Purpose
This Code of Business Conduct and Ethics (this “Code”) provides a general statement of the expectations regarding the business conduct and ethical standards that each director, officer and employee of Financial Institutions, Inc. (“FII”) and its subsidiaries (collectively, the”Company”) should adhere to while acting on behalf of the Company.  Each director, officer and employee is expected to read and become familiar with the business conduct and ethical standards described in this Code and will be required, annually, to affirm his or her agreement to adhere to such standards by signing the Code of Business Conduct and Ethics Policy Acknowledgement.

Administration
The Company’s Board of Directors is responsible for setting the standards of business conduct contained in this Code and updating these standards as it deems appropriate to reflect changes in the legal and regulatory framework applicable to the Company, the business practices within the Company’s industry, the Company’s own business practices, and the prevailing ethical standards of the communities in which the Company operates.  While the Company’s Chief Risk Officer will oversee the procedures designed to implement this Code to ensure that they are operating effectively, it is the individual responsibility of each director, officer and employee of the Company to comply with this Code. Violations of this Code by any director, officer or employee may subject such individual to dismissal for cause or other disciplinary action, as determined by such individual’s supervisor, together with civil or criminal sanctions in certain cases.

• maintaining a safe and healthy work environment;
• promoting a workplace that is free from discrimination or harassment based on race, color, religion, sex, sexual orientation, national origin and veteran status, or other factors that are unrelated to the Company’s business interests;
• supporting fair competition and laws prohibiting restraints of trade and other unfair trade practices;
• conducting its activities in full compliance with all applicable environmental laws;
• keeping the political activities of the Company’s directors, officers and employees separate from the Company’s business.
• prohibiting any illegal payments to any government officials or political party representatives of any country; and
• complying with all applicable state and federal banking, consumer and securities laws

Insider Trading
Simply put, it is illegal for you to buy or sell FII’s common stock while you are in possession of material non-public information or to pass such information to others.  A director, officer, or employee who fails to follow this policy could, as a maximum penalty, lose his or her job, be imprisoned for up to ten years, be fined up to $1 million and have to forfeit up to three times the profits or losses avoided.

“Non-public information” consists of information that is known within the Company that has not been publicly released.  “Material” information is information that a reasonable investor would consider important in deciding to buy, sell or hold FII common stock.  Material information can be favorable or unfavorable.

There are no valid excuses for insider trading.  There are no financial hardship exemptions.  It does not matter that you need to buy a house or pay for college or medical expenses.  There is no exception for small trades.  Losing money is not a defense.  If you have material non-public information – don’t trade.  Always assume your trading or advice to others will be scrutinized with twenty-twenty hindsight and presume the worst outcome.

If you obtain material non-public information concerning a depositor, borrower, supplier or other company doing business with the Company, the law considers you to be an insider of that company and, therefore, you may not purchase or sell such company’s securities or make trading recommendations to others.  You must always remember that information, which may not be material to the Company, may be material to the other company.

If you have questions regarding insider trading contact the Chief Financial Officer.

Conflicts of Interest; Corporate Opportunities
Directors, officers and employees should not be involved in any activity that creates or gives the appearance of a conflict of interest between their personal interests and the Company’s interests.  Directors, officers and employees complete questionnaires annually to notify the Company’s Director of Human Resources of the existence of any actual or potential conflict of interest.
The following will serve as a guide to the types of activity which might cause conflicts and which should be fully reported to the Company’s Director of Human Resources of the existence of any actual or potential conflict of interest.
In particular, no director, officer or employee shall:

• Be consultant to, or a director, officer or employee of, or otherwise operate an outside business:
• That markets products or services in competition with the Company’s current or potential products and services;
• That supplies products or services to the Company, provided outside the normal Have any financial interest, including stock ownership, except where such interest course of business; or
• That purchases products or services from the Company; provided outside the normal course of business.
• Solicit or accept for themselves or for a third party (other than the Company) anything of value from anyone in return for any business, service or confidential information of the Company;
• Have any financial interest, including stock ownership, except where such interest consists of securities of a publicly-owned corporation and such securities are regularly traded on the open market, in any such outside business that might create or give the appearance of a conflict of interest;
• Seek or accept any personal loan or services from any such outside business, except from financial institutions or service providers offering similar loans or services to third parties under similar terms in the ordinary course of their respective businesses;
• Accept any personal loan or guarantee of obligations from the Company, except to the extent such arrangements are legally permissible;
• Conduct business on behalf of the Company with immediate family members, which includes spouses, children, parents, siblings and persons sharing the same home whether or not legal relatives, (refer to Personnel Policy Handbook, Section “Employee Financial Responsibility”); or
• Use the Company’s property, information or position for personal gain.

The appearance of a conflict of interest may exist if an immediate family member of a director, officer or employee of the Company is a consultant to, or a director, officer or employee of, or has a significant financial interest in, a competitor or supplier of the Company.

Confidentiality; Protection and Proper Use of the Company Assets
Directors, officers and employees shall comply with all applicable privacy regulations and maintain the confidentiality of all information entrusted to them by the Company or its depositors, borrowers, suppliers, customers or other business partners, except when the Company authorizes disclosure or it is legally required.
Confidential information includes (1) information marked

“Confidential,” “Private,” “For Internal Use Only,” or similar legends, (2) technical or scientific information relating to current and future products, services or research, (3) business or marketing plans or projections, (4) earnings and other internal financial data, (5) personnel information, (6) supply and customer lists, (7) names, relationship, amounts or details, personal, financial or business data concerning any customer or applicant customer of the Company, and (8) other non-public information that, if disclosed, might be of use to the Company’s competitors, or harmful to the Company or its suppliers, customers or other business partners.

To avoid inadvertent disclosure of confidential information, directors, officers and employees shall not discuss confidential information with or in the presence of any unauthorized persons, including family members and friends.

Directors, officers and employees are personally responsible for protecting those Company assets that are entrusted to them and for helping to protect the Company’s assets in general.

Directors, officers and employees shall use the Company’s assets for the Company’s legitimate business purposes only.

Fair Dealing
The Company is committed to promoting the values of honesty, integrity and fairness in the conduct of its business and sustaining a work environment that fosters mutual respect, openness and individual integrity, Directors, officers and employees are expected to deal honestly and fairly with the Company’s customers, suppliers, competitors and other third parties.  To this end, directors, officers and employees shall not:

• make false or misleading statements to customers, suppliers or other third parties;
• make false or misleading statements about competitors;
• solicit or accept from any person that does business with the Company, or offer to extend to any such person.
• cash of any amount; or
• gifts, gratuities, meals or entertainment that could influence or reasonably give the appearance in influencing the Company’s business relationship with that person or go beyond common courtesies usually associated with accepted business practice;
• solicit or accept any fee, commission or other compensation for referring customers to third-party vendors; or
• otherwise take unfair advantage of the Company’s customers or suppliers, or other third parties, through manipulation, concealment, abuse of privileged information or any other unfair-dealing practice.

Accurate and Timely Periodic Reports
The Company is committed to providing investors with full, fair, accurate, timely and understandable disclosure in the periodic reports that it is required to file.  To this end, all directors, officers and employees shall strive to enable the Company to:

• comply with generally accepted accounting principles at all times;
• maintain a system of internal accounting controls that will provide reasonable assurances to management that all transactions are properly recorded;
• maintain books and records that accurately and fairly reflect the Company’s transactions;
• prohibit the establishment of any undisclosed or unrecorded funds or assets;
• maintain a system of internal controls that will provide reasonable assurances to management that material information about the Company is made known to management, particularly during the periods in which the Company’s periodic reports are being prepared; and
• present information in a clear and orderly manner and avoid the use of legal and financial jargon in the Company’s periodic reports.
• All directors, officers, and employees shall respond honestly and candidly when dealing with the Company’s independent and internal auditors, regulators and attorneys.

Whistleblower Policy
This Policy establishes procedures for the submission and processing of complaints or concerns received by Financial Institutions, Inc. (“FII) or any subsidiary (collectively, the “Company”) regarding (a) accounting, internal accounting controls, auditing matters, or violations of FII’s Code of Ethics for CFO, Senior Financial Officers and CEO (“Financial Concerns”), or (b) an alleged violation by any director, officer or employee of the Company of the Company’s Code of Business Conduct and Ethics (“Ethical Concerns”).

The Company has other procedures for processing complaints and concerns which are not Financial Concerns or Ethical Concerns, such as concerns about operational matters, consumer law matters and the like.

All complaints or concerns regarding Financial Concerns or Ethical Concerns shall be directed to the Chairman of the Audit Committee of FII’s Board of Directors (the “Chairman”), and shall be made in person or in writing, addressed to the Chairman at FII’s headquarters.  Any employee of the Company may submit such a complaint or concern on a confidential or anonymous basis in a sealed envelope with a legend such as: “Confidential and/or Anonymous Treatment Requested.”  If an employee desires to discuss the matter, the employee should indicate a telephone number at which he or she may be contacted.

Upon receipt of a complaint or concern the Chairman, with the assistance of legal counsel or other advisors as deemed appropriate, will determine if the matter actually is a Financial Concern or an Ethics Concern.  If the matter is neither, the Chief Risk Officer will notify the complainant, suggesting that the matter be referred to another department, as appropriate.

If the Chairman deems the matter to be a Financial Concern or an Ethical Concern, which is not significant, the Chairman or the Chief Risk Officer shall have the authority to resolve the matter, reporting the outcome to the complainant and to the appropriate Board Committee.  The Chief Risk Officer shall maintain a log of all such complaints and concerns, tracking the progress and resolution of each matter.

If the matter is determined by the Chairman to be significant and it is a Financial Concern, it shall be processed by the Auditing Committee; if an Ethics Concern it shall be processed by the Nominating and Governance Committee.

The Committee processing the complaint or concern shall work with the Chief Risk Officer in investigating and evaluating the matter, but the final determination of corrective action shall be the responsibility of the Committee.  The Chief Risk Officer and the appropriate Committee may enlist employees of the Company, outside legal counsel, or other advisors as the Committee, in its sole discretion, deems appropriate. In the case of confidential or anonymous complaints or concerns the Chief Risk Officer, the appropriate Committee and any employees or advisors involved in the matter shall use reasonable efforts to protect the confidentiality and anonymity of the complainant, and of the parties who are the subject of the matter.

Financial and Ethical Concerns shall be processed and resolved in timely manner, and the complainant shall be notified of the resolution.  If the resolution involves any discipline or censure of any director, officer, employee or vendor of the Company, the CEO and the appropriate department head shall be advised of the matter, respecting the confidentiality or anonymity of the complainant, if requested.  The appropriate Committee, with the assistance of the Chief Risk Officer, shall maintain a log of all complaints or concerns referred to such Committee, tracking the process and resolution of such matters.

The Company will not discharge, demote, suspend, threaten, harass or in any other manner discriminate against an employee in the terms and conditions of employment, or alter the status of a vendor, because of any lawful act of such employee or vendor with respect to good faith reporting of complaints or concerns pursuant to this Policy.

Waivers and Effective Date
he provisions of this Code may not be waived for any director, officer or employee.

This Code shall become effective on March 27, 2006 and shall remain in effect until amended by the Board of Directors of FII.