed to identify and manage the risks faced by the Group entities, in order to guarantee the established corporate objectives.

The main function of Internal Risk Control is to ensure the existence of a sufficient internal regulatory framework, a process and measures defined for each type of risks identified in the Group, and for those other types of risk that may potentially affect the Group, control their application and operation, and ensure that the risk strategy is integrated into the Group’s management.

The Group’s Head of Internal Risk Control is responsible for the function and reports its activities and informs on its work plans to CRO and to the Board’s Risk Committee, assisting it in any matters where requested.

To perform its duties, the unit has a structure of teams at a corporate level and also in the most important geographical areas in which the Group operates. As in the case of the corporate area, local units are independent of the business areas that execute the processes, and of the units that execute the controls. They report functionally to the Internal Risk Control unit. This unit’s lines of action are established at Group level, and it is responsible for adapting and executing them locally, as well as for reporting the most relevant aspects.

Among other functions, Internal Validation is responsible for the internal review and independent validation of the models used for risk measurement and assumption and for determining the Group’s capital requirements.

With regard to tax risks, the Board of Directors approved the Tax Strategy for the BBVA Group. This strategy reflects the tax-related postures of the Group. This strategy integrates the results of the OECD BEPS project and the guidelines given in Chapter XI, Part I of the “OECD Guidelines for Multinational Enterprises”. In this regard, the Tax Department establishes the policies and control processes for guaranteeing compliance with the tax laws currently in force and the tax strategy.

F SYSTEMS OF RISK MANAGEMENT AND INTERNAL CONTROL OVER FINANCIAL REPORTING (ICFR)

Describe the mechanisms comprising the risk management and control systems for financial reporting (ICFR) in the entity.

F.1 The entity’s control environment

Give information, describing the key features of at least:

F.1.1. Which bodies and/or functions are responsible for: (i) the existence and maintenance of an adequate and effective ICFR; (ii) its implementation; and (iii) its supervision.

Pursuant to article 17 of the Board Regulations, the Board of Directors approves the financial information that BBVA is required to publish periodically as a publicly traded company. The Board of Directors has an Audit and Compliance Committee, whose mission is to assist the Board in overseeing the financial information and the exercise of the Group control duties.

In this respect, the BBVA Audit and Compliance Committee Regulations establish that the Committee’s duties include the supervision of the sufficiency, suitability and effective operation of the internal control systems in the process of drawing up and preparing financial information, so as to rest assured of the correctness, accuracy, sufficiency and clarity of the financial information of the Entity and its consolidated Group.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

46

The BBVA Group complies with the requirements imposed by the Sarbanes Oxley Act (“SOX”) for each year’s consolidated annual financial statements due to its status as a publicly traded company listed with the United States Securities Exchange Commission (“SEC”). The main Group executives are involved in the design, compliance and maintenance of an effective internal control model that guarantees the quality and veracity of the financial information. The Accounting & Supervisors Unit (“A&S”) is in charge of producing the consolidated annual financial statements and maintaining the model of control over financial information generation. Specifically, this function is performed by the Financial Internal Control area, which is integrated within the general internal control model of the Group, which is outlined below.

The BBVA Group has established and maintains an internal control model that has two components. The first element is the structure of control organized into three lines of defense (3LD); the second is a scheme of governance known as Corporate Assurance.

In accordance with the most advanced standards of internal control, the three lines of defense model is configured as follows:

In addition, to reinforce the internal control environment, the Group has in place a scheme of governance called Corporate Assurance, which establishes a framework for the supervision of the internal control model and for escalation to Senior Management of the main issues relating to internal control within the Group. The Corporate Assurance model (in which the business areas, support areas and the areas specializing in internal control participate) is organized into a system of committees that analyze the most relevant issues related to internal control in each geographical area, with the participation of the country’s top managers. These committees report to the Group’s Global Committee, chaired by the CEO with the assistance of the main global executives responsible for the business and control areas.

The effectiveness of this internal control system is assessed on an annual basis for those risks that may have an impact on the proper drawing up of the Group’s financial statements. The assessment is conducted under the coordination of the Internal Financial Control area, and is assisted by the control specialists of the business and support areas and the Group’s Internal Audit department. In addition, the external auditor of the BBVA Group issues an opinion every year on the effectiveness of internal control over financial reporting based on criteria established by COSO (Committee of Sponsoring Organizations of the Treadway Commission) and in accordance with the standards of the United States Public Company Accounting Oversight Board (PCAOB). This opinion appears in the Form 20-F that is filed every year with the SEC.

The result of the annual internal assessment of the System of Internal Control over Financial Reporting is reported to the Group’s Audit and Compliance Committee by the heads of Internal Audit and Internal Financial Control.

F.1.2. Whether, especially in the process of drawing up the financial information, the following elements exist:

The drafting of the financial information is carried out by the local Financial Management units of the countries and the related consolidation work is done by the A&S Division, which is overall responsible for the drafting and reporting of financial and regulatory information of the Group.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

47

BBVA has an organizational structure that clearly defines action lines and responsibility in the areas involved in the preparation of financial information, both in each entity and in the consolidated Group, and has the necessary channels and circuits for its correct dissemination. The units responsible for drawing up these financial statements have an adequate distribution of tasks and segregation of functions necessary to draw up these statements in an appropriate operational and control framework.

Additionally, there is a cascade accountability assumption model aimed at extending the internal control culture and the commitment of its compliance. Those in charge of the design and operation of the processes that have an impact on financial information certify that all the controls associated with its operation under their responsibility are sufficient and have worked correctly.

BBVA has a Code of Conduct, approved by the Board of Directors, that sets out BBVA’s specific commitments in developing one of the principles of its Corporate Culture: Integrity as a means of understanding and conducting business. This Code likewise establishes the corresponding channel for whistleblowers regarding possible infringements of the Code. It is the subject of ongoing training and refresher programs including key personnel in the financial function.

Since 2016, and after the Code was updated in 2015, campaigns have been developed to communicate and disseminate its new contents, taking advantage of new formats and digital channels. In addition, an ambitious training plan has been developed at a global level, reaching the entire workforce of the Group.

The Code of Conduct is published on the Bank’s website (www.bbva.com) and on the employees website (intranet). Additionally, Group members undertake personally and individually to observe its principles and rules in an express declaration of awareness and adhesion.

The duties of the Audit and Compliance Committee include ensuring that the internal codes of ethics and conduct and on securities markets, applicable to all group personnel, comply with legal requirements and are adequate for the Bank.

Additionally, BBVA has adopted a structure of Corporate Integrity Management Committees (with individual powers at jurisdiction or Group entity levels, as applicable). Their joint scope of action covers all the Group businesses and activities and their main duty is to ensure effective application of the Code of Conduct. There is also a Corporate Integrity Management Committee, whose scope of responsibility extends throughout BBVA. The critical mission of this committee entails ensuring uniform application of the Code in BBVA.

The Compliance Unit in turn independently and objectively promotes and supervises to ensure that BBVA acts with integrity, particularly in areas such as money-laundering prevention, conduct with clients, security market conduct, corruption prevention, and other areas that could entail a reputational risk for BBVA. The unit’s duties include fostering the knowledge and application of the Code of Conduct, promoting the drafting and distribution of its implementing standards, assisting in the resolution of any concern insofar as interpretation of the Code that may arise, and managing the Whistle-Blowing Channel.

Preservation of the Corporate Integrity of BBVA transcends the merely personal accountability for individual actions, it calls for all employees to have zero tolerance for activities outside the Code of Conduct or that could harm the reputation or good name of BBVA, an attitude that is reflected in everyone’s commitment to whistle-blowing, by timely communication, of situations that, even when unrelated to their activity or area of responsibility, could be illegal or infringe upon the values and guidelines of the Code.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

48

The Code of Conduct itself establishes the communication guidelines to follow and contemplates a Whistle-Blowing Channel, likewise guaranteeing the duty to reserve of the reporting parties, confidentiality of the investigations and the prohibition of retaliation or adverse consequences in light of communications made in good faith.

Telephone lines and email boxes have been set up for these communications in each jurisdiction. A list of these appears on the Group Intranet.

As described in the previous section, BBVA has adopted a structure of Corporate Integrity Management Committees (with individual powers at jurisdiction or Group entity levels, as applicable), whose joint scope of action covers all the Group businesses and activities and whose functions and responsibilities (explained in greater detail in their corresponding regulations) include:

In addition, periodic reports are made to the Audit and Compliance Committee that supervises and controls their proper functioning (independently managed by the Compliance area).

Specific training and periodic refresher courses are given on accounting and tax-related standards, internal control and risk management in units involved in drawing up and reviewing the financial and tax-related information and in evaluating the internal control system, to help them perform their functions correctly.

Within the A&S area, there is an annual training program for all members of the area on aspects related to the preparation of financial information and new regulations applicable in accounting, financial and fiscal matters, as well as other courses adapted to the needs of the area. These courses are taught by professionals from the area and renowned external providers.

This specific training program is in addition to the general Group training, which includes courses on finance and technology among other subjects.

Additionally, the BBVA Group has a personal development plan for all employees, which forms the basis of a personalized training program to deal with the areas of knowledge necessary to perform their functions.

F.2 Financial reporting risk assessment

Give information on at least:

F.2.1. The key features of the risk identification process, including error and fraud risks, with respect to:

The ICFR was developed by the Group Management in accordance with international standards set forth by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”), establishing five components on which the effectiveness and efficiency of internal control systems must be based:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

49

In order to identify the risks with a greater potential impact on the generation of financial information, the processes from which such information is generated are analyzed and documented, and an analysis of the risk situation that may arise in each is later conducted.

Based on the corporate internal control and operational risk methodology, the risks are included in a range of categories by type, which include the error and fraud (internal/external) categories, and their probability of occurrence and possible impact is analyzed.

The process of identifying risks in the preparation of the Financial Statements, including risks of error, misstatement or omission, is conducted by the parties responsible for each of the processes that underpin financial reporting, together with the Financial Internal Control unit, which, in turn, manages mitigation plans and reports to the Audit and Compliance Committee.

The scope of the annual/quarterly or monthly assessment of their controls is determined based on the materiality of the risks, thus ensuring coverage of the risks believed to be critical for the financial statements.

The assessment of the aforementioned risks and the design and effectiveness of their controls begins with the management’s understanding of and insight into the business and the analyzed operating process, considering criteria of quantitative materiality, likelihood of occurrence and economic impact, in addition to qualitative criteria associated with the type, complexity and nature of the risks or of the business structure itself.

The system for identifying and assessing the risks of internal control over financial reporting is dynamic. It evolves continuously, always reflecting the reality of the Group’s business, changes in operating processes, the risks affecting them and the controls that mitigate them.

All this is documented in a corporate management tool developed and managed by Operational Risk (STORM). This tool documents all the processes, risks and controls managed by the different control specialists, including the Financial Internal Control unit.

Each of the processes developed and identified in the BBVA Group for drawing up financial information aim to record all financial transactions, value the assets and liabilities in accordance with applicable accounting regulations and provide a breakdown of the information in accordance with regulator requirements and market needs.

The financial reporting control model analyzes each of the above processes to ensure that identified risks are properly covered by efficiently functioning controls. The control model is updated when changes arise in the relevant processes for producing financial information.

The A&S (Accounting and Supervisors) organization includes a Consolidation department that carries out a monthly process of identification, analysis and updating of the Group’s consolidation perimeter.

In addition, the information from the consolidation department on new companies set up by the Group’s different units and the changes made to existing companies is compared with the data analyzed by two specific committees whose function is to analyze and document the changes in the composition of the corporate group (Holding Structure Committee and Investments in Non-Banking Companies Committee, both corporate).

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

50

In addition, with regard to special purpose vehicle control, the Internal Audit and Compliance areas of the Bank make a periodic report of the Group’s structure to the Board of Directors and to the Audit and Compliance Committee.

The internal control model over financial reporting applies to processes for directly drawing up such financial information and all operational or technical processes that could have a relevant impact on the financial, accounting, tax-related or management information.

As explained above, all the specialist control areas apply a standard methodology and use a common tool (STORM) to document the identification of the risks, of the controls that mitigate those risks and of the assessment of their effectiveness.

There are control specialists in all the operational or support areas, and therefore any type of risk that may affect the Group’s operations is analyzed under that methodology (market, credit, operational, technological, financial, legal, tax-related, reputational or any other type of risk) and is included in the ICFR insofar as it may have an impact on the financial information.

The process for identifying risks and assessing the design, effectiveness and suitability of the controls is documented at least once a year, and it is supervised by the Internal Audit area.

Moreover, the Head of Internal Audit and the Head of Internal Financial Control of the Group report annually to the Audit and Compliance Committee in respect of analysis work and the conclusions of the assessment of the control model for financial reporting and the certification process. This work follows the SOX methodology to comply with the legal requirements under laws and regulations on systems of internal control over financial reporting, and is included in report 20-F, submitted annually to the SEC, as indicated in the first point of the control environment.

F.3 Control activities

Give information on the main features, if at least the following exist:

F.3.1. Procedures for review and authorization of the financial information and the description of the ICFR, to be published on the securities markets, indicating who is responsible for it, and the documentation describing the activity flows and controls (including those concerning risk of fraud) for the different types of transactions that may materially impact the financial statements, including the procedure for closing the accounts and the specific review of the relevant judgements, estimates, valuations and projections.

All the processes related to the drawing up of the financial information are documented, together with their control model: potential risks linked to each process and controls established for their mitigation. As explained in point F.2.1, the aforementioned risks and controls are recorded in the corporate tool STORM, which also includes the result of the assessment of the operation of the controls and the degree of risk mitigation.

In particular, the main processes related to the generation of financial information are: accounting, consolidation, financial reporting, financial planning and monitoring, financial and tax-related management. The analysis of these processes, their risks and their controls is also supplemented by all other critical risks that may have a financial impact from business areas or other support areas.

Likewise, there are procedures for review by the areas responsible for generating the financial and tax-related information disseminated to the securities markets, including the specific review of the relevant judgments, estimates and projections.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

51

As mentioned in the annual financial statements, it is occasionally necessary to make estimates to determine the amount at which some assets, liabilities, income and expenses and commitments should be recorded. These estimates relate mainly to the following:

These estimates are made based on the best information available on the financial statement closing date and, together with the other relevant issues for the closing of the annual and six-monthly financial statements, are analyzed and authorized by a Technical Committee at A&S (A&S Executive Steering Committee) and submitted to the Audit and Compliance Committee before their filing by the Board of Directors.

F.3.2. Internal control procedures and policies for information systems (among others, access security, change control, their operation, operational continuity and segregation of functions) that support the relevant processes in the entity with respect to the drawing up and publication of the financial information.

Internal control models include procedures and controls regarding the operation of information systems and access security, functional segregation, development and modification of computer applications used to generate financial information.

The current methodology for internal control and operational risk establishes a list of controls by category whose breakdown includes (among others) two categories: access control and functional segregation. Both categories of controls are identified in the model of internal control of financial information and their risks and controls are analyzed and assessed on a regular basis, so the integrity and reliability of the information drawn up can be guaranteed.

Additionally, there is a corporate level procedure for managing system access profiles. It is developed, implemented and updated by the Group’s Engineering internal control unit. This unit is also in charge of providing support for control processes in change management (development in test environments and putting changes into production), incident management, management of transactions, media and backup copy management, and management of business continuity, among other things.

With all these mechanisms, the BBVA Group ensures the maintenance of adequate management of access control, the establishment of the correct and necessary steps to put applications into production and their subsequent support, the creation of backup copies, and assurance of continuity in the processing and recording of transactions.

In summary, the entire process of preparing and publishing financial information has established and documented the procedures and control models necessary to provide reasonable assurance about the correctness of BBVA Group’s public financial information.

F.3.3. Internal control procedures and policies designed to supervise the management of activities subcontracted to third parties, and those aspects of the evaluation, calculation and assessment outsourced to independent experts, which may materially impact the financial statements.

The internal control model set out specific controls and procedures for the management of subcontracted activities or those aspects of evaluation, calculation and assessment of assets or liabilities outsourced to independent experts.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

52

There is a set of standards and an Outsourcing Committee that establishes and supervises the requirements that must be met at group level for the activities to be subcontracted. Regarding the financial processes, there are procedural manuals contemplating the outsourced activity that identify the processes to be executed and the controls to be applied by the service provider units and units entrusted with the outsourcing thereof. The controls established in the outsourced processes concerning the generation of financial information are also tested by the Internal Financial Control area.

The valuations from independent experts used for matters relevant for generating financial information are included within the standard circuit of review procedures executed by internal control, Internal Audit and external Audit.

F.4 Information and communication

Give information on the main features, if at least the following exist:

F.4.1. A specific function in charge of defining and keeping the accounting policies updated (accounting policy department or area) and dealing with queries or conflicts stemming from their interpretation, ensuring fluent communication with those in charge of operations in the organization, and an up-to-date manual of accounting policies, communicated to the units through which the entity operates.

The organization has two areas within A&S (Group Financial Accounting and Global Supervisory Relations) in charge of the Accounting (Accounting Working Group) and Solvency Technical Committees. Their purpose is to analyze, study and issue standards that may impact the drawing up of the Group’s financial and regulatory information, determining the accounting and solvency criteria required to ensure correct recording of transactions to the accounts and calculation of capital requirements within the framework of applicable rules and standards.

The Group has in place an updated accounting policies manual, disseminated over the Company intranet to all the units in the Group. This manual is the tool that guarantees that all the decisions related to accounting policies or specific accounting criteria to be applied in the Group are supported and are standardized. The Accounting Policies Manual is approved in the Accounting Working Group and is documented and updated for its use and analysis by all the Group’s entities.

F.4.2. Mechanisms to capture and prepare the financial reporting in standardised formats, for application and use by all the units of the entity or the group, that support the main financial statements and the notes, and the information detailed on ICFR.

The Group’s A&S area and the financial directorates of the countries are responsible for the preparation of the financial statements in accordance with the current accounting and consolidation manuals. There is also a consolidation computer application that includes the information on the accounting of the various Group companies and performs the consolidation processes, including the standardization of accounting criteria, aggregation of balances and consolidation adjustments.

Control measures have also been implemented in each of the said processes, locally and at consolidated level, in order to guarantee that all the data underpinning the financial information are collected in a comprehensive, exact and timely manner. There is also a single and standardized format for the financial reporting system. It is applicable to and used by all the Group units and supports the main financial statements and the explanatory notes. There are also control measures and procedures to ensure that the information disclosed to the markets includes a sufficient level of detail to enable investors and other users of the financial information to understand and interpret it.

F.5 Supervision of the system’s operation

Give information, describing the key features of at least:

F.5.1. The ICFR supervision activities carried out by the Audit Committee and whether the entity has an internal audit function whose powers include providing support to the Audit Committee in its task of supervising the internal control system, including the ICFR. Likewise, information will be given on the scope of the ICFR assessment carried out during the year and of the procedure by which the person in charge of performing the assessment communicates its results, whether the entity has an action plan listing the possible corrective measures, and whether its impact on the financial reporting has been considered.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

53

The internal control units of the business areas and of the support areas conduct a preliminary assessment of the internal control model, assess the risks identified in the processes, the effectiveness of controls, and the degree of mitigation of the risks, and also identify weaknesses, design, implement and monitor the mitigation measures and action plans.

BBVA also has an Internal Audit unit that provides support to the Audit and Compliance Committee on the independent supervision of the financial information internal control system. The Internal Audit function is entirely independent of the units that draw up the financial information.

All the control weaknesses, mitigation measures and specific action plans are documented in the corporate tool STORM and submitted to the internal control and operational risk committees of the areas, as well as to the local or global Corporate Assurance Committees, based on the relevance of the detected issues.

To sum up: both the weaknesses identified by the internal control units and those detected by the internal or external auditor have an action plan in place to correct or mitigate the risks.

During 2017, internal control areas conducted a full assessment of the financial information internal control system, and, to date, no material or significant weakness have been revealed therein. The assessment was reported to the Audit and Compliance Committee.

Additionally, in compliance with SOX, the Group annually assesses the effectiveness of the internal control model for financial reporting on group of risks (within the perimeter of SOX companies and critical risks) that could impact the drawing up of financial statements at local and consolidated levels. This perimeter considers risks and controls of other specialties that are not directly financial (regulatory compliance, technology, risks, operational, human resources, procurement, legal, etc.).

F.5.2. Whether there is a discussion procedure by which the auditor (in line with the technical auditing notes), the internal audit function and other experts can inform senior management and the audit committee or the directors of the entity of significant weaknesses in the internal control encountered during the review processes for the annual accounts or any others within their remit. Likewise, give information on whether there is an action plan to try to correct or mitigate the weaknesses observed.

As mentioned in the preceding section (F.5.1) of this Annual Corporate Governance Report, the Group does have a procedure in place whereby the internal auditor, the external auditor and the heads of Internal Financial Control can report to the Audit and Compliance Committee any internal control weaknesses detected in the course of their work. Any material weaknesses will likewise be reported. Thus, a plan of action is prepared for all detected weaknesses, which is presented to the Audit and Compliance Committee.

Since BBVA is a company listed with the SEC, the BBVA Group’s auditor issues on an annual basis its opinion on the effectiveness of the internal control over the financial information contained in the Group’s annual consolidated financial statements as of 31 December each year under PCAOB standards (“Public Company Accounting Oversight Board”), with a view to filing the financial information under Form 20-F with the SEC. The latest report issued on the financial information for 2016 is available on www.sec.gov.

The internal control oversight carried out by the Audit and Compliance Committee, described in the Audit and Compliance Committee Regulations published on the Group website, includes the following activities:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

54

The external auditor and the Head of Internal Audit regularly attend all meetings of the Audit and Compliance Committee and are properly informed of the matters addressed therein.

F.6 Other relevant information

F.7 External auditor report

Report on:

F.7.1. Whether the ICFR information disclosed to the markets has been submitted by the external auditor, in which case the entity must attach the corresponding report as an annex. Otherwise, explain the reasons why it was not.

The information related to internal control over the financial information of the BBVA Group described in this report is reviewed by the external auditor, which issues its opinion on the control system and on its effectiveness in relation to the statements published at the close of each financial year.

On 31 March 2017, the BBVA Group, as a private foreign issuer in the United States, filed the Annual Report Form 20-F which was published on the SEC website on that same date.

In accordance with the requirements set out in Section 404 of the Sarbanes-Oxley Act of 2002 by the Securities and Exchange Commission (SEC), the Annual Report Form 20-F included the certification of the main Group executives on the establishment, maintenance and assessment of the Group’s internal control system of financial reporting. Form 20-F report also included the opinion of the external auditor regarding the effectiveness of the entity’s internal control system of financial reporting at year-end 2016.

G DEGREE OF COMPLIANCE WITH CORPORATE GOVERNANCE RECOMMENDATIONS

Indicate the extent to which the company follows the recommendations of the Good Governance Code of listed companies.

Should any recommendation not be followed or be only partially followed, a detailed explanation should be given of the reasons so that the shareholders, investors and the market in general have sufficient information to assess the way the company works. General explanations will not be acceptable.

1. The bylaws of listed companies should not place an upper limit on the votes that can be cast by a single shareholder, or impose other obstacles to the takeover of the company by means of share purchases on the market.

COMPLIANT

2. When a dominant and subsidiary company are both listed, they should provide detailed disclosure on:

a) The activity they engage in and any business dealings between them, as well as between the listed subsidiary and other group companies.

b) The mechanisms in place to resolve possible conflicts of interest.

NOT APPLICABLE

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

55

3. During the annual general meeting the chairman of the board should verbally inform shareholders in sufficient detail of the most relevant aspects of the company’s corporate governance, supplementing the written information circulated in the annual corporate governance report. In particular:

a) Changes taking place since the previous annual general meeting.

b) The specific reasons for the company not following a given Good Governance Code recommendation, and any alternative procedures followed in its stead.

COMPLIANT

4. The company should draw up and implement a policy of communication and contacts with shareholders, institutional investors and proxy advisors that complies in full with market abuse regulations and accords equitable treatment to shareholders in the same position.

This policy should be disclosed on the company’s website, complete with details of how it has been put into practice and the identities of the relevant interlocutors or those charged with its implementation.

COMPLIANT

5. The board of directors should not make a proposal to the general meeting for the delegation of powers to issue shares or convertible securities without pre-emptive subscription rights for an amount exceeding 20% of capital at the time of such delegation.

When a board approves the issuance of shares or convertible securities without pre-emptive subscription rights, the company should immediately post a report on its website explaining the exclusion as envisaged in company legislation.

PARTIALLY COMPLIANT

The General Shareholders’ Meeting of the Company of March 17, 2017 delegated to the Board of Directors a power to increase capital and issue convertible securities, with an attached power to wholly or partially exclude pre-emptive subscription rights in respect of capital increases and issues of convertible securities carried out using such delegated power. The power to exclude pre-emptive subscription rights is limited, overall, to 20% of share capital as it stood at the time of the delegation, except for the issuance of contingently convertible securities which foresee its conversion to satisfy regulatory capital adequacy requirements as to eligibility as capital instruments in accordance with applicable laws and regulations, because such instruments do not dilute the interests of shareholders.

6. Listed companies drawing up the following reports on a voluntary or compulsory basis should publish them on their website well in advance of the annual general meeting, even if their distribution is not obligatory:

a) Report on auditor independence.

b) Reviews of the operation of the audit committee and the nomination and remuneration committee.

c) Audit committee report on related-party transactions.

d) Report on corporate social responsibility policy.

COMPLIANT

7. The company should broadcast its general meetings live on the corporate website.

COMPLIANT

8. The audit committee should strive to ensure that the board of directors can present the company’s accounts to the general meeting without limitations or qualifications in the auditor’s report. In the exceptional case that qualifications exist, both the chairman of the audit committee and the auditors should give a clear account to shareholders of their scope and content.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

56

COMPLIANT

9. The company should disclose its conditions and procedures for admitting share ownership, the right to attend general meetings and the exercise or delegation of voting rights, and display them permanently on its website.

Such conditions and procedures should encourage shareholders to attend and exercise their rights and be applied in a non-discriminatory manner.

COMPLIANT

10. When an accredited shareholder exercises the right to supplement the agenda or submit new proposals prior to the general meeting, the company should:

a) Immediately circulate the supplementary items and new proposals.

b) Disclose the model of attendance card or proxy appointment or remote voting form duly modified so that new agenda items and alternative proposals can be voted on in the same terms as those submitted by the board of directors.

c) Put all these items or alternative proposals to the vote applying the same voting rules as for those submitted by the board of directors, with particular regard to presumptions or deductions about the direction of votes.

d) After the general meeting, disclose the breakdown of votes on such supplementary items or alternative proposals.

NOT APPLICABLE

11. In the event that a company plans to pay for attendance at the general meeting, it should first establish a general, long-term policy in this respect.

NOT APPLICABLE

12. The Board of Directors should perform its duties with unity of purpose and independent judgement, according the same treatment to all shareholders in the same position. It should be guided at all times by the company’s best interest, understood as the creation of a profitable business that promotes its sustainable success over time, while maximizing its economic value.

In pursuing the corporate interest, it should not only abide by laws and regulations and conduct itself according to principles of good faith, ethics and respect for commonly accepted customs and good practices, but also strive to reconcile its own interests with the legitimate interests of its employees, suppliers, clients and other stakeholders, as well as with the impact of its activities on the broader community and the natural environment.

COMPLIANT

13. The board of directors should have an optimal size to promote its efficient functioning and maximize participation. The recommended range is accordingly between five and fifteen members.

COMPLIANT

14. The board of directors should approve a director selection policy that:

a) Is concrete and verifiable;

b) Ensures that appointment or re-election proposals are based on a prior analysis of the board’s needs; and

c) Favours a diversity of knowledge, experience and gender.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

57

The results of the prior analysis of board needs should be written up in the nomination committee’s explanatory report, to be published when the general meeting is convened that will ratify the appointment and re-election of each director.

The director selection policy should pursue the goal of having at least 30% of total board places occupied by women directors before the year 2020.

The nomination committee should run an annual check on compliance with the director selection policy and set out its findings in the annual corporate governance report.

COMPLIANT

15. Proprietary and independent directors should constitute an ample majority on the board of directors, while the number of executive directors should be the minimum practical bearing in mind the complexity of the corporate group and the ownership interests they control.

COMPLIANT

16. The percentage of proprietary directors out of all non-executive directors should be no greater than the proportion between the ownership stake of the shareholders they represent and the remainder of the company’s capital.

This criterion can be relaxed:

a) In large cap companies where few or no equity stakes attain the legal threshold for significant shareholdings.

b) In companies with a plurality of shareholders represented on the board but not otherwise related.

COMPLIANT

17. Independent directors should be at least half of all board members.

However, when the company does not have a large market capitalization, or when a large cap company has shareholders individually or concertedly controlling over 30 percent of capital, independent directors should occupy, at least, a third of board places.

EXPLAIN

Until May 2017, the BBVA Board of Directors was composed by a majority of non-executive directors and independent directors accounted, at least, the half of the total members of the Board. Notwithstanding, an independent director resigned from the BBVA Board on May 31, 2017 for personal reasons. From that day onward and at year-end, BBVA independent directors accounted for 46.15% of all Bank directors.

In the exercise of its powers and duties the Appointments Committee has in the course of the year undertaken an ongoing analysis of the structure, size and composition of the Board such that it support the best possible discharge of its duties, and of the terms of the Board selection, appointment, rotation and diversity policy, which, for these purposes, provides that the composition of the Board of Directors should comprise a suitable balance among the different classes of director, with non-executive directors accounting for an ample majority over executive directors and independent directors making up at least 50% of the entire Board. Based on its analysis, the Committee decided to set in motion in 2017 a process of selection of candidates who fulfill the required professional profile and suitability requirements under applicable laws and regulations and might be appointed members of the Board of Directors as independent directors.

The candidate selection process conducted by the Committee with the assistance of a leading international external consultant on director selection concluded with the proposals for re-election and appointment of directors submitted by the Board of Directors to the General Shareholders’ Meeting of the Company of 2018. A highlight is the proposal to appoint three new independent directors. If the proposals for re-election and appointment submitted to the Annual General Meeting are approved, the BBVA Board will then be composed by a total of 15 directors, of whom 3 will be executive, 12 non-executive, 4 being “other external” and 8 being independent, such that independent directors will account for more than half of all directors of the Bank.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

58

18. Companies should disclose the following director particulars on their websites and keep them regularly updated:

a) Background and professional experience.

b) Directorships held in other companies, listed or otherwise, and other paid activities they engage in, of whatever nature.

c) Statement of the director class to which they belong, in the case of proprietary directors indicating the shareholder they represent or have links with.

d) Dates of their first appointment as a board member and subsequent re-elections.

e) Shares held in the company, and any options on the same.

COMPLIANT

19. Following verification by the nomination committee, the annual corporate governance report should disclose the reasons for the appointment of proprietary directors at the urging of shareholders controlling less than 3 percent of capital; and explain any rejection of a formal request for a board place from shareholders whose equity stake is equal to or greater than that of others applying successfully for a proprietary directorship.

NOT APPLICABLE

20. Proprietary directors should resign when the shareholders they represent dispose of their ownership interest in its entirety. If such shareholders reduce their stakes, thereby losing some of their entitlement to proprietary directors, the latters’ number should be reduced accordingly.

COMPLIANT

21. The board of directors should not propose the removal of independent directors before the expiry of their tenure as mandated by the bylaws, except where they find just cause, based on a proposal from the nomination committee. In particular, just cause will be presumed when directors take up new posts or responsibilities that prevent them allocating sufficient time to the work of a board member, or are in breach of their fiduciary duties or come under one of the disqualifying grounds for classification as independent enumerated in the applicable legislation.

The removal of independent directors may also be proposed when a takeover bid, merger or similar corporate transaction alters the company’s capital structure, provided the changes in board membership ensue from the proportionality criterion set out in recommendation 16.

COMPLIANT

22. Companies should establish rules obliging directors to disclose any circumstance that might harm the organization’s name or reputation, tendering their resignation as the case may be, and, in particular, to inform the board of any criminal charges brought against them and the progress of any subsequent trial.

The moment a director is indicted or tried for any of the offences stated in company legislation, the board of directors should open an investigation and, in light of the particular circumstances, decides whether or not he or she should be called on to resign. The board should give a reasoned account of all such determinations in the annual corporate governance report.

COMPLIANT

23. Directors should express their clear opposition when they feel a proposal submitted for the board’s approval might damage the corporate interest. In particular, independents and other directors not subject to potential conflicts of interest should strenuously challenge any decision that could harm the interests of shareholders lacking board representation.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

59

When the board makes material or reiterated decisions about which a director has expressed serious reservations, then he or she must draw the pertinent conclusions. Directors resigning for such causes should set out their reasons in the letter referred to in the next recommendation.

The terms of this recommendation also apply to the secretary of the board, even if he or she is not a director.

COMPLIANT

24. Directors who give up their place before their tenure expires, through resignation or otherwise, should state their reasons in a letter to be sent to all members of the board. Whether or not such resignation is disclosed as a material event, the motivating factors should be explained in the annual corporate governance report.

COMPLIANT

25. The nomination committee should ensure that non-executive directors have sufficient time available to discharge their responsibilities effectively.

The board of director’s regulations should lay down the maximum number of company boards on which directors can serve.

COMPLIANT

26. The board should meet with the necessary frequency to properly perform its functions, eight times a year at least, in accordance with a calendar and agendas set at the start of the year, to which each director may propose the addition of initially unscheduled items.

COMPLIANT

27. Director absences should be kept to a strict minimum and quantified in the annual corporate governance report. In the event of absence, directors should delegate their powers of representation with the appropriate instructions.

COMPLIANT

28. When directors or the secretary express concerns about some proposal or, in the case of directors, about the company’s performance, and such concerns are not resolved at the meeting, they should be recorded in the minute book if the person expressing them so requests.

COMPLIANT

29. The company should provide suitable channels for directors to obtain the advice they need to carry out their duties, extending if necessary to external assistance at the company’s expense.

COMPLIANT

30. Regardless of the knowledge directors must possess to carry out their duties, they should also be offered refresher programmes when circumstances so advise.

COMPLIANT

31. The agendas of board meetings should clearly indicate on which points directors must arrive at a decision, so they can study the matter beforehand or gather together the material they need.

For reasons of urgency, the chairman may wish to present decisions or resolutions for board approval that were not on the meeting agenda. In such exceptional circumstances, their inclusion will require the express prior consent, duly minuted, of the majority of directors present.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

60

COMPLIANT

32. Directors should be regularly informed of movements in share ownership and of the views of major shareholders, investors and rating agencies on the company and its group.

COMPLIANT

33. The chairman, as the person charged with the efficient functioning of the board of directors, in addition to the functions assigned by law and the company’s bylaws, should prepare and submit to the board a schedule of meeting dates and agendas; organize and coordinate regular evaluations of the board and, where appropriate, the company’s first executive; exercise leadership of the board and be accountable for its proper functioning; ensure that sufficient time is given to the discussion of strategic issues, and approve and review refresher courses for each director, when circumstances so advise.

COMPLIANT

34. When a lead director has been appointed, the bylaws or board of directors regulations should grant him or her the following powers over and above those conferred by law: chair the board of directors in the absence of the chairman or vice chairmen; give voice to the concerns of non-executive directors; maintain contacts with investors and shareholders to hear their views and develop a balanced understanding of their concerns, especially those to do with the company’s corporate governance; and coordinate the chairman’s succession plan.

COMPLIANT

35. The board secretary should strive to ensure that the board’s actions and decisions are informed by the governance recommendations of the Good Governance Code of relevance to the company.

COMPLIANT

36. The board in full should conduct an annual evaluation, adopting, where necessary, an action plan to correct weakness detected in:

a) The quality and efficiency of the board’s operation.

b) The performance and composition of its committees.

c) The diversity of board membership and competences of the board.

d) The performance of the chairman of the board of directors and the company’s first executive.

e) The performance and contribution of individual directors, with particular attention to the chairmen of board committees.

The evaluation of board committees should start from the reports they send the board of directors, while that of the board itself should start from the report of the appointments committee.

Every three years, the board of directors should engage an external consultant to aid in the evaluation process. This consultant’s independence should be verified by the appointments committee.

Any business dealings that the consultant or members of its corporate group maintain with the company or members of its corporate group should be detailed in the annual corporate governance report.

The process followed and areas evaluated should be detailed in the annual corporate governance report.

COMPLIANT

37. When an executive committee exists, its membership mix by director class should resemble that of the board. The secretary of the board should also act as secretary to the executive committee.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

61

PARTIALLY COMPLIANT

The current composition of the Executive Committee of BBVA was agreed by the Board of Directors at its meeting on 31 March 2016, and it was considered that it had the most adequate composition for the performance of its functions.

Thus, in accordance with article 26 of the Board of Directors Regulations of BBVA, which establishes that in its composition non-executive directors have to be a majority over executive directors, as of 31 December 2017, the Executive Committee of the Board of Directors partially reflects the participation on the Board of Directors since its Chairman and Secretary are those of the Board of Directors and is composed of two executive directors and four non-executive directors with the status of other external directors, which represents a majority of non-executive directors in accordance with the provisions of the Regulations of the Board of Directors.

38. The board should be kept fully informed of the business transacted and decisions made by the executive committee. To this end, all board members should receive a copy of the committee’s minutes.

COMPLIANT

39. All members of the audit committee, particularly its chairman, should be appointed with regard to their knowledge and experience in accounting, auditing and risk management matters. A majority of committee places should be held by independent directors.

COMPLIANT

40. Listed companies should have a unit in charge of the internal audit function, under the supervision of the audit committee, to monitor the effectiveness of reporting and control systems. This unit should report functionally to the board’s non-executive chairman or the chairman of the audit committee.

COMPLIANT

41. The head of the unit handling the internal audit function should present an annual work programme to the audit committee, inform it directly of any incidents arising during its implementation and submit an activities report at the end of each year.

COMPLIANT

42. The audit committee should have the following functions over and above those legally assigned:

1. With respect to internal control and reporting systems:

a) Monitor the preparation and the integrity of the financial information prepared on the company and, where appropriate, the group, checking for compliance with legal provisions, the accurate demarcation of the consolidation perimeter, and the correct application of accounting principles.

b) Monitor the independence of the unit handling the internal audit function; propose the selection, appointment, re-election and removal of the head of the internal audit service; propose the service’s budget; approve its priorities and work programmes, ensuring that it focuses primarily on the main risks the company is exposed to; receive regular report-backs on its activities; and verify that senior management are acting on the findings and recommendations of its reports.

c) Establish and supervise a mechanism whereby staff can report, confidentially and, if appropriate and feasible, anonymously, any significant irregularities that they detect in the course of their duties, in particular financial or accounting irregularities.

2. With regard to the external auditor:

a) Investigate the issues giving rise to the resignation of the external auditor, should this come about.

b) Ensure that the remuneration of the external auditor does not compromise its quality or independence.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

62

c) Ensure that the company notifies any change of external auditor to the CNMV as a material event, accompanied by a statement of any disagreements arising with the outgoing auditor and the reasons for the same.

d) Ensure that the external auditor has a yearly meeting with the board in full to inform it of the work undertaken and developments in the company’s risk and accounting positions.

e) Ensure that the company and the external auditor adhere to current regulations on the provision of non-audit services, limits on the concentration of the auditor’s business and other requirements concerning auditor independence.

COMPLIANT

43. The audit committee should be empowered to meet with any company employee or manager, even ordering their appearance without the presence of another senior officer.

COMPLIANT

44. The audit committee should be informed of any fundamental changes or corporate transactions the company is planning, so the committee can analyze the operation and report to the board beforehand on its economic conditions and accounting impact and, when applicable, the exchange ratio proposed.

COMPLIANT

45. Risk control and management policy should identify at least:

a) The different types of financial and non-financial risk the company is exposed to (including operational, technological, financial, legal, social, environmental, political and reputational risks), with the inclusion under financial or economic risks of contingent liabilities and other off-balance sheet risks.

b) The determination of the risk level the company sees as acceptable.

c) The measures in place to mitigate the impact of identified risk events should they occur.

d) The internal control and reporting systems to be used to control and manage the above risks, including contingent liabilities and off-balance sheet risks.

COMPLIANT

46. Companies should establish a risk control and management function in the charge of one of the company’s internal department or units and under the direct supervision of the audit committee or some other dedicated board committee. This function should be expressly charged with the following responsibilities:

a) Ensure that risk control and management systems are functioning correctly and, specifically, that major risks the company is exposed to are correctly identified, managed and quantified.

b) Participate actively in the preparation of risk strategies and in key decisions about their management.

c) Ensure that risk control and management systems are mitigating risks effectively in the frame of the policy drawn up by the board of directors.

COMPLIANT

47. Appointees to the nomination and remuneration committee – or of the nomination committee and remuneration committee, if separately constituted – should have the right balance of knowledge, skills and experience for the functions they are called on to discharge. The majority of their members should be independent directors.

COMPLIANT

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

63

48. Large-cap companies should operate separately constituted nomination and remuneration committees.

COMPLIANT

49. The nomination committee should consult with the company’s chairman and first executive, especially on matters relating to executive directors.

When there are vacancies on the board, any director may approach the nomination committee to propose candidates that it might consider suitable.

COMPLIANT

50. The remuneration committee should operate independently and have the following functions in addition to those assigned by law:

a) Propose to the board the standard conditions for senior officer contracts.

b) Monitor compliance with the remuneration policy set by the company.

c) Periodically review the remuneration policy for directors and senior officers, including share-based remuneration systems and their application, and ensure that their individual compensation is proportionate to the amounts paid to other directors and senior officers in the company.

d) Ensure that conflicts of interest do not undermine the independence of any external advice the committee engages.

e) Verify the information on director and senior officers’ pay contained in corporate documents, including the annual directors’ remuneration report.

COMPLIANT

51. The remuneration committee should consult with the company’s chairman and first executive, especially on matters relating to executive directors and senior managers.

COMPLIANT

52. The terms of reference of supervision and control committees should be set out in the board of directors regulations and aligned with those governing legally mandatory board committees as specified in the preceding sets of recommendations.

They should include at least the following terms:

a) Committees should be formed exclusively by non-executive directors, with a majority of independents.

b) They should be chaired by independent directors.

c) The board should appoint the members of such committees with regard to the knowledge, skills and experience of its directors and each committee’s terms of reference; discuss their proposals and reports; and provide report-backs on their activities and work at the first board plenary following each committee meeting.

d) They may engage external advice, when they feel it necessary for the discharge of their functions.

e) Meeting proceedings should be minuted and a copy made available to all board members.

PARTIALLY COMPLIANT

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

64

Until May 31, 2017, when a member of the Board resigned for personal reasons, the Board committees of oversight and control were made up exclusively by non-executive directors, the majority being independents, except the Audit and Compliance Committee which is composed exclusively by independent directors. As a result of that resignation, and from that date onward, the composition of the Risk Committee ceased to have a majority of independent directors.

Therefore, so that it adapts to the requirements of the Regulations of the Board of Directors and to assist in their proper functioning, the Board of Directors reviewed the composition of the Committees during the year, rotating their members to ensure that the members of each Committee has the appropriate, knowledge, skills and experience for the responsibilities attributed to them.

After that review, the oversight and control committees of the Board are made up of non-executive directors, with a majority of independents, except the Risk Committee, which, in compliance with the Regulations of the Board of Directors as to composition, comprises 3 “other external” directors and 2 independent directors. All the Chairs of the oversight and control committees are independent directors; specifically, the Chairs of the Audit and Compliance, Appointments, Remuneration and Risk Committees.

After the Annual General Meeting of the Company to be held in March 2018, the Board will perform another analysis of the composition of Board Committees, taking into account the potential new additions of directors that will be approved at the General Meeting and, as appropriate, changes in the status of current directors and any regulatory requirements prevailing in this respect.

53. The task of supervising compliance with corporate governance rules, internal codes of conduct and corporate social responsibility policy should be assigned to one board committee or split between several, which could be the audit committee, the nomination committee, the corporate social responsibility committee, where one exists, or a dedicated committee established ad hoc by the board under its powers of self-organization, with at the least the following functions:

a) Monitor compliance with the company’s internal codes of conduct and corporate governance rules.

b) Oversee the communication and relations strategy with shareholders and investors, including small and medium-sized shareholders.

c) Periodically evaluate the effectiveness of the company’s corporate governance system, to confirm that it is fulfilling its mission to promote the corporate interest and catering, as appropriate, to the legitimate interests of remaining stakeholders.

d) Review the company’s corporate social responsibility policy, ensuring that it is geared to value creation.

e) Monitor corporate social responsibility strategy and practices and assess compliance in their respect.

f) Monitor and evaluate the company’s interaction with its stakeholder groups.

g) Evaluate all aspects of the non-financial risks the company is exposed to, including operational, technological, legal, social, environmental, political and reputational risks.

h) Coordinate non-financial and diversity reporting processes in accordance with applicable legislation and international benchmarks.

COMPLIANT

54. The corporate social responsibility policy should state the principles or commitments the company will voluntarily adhere to in its dealings with stakeholder groups, specifying at least:

a) The goals of its corporate social responsibility policy and the support instruments to be deployed.

b) The corporate strategy with regard to sustainability, the environment and social issues.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

65

c) Concrete practices in matters relative to: shareholders, employees, clients, suppliers, social welfare issues, the environment, diversity, fiscal responsibility, respect for human rights and the prevention of illegal conducts.

d) The methods or systems for monitoring the results of the practices referred to above and identifying and managing related risks.

e) The mechanisms for supervising non-financial risk, ethics and business conduct.

f) Channels for stakeholder communication, participation and dialogue.

g) Responsible communication practices that prevent the manipulation of information and protect the company’s honor and integrity.

COMPLIANT

55. The company should report on corporate social responsibility developments in its management’s report or in a separate document, using an internationally accepted methodology.

COMPLIANT

56. Director remuneration should be sufficient to attract individuals with the desired profile and compensate the commitment, abilities and responsibility that the post demands, but not so high as to compromise the independent judgement of non-executive directors.

COMPLIANT

57. Variable remuneration linked to the company and the director’s performance, the award of shares, options or any other right to acquire shares or to be remunerated on the basis of share price movements, and membership of long-term savings schemes such as pension plans should be confined to executive directors.

The company may consider the share-based remuneration of non-executive directors provided they retain such shares until the end of their mandate. This condition, however, will not apply to shares that the director must dispose of to defray costs related to their acquisition.

COMPLIANT

58. In the case of variable awards, remuneration policies should include limits and technical safeguards to ensure they reflect the professional performance of the beneficiaries and not simply the general progress of the markets or the company’s sector, or circumstances of that kind.

In particular, variable remuneration items should meet the following conditions:

a) Be subject to predetermined and measurable performance criteria that factor the risk assumed to obtain a given outcome.

b) Promote the long-term sustainability of the company and include non-financial criteria that are relevant for the company’s long-term value, such as compliance with its internal rules and procedures and its risk control and management policies.

c) Be focused on achieving a balance between the delivery of short, medium and long-term objectives, such that performance-related pay rewards ongoing achievement, maintained over sufficient time to appreciate its contribution to long-term value creation. This will ensure that performance measurement is not based solely on one-off, occasional or extraordinary events.

COMPLIANT

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

66

59. A major part of variable remuneration components should be deferred for a long enough period to ensure that predetermined performance criteria have effectively been met.

COMPLIANT

60. Remuneration linked to company earnings should bear in mind any qualifications stated in the external auditor’s report that reduce their amount.

COMPLIANT

61. A major part of executive directors’ variable remuneration should be linked to the award of shares or financial instruments whose value is linked to the share price.

COMPLIANT

62. Following the award of shares, share options or other rights on shares derived from the remuneration system, directors should not be allowed to transfer a number of shares equivalent to twice their annual fixed remuneration, or to exercise the share options or other rights on shares for at least three years after their award.

The above condition will not apply to any shares that the director must dispose of to defray costs related to their acquisition.

COMPLIANT

63. Contractual arrangements should include provisions that permit the company to reclaim variable components of remuneration when payment was out of step with the director’s actual performance or based on data subsequently found to be misstated.

COMPLIANT

64. Termination payments should not exceed a fixed amount equivalent to two years of the director’s total annual remuneration and should not be paid until the company confirms that he or she has met the predetermined performance criteria.

COMPLIANT

H OTHER INFORMATION OF INTEREST

1. If there is any other aspect relevant to the corporate government in the company or in the group entities that has not been reflected in the rest of the sections of this report, but is necessary to include to provide more comprehensive and well-grounded information on the corporate governance structure and practices in your entity or its group, detail them briefly.

2. This section may also include any other relevant information, clarification or detail related to previous sections of the report insofar as they are relevant and not reiterative.

Specifically indicate whether the company is subject to corporate governance legislation from a country other than Spain and, if so, include the mandatory information to be provided when different from that required by this report.

3. The company may also indicate if it has voluntarily signed up to other international, industry-wide or any other codes of ethical principles or best practices. Where applicable, the code in question will be identified along with the date of signing. In particular, mention will be made as to whether it has adhered to the Code of Best Tax Practices (Código de Buenas Prácticas Tributarias) of 20 July 2010.

The data in this report refer to the year ending 31 December 2017, except in those cases when another date of reference is specifically stated.

Further to Section A.2, State Street Bank and Trust Co., The Bank of New York Mellon S.A.N.V. and Chase Nominees Ltd., as international custodian/depositary banks, held 12.53%, 3.80% and 6.48% of BBVA’s share capital, respectively, as of December 31 2017. Of said positions held by the custodian banks, BBVA is not aware of any individual shareholders with direct or indirect holdings greater than or equal to 3% of BBVA common stock.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

67

Filings of significant holdings to CNMV: On 18 October 2017, Blackrock Inc. filed a report with the CNMV (National Securities Market Commission) stating that it now had an indirect holding of 5.708% of the BBVA share capital, through the company Blackrock Investment Management.

The director holdings indicated in section A.3 are those reported as of 31 December 2017 and therefore may have subsequently changed. Moreover, following the instructions in Circular 7/2015 of the CNMV to complete the Corporate Governance Report, the owners of indirect holdings are not identified in this section, as none of them reaches the 3% of share capital and none of them reside in tax havens.

Moreover, as an explanation to the second table of section A.3., the number of direct rights on shares in the Company corresponds with the shares from the Annual Variable Remuneration (AVR) from previous years that was deferred and pending payment on the date of this Report, if conditions are met. Thus, it is included the total number of “rights to shares” of BBVA executive directors corresponding to the third and last third deferred of year 2014 that they will receive in 2018; the 50% deferred of the AVR 2015 they will receive in 2019, and the 50% deferred of the AVR 2016 they will receive in 2020, the two latter amounts, are subject to the applicable multi-year indicators that may reduce the deferred amount, even become zero, yet never be increased.

These amounts are disclosed in an individual manner for each executive director in the following way:

The payment of these deferred shares is also subject to the non-occurrence of any of the conditions established by the remuneration policy applicable in each year that could impede payment thereof (malus and clawback clauses), as well as the remaining conditions of the settlement and payment system.

Further to the information in section A.8, regarding earnings from treasury-stock trading, rule 21 of Circular 4/2004 and IAS 32, paragraph 33, expressly prohibit the recognition in the income statement of profits or losses made on transactions carried out with treasury shares, including their issue and redemption. Said profits and losses are directly booked against the company’s net equity. In the table of significant variations, the date of entry of CNMV Model IV in the registries of that organism, model corresponding to the communications with own shares and the reason for such communication.

Regarding section A.9 bis, the resulting estimated floating capital of BBVA less the capital held by the members of the Board of Directors and as treasury shares, both as of December 31, 2017, following the instructions to complete the Annual Corporate Governance Report is 99.74%.

Further to the information in section A.10, there are no legal or bylaws restrictions on the exercise of voting rights and there are no legal or bylaws restrictions on the free acquisition or transfer of shares in the company’s share capital. As for the legal restrictions on the free acquisition or transfer of shares in the company’s share capital, Spanish Act 10/2014, dated 26th June, on the regulation, supervision and solvency of credit institutions establishes that the direct or indirect acquisition of a significant holding (as defined in article 16 of that Act) is subject to assessment by the Bank of Spain as set out in articles 16 et seq. of that Act. Additionally, article 25 of Royal Decree 84/2015, implementing Act 10/2014, establishes that the Bank of Spain shall evaluate proposals for acquisitions of significant shares and submit a proposal to the European Central Bank regarding whether to oppose this acquisition or not. This same article establishes the criteria that should be considered during said evaluation and the applicable timelines.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

68

Further to the information included in section C.1.15:

The amount indicated as “Remuneration of the Board of Directors” includes remuneration stemming from the remuneration systems established for non-executive and executive directors as provided for in the Remuneration Policy for BBVA directors approved by the General Shareholders’ Meeting held in March 17, 2017 and pursuant to article 33 bis and 50 bis of the Company Bylaws, respectively, and includes:

a) The fixed remuneration (for pertaining to the Board and Committees) and remuneration in kind corresponding to 2017 of non-executive board members.

b) The fixed remuneration and in kind for executive directors corresponding to 2017.

c) The 2017 Annual Variable Remuneration in cash and in shares monetized for executive directors. It should nonetheless be noted that this remuneration, has not accrued to the executive directors in its entirety on the date of this Report, since, according to the BBVA Director Remuneration Policy applicable to them, they will only receive 40% of this amount in 2018, while the remaining 60% will be deferred for a period of 5 years, subject to compliance with multi-year performance indicators, 40% in cash and 60% in shares, if conditions are met, with the following payment schedule: 60% after the third year of deferral; 20% after the fourth year of deferral; and 20% after the fifth year of deferral.

Moreover, the 2017 Annual Variable Remuneration will be subject to the remaining conditions established in the settlement and payment system provided in the BBVA Directors’ Remuneration Policy, and in particular to: mandatory withholding and unavailability periods; hedging prohibitions; criteria for the update of the deferred component in cash; forfeiture and recovery arrangements for the entire AVR

d) The remuneration paid for all concepts to two non-executive directors who ceased in their position in 2017 and who, consequently, did not remain in office as of 31 December 2017.

The total amount indicated, pursuant to the instructions in this Report, corresponds to the amount declared as total remuneration accrued according to chart c) “Summary of Remuneration”, section D.1 in the Annual Report on Directors’ Remuneration of BBVA.

All these items are included for each individual director in Note 54 of the Annual Report for year 2017.

For the purpose of calculating the cash value of the shares corresponding to the Annual Variable Remuneration for 2017 for executive directors, and in accordance with the BBVA Directors’ Remuneration Policy, the reference used was the average BBVA share closing price corresponding to the trading days between 15 December 2017 and 15 January 2018, namely €7.25 per share.

In regard of the “Cumulative amount of rights of current directors in pension scheme” indicated in section C.1.15 of this Report, the Bank has the Bank undertaken pension commitments with the Chief Executive Officer and the Head of GERPA to cover retirement, disability and death contingencies as established in the Corporate Bylaws, BBVA Directors’ Remuneration Policy, and their respective contracts with the Bank.

The amount established in the Remuneration Policy for BBVA Directors for the Chief Executive Officer, as annual contribution to cover the retirement benefit under the new defined-contribution scheme, amounts to €1,642 thousand, amount which shall be updated in the same proportion as the annual fixed remuneration for the Chief Executive Officer, in the terms established in said Policy.

Likewise, pursuant to the Policy, 15% of the agreed annual contribution, mentioned above, shall be based on variable components and be considered “discretionary pension benefits”, thus subject to the conditions of delivery in shares, retention and clawback established in applicable regulations, as well as to those other conditions of variable remuneration applicable to them pursuant to the aforementioned Policy.

On the other hand, the Bank will assume payment of the annual insurance premiums in order to top up the coverage of death and disability of the Chief Executive Officer’s benefits scheme, in the terms established in the Remuneration Policy for BBVA Directors.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

69

Pursuant to the foregoing, in the year 2017 an amount of €1,853 thousand has been recorded to attend the benefits commitments undertaken with the Chief Executive Officer, amount which includes the contribution to retirement coverage (€1,642 thousand), as well as to death and disability (€211 thousand), with the total accumulated fund to cover retirement commitments amounting €17,503 thousand, as at December 31, 2017.

15% of the agreed annual contribution to retirement (€246 thousand) has been registered in the year 2017 as “discretionary pension benefits” and, following year-end 2017, said amount has been adjusted according to the criteria established for the determination of the Chief Executive Officer’s annual variable remuneration for 2017. Accordingly, the “discretionary pension benefits” for the year 2017 have been determined in an amount of €288 thousand, amount which will be included in the accumulated fund in the year 2018, subject to the same conditions as the Deferred Component of annual variable remuneration for the year 2017, as well as the remaining conditions established for these benefits in the Remuneration Policy for BBVA Directors.

As regards the executive director Head of GERPA, the pension scheme established in the Remuneration Policy for BBVA Directors establishes an annual contribution of 30% of his fixed remuneration as of January 1, 2017, to cover retirement benefit, as well as payment of the corresponding annual insurance premiums in order to top up the coverage of death and disability.

As in the case of the Chief Executive Officer, 15% of the agreed annual contribution, mentioned above, shall be based on variable components and be considered “discretionary pension benefits”, thus subject to the conditions of delivery in shares, retention and clawback established in applicable regulations, as well as to those other conditions of variable remuneration applicable to them pursuant to the aforementioned Policy.

Pursuant to the foregoing, in the year 2017 an amount of €393 thousand has been recorded to attend the benefits commitments undertaken with the executive director Head of GERPA, amount which includes the contribution to retirement coverage (€250 thousand), as well as to death and disability (€143 thousand), with the total accumulated fund to cover retirement commitments amounting €842 thousand, as at December 31, 2017.

15% of the agreed annual contribution to retirement (€38 thousand) has been registered in the year 2017 as “discretionary pension benefits” and, following year-end 2017, said amount has been adjusted according to the criteria established for the determination of the executive director Head of GERPA’s annual variable remuneration for 2017. Accordingly, the “discretionary pension benefits” for the year 2017 have been determined in an amount of €46 thousand, amount which will be included in the accumulated fund in the year 2018, subject to the same conditions as the Deferred Component of annual variable remuneration for the year 2017, as well as the remaining conditions established for these benefits in the Remuneration Policy for BBVA Directors.

There are no other pension obligations undertaken in favor of other executive directors.

The balance of the item “Provisions - Funds for pensions and similar liabilities” on the Group’s consolidated balance sheet as of 31 December 2017 includes €82,57 million under the item for post-employment benefit commitments maintained with former members of the Board of Directors.

The explanation of the principal characteristics of the mentioned pension scheme is detailed in the Remuneration Policy for BBVA Directors and Note 54 of the Annual Report for 2017.

Further to the information included in section C.1.16:

The heading “Total senior management remuneration” includes the remuneration of members of Senior Management listed as such as of 31 December 2017 (15 members), comprising:

a) The fixed remuneration and the remuneration in kind during 2017;

b) The Annual Variable Remuneration received during 2017 corresponding to 2016, both in cash and in shares;

c) The deferred part of the variable remuneration received during 2017, corresponding to previous years (2014 and 2013) both in cash and in shares, plus the amount of the corresponding updates.

For the purpose of calculating the cash value of the shares corresponding to said remuneration, the price considered the delivery price in 2017 has been €6.22.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

70

In 2017, an amount of €5,630 thousand has been recorded to attend the benefits commitments undertaken with members of the Senior Management, excluding executive directors, amount which includes the contribution to retirement coverage (€4,910 thousand), as well as to death and disability (€720 thousand), with the total accumulated fund to cover retirement commitments with the Senior Management amounting €55,689 thousand, as at December 31, 2017.

As in the case of executive directors, 15% of the annual contributions agreed for members of the Senior Management shall be based on variable components and be considered “discretionary pension benefits”, thus subject to the conditions of delivery in shares, retention and clawback established in applicable regulations, as well as to those other conditions of variable remuneration applicable to them pursuant to the remuneration policy applicable to Senior Management.

Pursuant to the foregoing, from the annual contribution to cover retirement of €4,910 thousand recorded in 2017, an amount of €585 thousand has been recorded in the year 2017 as “discretionary pension benefits” and, following year-end 2017, said amount has been adjusted according to the criteria established for the determination of the Senior Management’s annual variable remuneration for 2017. Accordingly, the “discretionary pension benefits” for the year 2017 have been determined in an amount of €589 thousand, subject to the same conditions as the Deferred Component of annual variable remuneration for the year 2017, as well as the remaining conditions established for these benefits in the remuneration policy applicable to members of the Senior Management.

The balance of the item “Provisions - Funds for pensions and similar liabilities” on the Group’s consolidated balance sheet as of 31 December 2017 includes €259 million under the item for post-employment benefit commitments maintained with former members of the Bank’s Senior Management.

In reference to section C.1.29, the Board of Directors always meets with the attendance of its chair and therefore the Lead Director has never chaired a meeting of the Board of Directors. The Lead Director, in the scope of his entrusted duties, maintains fluid contact with the independent directors to simplify the discharge of his duties.

As a supplement to section C.1.30, it is to be noted that normally the Board of Directors meets monthly in accordance with the annual meeting schedule drawn up before the beginning of the year, and extraordinarily as often as deemed necessary. In 2017, the Board held 15 meetings, of which 13 were ordinary and 2 extraordinary. All directors were present at all Board meetings, whether in person or by proxy, except the meeting of June 6, 2017, at which 2 directors were absent.

With regard to section C.1.31, as BBVA shares are listed on the New York Stock Exchange, it is subject to the supervision of the Securities & Exchange Commission (SEC) and, thus, to compliance with the Sarbanes Oxley Act and its implementing regulations, and for this reason each year the Group Executive Chairman, the CEO and the executive tasked with preparing the Accounts sign and submit the certifications described in sections 302 and 906 of this Act, related to the content of the Annual Financial Statements. These certificates are contained in the annual registration statement (Form 20-F) which the Company files with this authority for the official record.

As reference to section C.1.45, the Board of Directors only approves the contract conditions related to executive directors and Senior Management members as set out in article 17 of the Board Regulations, which are reported to the General Meeting through this Report and the Annual Report on Directors’ Remuneration of BBVA, but does not authorize those of other technical and specialist professionals.

In this regard, the Board of Directors has approved the new contractual conditions for the Chief Executive Officer and the executive director Head of GERPA that, according to the framework established in the Policy, includes, among others, the transformation of the previous defined-benefits system of the Chief Executive Officer has been transformed into a defined-contribution system, as well as the determination of the annual contribution to such system. Moreover, these contractual changes have involved the elimination of the possibility for the Chief Executive Officer of receiving the retirement pension in advance and established a post-contractual non-compete agreement for a period of two years, after they cease as BBVA executive directors, in accordance to which they shall receive remuneration in an amount equivalent to one annual fixed remuneration for every year of duration of the non-compete arrangement which shall be paid periodically over the course of the two years in the event of severance on grounds other than their own retirement, disability or dereliction of duties; as well as the removal of the right of the executive director Head of GERPA to receive an indemnity.

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

71

According to the new applicable regulation to credit institutions on remuneration, in particular, to the Circular 2/2016 of the Bank of Spain and the European Banking Authority Guidelines on sound remuneration policies, the Board has approved in 2017, the new basic contractual framework for notice, compensation and post-contractual non-competition applicable to Senior Management with effect from January, 1, 2018.

Further to section C.2.1, we provide brief indications regarding what the regulations establish about the composition and functions of each board committee:

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

72

As a supplement to section C.2.5 on the key activities of the Risk Committee throughout 2017, it is to be noted that the Chairman of the Risk Committee presented to the Board of Directors a report on the activities of the Committee in 2017. The report gave an account of the meetings held by the Committee over the year and explained that the direct relationship had been strengthened between the Committee and the Group Chief Risk Officer. This was supplemented by the involvement of the heads of the various divisions of the Risk area, both at the holding level and at the level of each business unit of the Group. In his opinion this allowed for the proper performance of the duties assigned to the Committee by the Board. As to the Committee’s activity in each of the main functions assigned to it by the Board, he referred to the General Risk Appetite Framework of the BBVA Group, which the Committee had analyzed before submitting it to the consideration of the Board. In particular, he said that the Committee had analyzed in detail the Risk Appetite Statement and the core metrics for risk management and control in the BBVA Group, which in addition were monitored on an ongoing basis by the Committee to ensure that they stay within the thresholds specified by the Board. He said that the Risk Committee permanently monitors the performance of metrics “by type of risk” approved by the Executive Committee, and the disaggregation of the core metrics. The Committee Chair pointed out that another of the Committee’s main function is to monitor the performance of the Group’s risks. It does this in a structured manner by monitoring the risks by type per business unit, portfolio and sector, paying special attention to the main borrowers and risks in each category and sector to be appropriately aware of the trends of the entity’s main risks. Regarding other risks, he explained that the Committee monitors them, holding specific meetings for each, in addition to regular, monthly reporting to the Chief Risk Officer on the core metrics and factors impacting their performance. Also pointed that special attention is also paid by the Committee to the performance, monitoring and control of non-financial risks, namely operational risk. In the domain of risk policy, he said that the Committee had monitored and controlled corporate policies prior to their submission to the Executive Committee. The report touched upon the Committee’s monitoring of the infrastructure and resources relied on by the Risk area for the proper performance of its duties, and said that it had been verified that the Group’s Risk area had the resources, systems, structures and means required to implement the Board’s risk strategy. As to other functions, he said that the Risk Committee had been directly involved in the analysis of the indicators included in the Remuneration Policy approved by the Board of Directors, which were submitted to the Annual General Meeting for approval, to ensure said indicators are aligned with an adequate institution-wide risk control and management model and with the parameters established in the Group’s General Risk Appetite Framework. He also noted that the Committee has reviewed the regulatory reports that are relevant to the Group, including the Capital and Liquidity Self-Assessment Plan and the Group Recovery Plan, to align them with the General Risk Appetite Framework and verify the adequate preparation and implementation of the applicable stress scenarios. He also said that the Committee supervises the risk strategy’s alignment with price policies on an ongoing basis, fostering the inclusion of profitability metrics in terms of risk appetite in the risk monitoring and control model. Finally, was set out the tasks that the Risk Committee has analyzed and debated the Group’s Risk Appetite Framework proposal for 2018, in accordance with the Institution’s general decision making process, which is coordinated with the annual budget preparation process.

Likewise, regarding the most important actions of the Remuneration Committee during 2017, the Chairman of the Remuneration Committee submitted a report to the Board on its activities during 2017 including, among others, the Committee works on the proposals to the Board on the remuneration policy for directors, senior managers and other employees whose professional activities may have a significant impact on the Group’s risk profile (Identified Staff).

Therefore, it should be noted that as the main activities carried out in 2017, the Remuneration Committee has submitted to the Board a proposal for a new BBVA Directors’ Remuneration Policy for the years 2017, 2018 and 2019, which was approved by the General Shareholders’ Meeting held on March 17, 2017, as well as a new remuneration policy for BBVA’s Identified Staff, and the approval of a new corporate remuneration policy applicable to all employees of the Bank and of subsidiaries forming part of its consolidated group, in line with the new regulations published in 2016 and best market practices on remuneration.

In execution of said remuneration policies, the Committee has analyzed the necessary proposals to be submitted to the Board for application of the policies.

In particular, regarding the remuneration issues of executive directors, the Committee submitted to the Board: the settlement of the Annual Variable Remuneration; the updating of the deferred parts of the variable remuneration of previous years; the determination of the fixed and target variable remuneration for 2017; the determination of the annual and multi-year indicators for the calculation of the Annual Variable Remuneration as well as their weightings, targets and new scales for achievement, minimum thresholds Attributable Profit and Capital Ratio established in the respective remuneration policies for Directors and Identified Staff as ex ante adjustments to variable remuneration, and the corresponding scales established to determine the generation of annual variable remuneration in 2017. Moreover, the Committee has determined, for its proposal to the Board, the contractual conditions for the Chief Executive Officer and the executive Global Economics Regulations and Public Affairs Director (“GERPA Director”).

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

73

Regarding the remuneration issues of Senior Management, the Committee’s activities have been especially intense on reviewing its basic contractual framework in light of the new applicable regulations. In this regard, has carried out the determination of the basic contractual conditions for the Senior Management regarding its fixed and target variable remuneration; has determined the contributions to the pension schemes and other applicable remuneration; has analyzed the Bank’s contractual commitments with members of the Senior Management for notice, compensation and post-contractual non-competition, submitting to the Board the corresponding proposals.

The Committee has reviewed as well the application of the Remuneration Policy for Identified Staff during the closing exercise 2016, including the process carried out by the Bank to identify this Staff, and as well has received information concerning application of the procedure for identification of Identified Staff in the BBVA Group in 2017.

Furthermore, among other duties, the Committee has proposed to the Board for its approval and submission to the General Shareholders Meeting: the Annual Report on Directors’ Remuneration, and the agreement concerning the ratio 1:2 between the fixed and the variable remuneration for a specified number of members of the Identified Staff.

Detailed information on the activity carried out by the Remuneration Committee is available in the Bank’s corporate website (www.bbva.com).

With respect to section D (Related-party and Intragroup Transactions), see Note 53 of the BBVA Annual Consolidated Financial Statements for 2017. With respect to section D.4, it details the transactions conducted by Banco Bilbao Vizcaya Argentaria, S.A. at the close of the year, with the company issuing securities on international markets, carried out as part of ordinary trading related to the management of outstanding issuances. Moreover, with respect to section D.4, please refer to the section entitled “Offshore financial centers” in the BBVA Consolidated Management Report for 2017.

As to adherence to codes of ethics or good practice, it is to be noted that in 2011 the BBVA Board of Directors approved the Bank’s adhesion to the Code of Best Tax Practices (Código de Buenas Prácticas Tributarias) approved by Foro de Grandes Empresas according to the wording proposed by the State Tax Administration Agency (AEAT). During this year, it has been compliant with the contents of this Code. Moreover, BBVA is committed to applying the provisions of the Universal Declaration of Human Rights, Principles of United Nations Global Compact (which BBVA has formally signed), Equator Principles (to which BBVA has been formally adhered since 2004), the United Nations Responsible Investment Principles, the Green Bond Principles, and other conventions and treaties involving international organizations such as the Organization for Economic Cooperation and Development and the International Labor Organization. In addition, BBVA is a member of the United Nations Environmental Program Finance Initiative and the Thun Group of Banks on Human Rights.

This annual report on corporate governance has been approved by the company’s board of directors on 12 February 2018.

List whether any Directors voted against or abstained from voting on the approval of this Report.

NO

This English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.

74

SIGNATURE

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.