9. Risk Management and Risk Factors This section provides an overview of our overall risk management approach along with detailed description of specific risks which may affect our results of operations or financial condition and the strategies used to manage those risks. Enterprise Risk Management Framework Delivering on our mission “Decisions made easier. Lives made better”, our ambition is to be the most digital, customer-centric global company in our industry. The activities required to achieve these results involve elements of risk taking. Our approach to risk management is governed by our Enterprise Risk Management (“ERM”) Framework. Culture Risk Identification Analysis and Assessment Management Framework Response Materialized Risks Assessment of Risk Appetite Management of Principal Risks Non-Materialized Risks • Stress Testing • Risk Capital Management • Risk Appetite and Limit Management Evolving Risk Program Our ERM Framework provides a structured approach to risk taking and risk management activities across the enterprise, supporting our long-term revenue, earnings, and capital growth strategy. It is communicated through risk policies and standards, which are intended to enable consistent design and execution of strategies across the organization. We have a common approach to managing all risks to which we are exposed, and to evaluating potential directly comparable risk-adjusted returns on contemplated business activities. Our risk policies and standards cover: • Risk roles and authorities – Assignment of accountability and delegation of authority for risk oversight and risk management at various levels within the Company, as well as accountability principles; • Governance and strategy – The types and levels of risk the Company seeks given its strategic plan, the internal and external environment, and risk appetite which drives risk limits and policies; • Execution – Risk identification, measurement, assessment, and mitigation which enable those accountable for risks to manage and monitor their risk profile; and • Evaluation – Validation, back testing and independent oversight to confirm that the Company generated the risk profile it intended, root cause analysis of any notable variation, and any action required to re-establish desired levels when exposures materially increase such that risk appetite is neared or exceeded. Our risk management practices are influenced and impacted by external and internal factors (such as economic conditions, political environments, technology and risk culture), which can significantly impact the levels and types of risks we might face in pursuit of strategically optimized risk taking and risk management. Our ERM Framework incorporates relevant impacts and mitigating actions as appropriate. ThreeLinesofDefenseModel A strong risk culture and a common approach to risk management are integral to Manulife’s risk management practices. Management is responsible for managing risk within risk appetite and has established risk management strategies and monitoring practices. Our approach to risk management includes a “three lines of defense” governance model that segregates duties among risk taking activities, risk monitoring and risk oversight, and establishes appropriate accountability for those who assume risk versus those who oversee risk. Our first line of defense includes the Chief Executive Officer (“CEO”), Segment and Business Unit General Managers, Global Function Heads and all business operations personnel. In our matrix reporting model, the Segment General Managers are ultimately accountable for their business results, the risks they assume to achieve those results, and for the day-to-day management of the risks and related controls, and the Global Function Heads are accountable for the management of the risks and related controls for their function. The second line of defense is comprised of the Company’s Chief Risk Officer (“CRO”), the Global Risk Management (“GRM”) function, the Company’s Chief Compliance Officer and the Global Compliance Office, and other global oversight functions. Collectively, this group 46 | 2022AnnualReport | Management’sDiscussionandAnalysis