provides independent oversight of risk taking and risk management activities across the enterprise. Risk oversight committees, through broad-based membership, also provide oversight of risk taking and risk management activities. The third line of defense is Audit Services, which provides independent, objective assurance that controls are effective and appropriate relative to the risk inherent in the business and that risk mitigation programs and risk oversight functions are effective in managing risks. Risk Culture To enable the achievement of our mission and strategic priorities, we are committed to a set of shared values, which reflect our culture, inform our behaviours, and help define how we work together: • Obsess about customers – Predict their needs and do everything in our power to satisfy them. • Do the right thing – Act with integrity and do what we say. • Think big – Anything is possible. We can always find a better way. • Get it done together – We’re surrounded by an amazing team. Do it better by working together. • Own it – Feel empowered to make decisions and take action to deliver our mission. • Share your humanity – Build a supportive, diverse and thriving workplace. Risk Culture Vision – Within this context, we strive for a risk aware culture, where individuals and groups are encouraged, feel comfortable and are proactive in making transparent, balanced risk-return decisions that are in the long-term interests of the Company. Risk Culture Framework – We have set a framework of desired behaviours to foster a strong risk aware culture. The framework is assessed against a set of qualitative and quantitative indicators and regularly reported to MFC’s board of directors (the “Board”) and executive leadership, with the intent to continuously identify opportunities to increase risk awareness across all geographies, businesses and layers of management and staff. We believe that risk culture is strengthened once desired organizational behaviours and attitudes are reinforced through effective application of our corporate values. As such, we communicate key elements of our values through a risk lens to build a strong risk aware culture, including: • Transparency – Encourage an environment where we can get it done together by openly discussing the strengths, weaknesses and potential range of outcomes of an issue, proposal or initiative and making informed decisions. Escalate issues before they become significant problems. • Risk appetite – Once we have identified a risk or situation, we establish a risk appetite and own that decision. • Learn – Use mistakes and failures as learning moments and share what was learned; think big by sharing beyond teams and business units. Seek out lessons learned from throughout the organization in order to continuously improve and grow our business the right way. • Incentives – Align personal incentives with our goals and how we want to execute our plan. When things go wrong, share our humanity by maintaining a supportive environment to ensure appropriate incentives for continued transparency and lessons learned. Risk Governance The Board oversees our culture of integrity and ethics, strategic planning, risk management, and corporate governance, among other things. The Board carries out its responsibilities directly and through its four standing committees: • Risk Committee – Oversees the management of our principal risks, and our programs, policies and procedures to manage those risks. • Audit Committee – Oversees internal control over financial reporting and our finance, actuarial, internal audit and global compliance functions, serves as the conduct review committee, reviews our compliance with legal and regulatory requirements and oversees the performance, qualifications and independence of our external auditors. • Management Resources and Compensation Committee – Oversees our global human resources strategy, policies, programs, management succession, executive compensation, and pension plan governance. • Corporate Governance and Nominating Committee – Develops our governance policies and procedures, including environmental, social and governance related matters, including climate change, among other activities. The CEO is directly accountable to the Board for our results and operations and all risk taking activities and risk management practices required to achieve those results. The CEO is supported by the CRO as well as by the Executive Risk Committee (“ERC”). Together, they shape and promote our risk culture, guide risk taking throughout our global operations and strategically manage our overall risk profile. The ERC, along with other executive-level risk oversight committees, establishes risk policies, guides risk taking activity, monitors significant risk exposures and sponsors strategic risk management priorities throughout the organization. GRM, under the direction of the CRO, establishes and maintains our ERM Framework and oversees the execution of individual risk management programs across the enterprise. GRM seeks to ensure a consistent enterprise-wide assessment of risk, risk based capital and risk-adjusted returns across all operations. The ERC approves and oversees the execution of the Company’s enterprise risk management program. It establishes and presents for approval to the Board the Company’s risk appetite and enterprise-wide risk limits and monitors our overall risk profile, including key and 47