Risk committee Membership as of All members of the risk committee are independent and a majority are December 31, 2022:* knowledgeable about risk management and risk disciplines. There is cross- C. James Prieur – Chair membership between the risk committee and the management resources and Susan F. Dabarno compensation committee, and the committee holds a joint meeting with the audit Julie E. Dickson committee at least once a year. Donald R. Lindsay The committee met five times in 2022, including one joint meeting with the audit May Tan committee. It has approved this report and is satisfied that it has carried out all of Leagh E. Turner the responsibilities required by the committee charter. * On February 15, 2023, Nicole Arnaboldi joined the committee, and May Tan and Don Lindsay resigned from the committee. Key responsibilities Key activities Identifying and assessing • Reviewed reports from the Chief Risk Officer on risk appetite, risk limits, principal our principal risks and risk exposures, stress tests and emerging risks and policies, procedures and overseeing the programs, controls in place to manage principal risks. procedures and controls in • Reviewed reports from the Chief Auditor on the adequacy and effectiveness of the place to manage them procedures and controls to manage the principal risks. • Reviewed reports on capital targets and ratios. • Reviewed the company’s information services risk management program, including reports at each meeting on cyber security risks, mitigation and resilience, and engaged in discussions regarding the effectiveness of the program and controls for identifying and addressing the related risks. • Monitored updates from business segments on the key risks and risk management strategies. Developing, overseeing and • Considered the appropriate balance of risk and return, and reviewed the risk reviewing our enterprise appetite and risk limits and recommended to the board for approval. risk management framework, risk appetite and risk limits Reviewing the risk impact • Reviewed the risk impact of the strategic plan, including consistency with the of the business plan and approved risk appetite and related risk management and controls. new business initiatives, including consistency with our risk appetite and related risk management and controls Aligning our compensation • Reviewed reports on the alignment of compensation programs with sound programs with sound risk governance principles and established risk appetite. management principles and our established risk appetite Overseeing the risk • Reviewed and approved the mandates of the Chief Risk Officer and the risk management function management function, and reviewed the performance evaluation and assessed the effectiveness of each. • Reviewed and approved the budget, structure, skills and resources of the risk management function. Overseeing our compliance • Reviewed and approved changes to the risk policy framework and related with risk management enterprise policies. policies The committee meets without management present at each meeting. The committee also met in private with the Chief Risk Officer, Chief Information Officer, Chief Information Risk Officer, Chief Auditor and the Global Compliance Chief throughout the year. 34 Manulife Financial Corporation