Risk Identification, Measurement and Assessment We have a common approach and process to identify, measure, and assess the risks that we assume. We evaluate all potential new business initiatives, acquisitions, product offerings, reinsurance arrangements, and investment and financing transactions on a comparable risk-adjusted basis. Segments and functional groups are responsible for identifying and assessing key and emerging risks on an ongoing basis. A standard inventory of risks is used in all aspects of risk identification, measurement and assessment, and monitoring and reporting. Risk exposures are evaluated using a variety of measures focused on both short-term net income attributed to shareholders and long-term economic value, with certain measures used across all risk categories, while others are applied only to some risks or a single risk type. Measures include stress tests such as sensitivity tests, scenario impact analyses and stochastic scenario modeling. In addition, qualitative risk assessments are performed, including for those risk types that cannot be reliably quantified. We perform a variety of stress tests on earnings, regulatory capital ratios, economic capital, earnings-at-risk and liquidity that consider significant, but plausible events. We also perform other integrated, complex scenario tests to assess key risks and the interaction of these risks. Economic capital and earnings-at-risk provide measures of enterprise-wide risk that can be aggregated and compared across business activities and risk types. Economic capital measures the amount of capital required to meet obligations with a high and pre-defined confidence level. Our earnings-at-risk metric measures the potential variance from quarterly expected earnings at a particular confidence level. Economic capital and earnings-at-risk are both determined using internal models. Risk Monitoring and Reporting Under the direction of the CRO, GRM oversees a formal process for monitoring and reporting on all significant risks at the Company-wide level. Risk exposures are also discussed at various risk oversight committees, along with any exceptions or proposed remedial actions, as required. On at least a quarterly basis, the ERC and the Board’s Risk Committee reviews risk reports that present an overview of our overall risk profile and exposures across our principal risks. The reports incorporate both quantitative risk exposure measures and sensitivities, and qualitative assessments. The reports also highlight key risk management activities and facilitate monitoring compliance with key risk policy limits. The results of the Financial Condition Test and Own Risk and Solvency Assessment are presented to the Board annually by our Chief Actuary and CRO, respectively. Our Chief Auditor reports the results of internal audits of risk controls and risk management programs to the Audit Committee and the Board’s Risk Committee annually. Management reviews the implementation of key risk management strategies, and their effectiveness, with the Board’s Risk Committee annually. Risk Control and Mitigation Risk control activities in place throughout the Company are designed to mitigate risks within established risk limits. We believe our controls, which include policies, procedures, systems and processes, are appropriate and commensurate with the key risks faced at all levels across the Company. Such controls are an integral part of day-to-day activity, business management and decision making. GRM establishes and oversees formal review and approval processes for product offerings, insurance underwriting, reinsurance, investment activities and other material business activities, based on the nature, size and complexity of the risk taking activity involved. Authorities for assuming risk at the transaction level are delegated to specific individuals based on their skill, knowledge and experience. Principal Risk Categories Our insurance, wealth and asset management and other financial services businesses subject Manulife to a broad range of risks. Management has identified the following risks to which our businesses, operations and financial condition are subjected to, grouped under five principal risk categories: strategic risk, market risk, credit risk, product risk and operational risk. The following sections describe the risk management strategies and risk factors for each principal risk category. The risks described below are not the only ones we face. Additional risks not presently known to us or that are currently immaterial could also impair our businesses, operations and financial condition in the future. If any of such risks should occur, the trading price of our securities, including common shares, preferred shares and debt securities, could decline, and investors may lose all or part of their investment. Strategic Risk Strategic risk is the risk of loss resulting from the inability to adequately plan or implement an appropriate business strategy that allows us to effectively compete in the markets in which we operate, or to adapt to change in the external business, political or regulatory environment. 49