Principle 1 - Be Accountable (continued) Risk Management Process BOARD • The Board is responsible for overseeing enterprise-wide risk management and is actively involved in the monitoring of risks that could affect us. • The members of the Board have direct access to, and receive regular reports from, the senior executives and other officers responsible for coordinating enterprise-wide risk management, including our Chief Financial Officer, Group Chief Risk Officer, Group Chief Underwriting Officer, and Group General Counsel, each of whom reports directly to our Chief Executive Officer, as well as other senior personnel such as our Chief Investment Officer, Chief Accounting Officer, Chief Human Resources Officer, Head of Internal Audit, Chief Compliance Officer, Chief Technology Officer, Corporate Information Security Officer and Corporate Actuary. • The Board delegates certain of its risk management responsibilities to its committees as set forth in the committee charters. • The Non-Executive Chair of the Board participates in meetings of each committee from time to time on an ex officio basis and monitors the identification of risks or other matters that might require cross-committee coordination and collaboration or the attention of the full Board. COMMITTEES • Each committee regularly receives and discusses materials from the other committees, and we believe this allows the directors to be aware of the various risks across the Company. • Each committee performs a comprehensive annual self-assessment as part of the Board’s overall governance effectiveness review and assessment, which reflects the committees’ evaluation of our corporate risk management practices and, if applicable, the identification of potential new oversight needs in light of changes in our strategy, operations or business environment. • Each committee considers the self-assessment and identified new oversight needs when conducting their annual charter reviews and recommending changes to the charters, such as those adopted in 2021. Key Risks Overseen Audit Committee Governance and Investment and Risk Human Capital Committee Management Committee • Financial statements integrity • Executive and employee • Enterprise-wide risk and reporting compensation management framework • Cybersecurity and business • Succession planning • Investment strategies and risk limits continuity (executive and director) • Key financial, non-operational • Legal, regulatory and • DEI, employee development, risk or exposures (including compliance CSR and similar ESG matters climate risk) • Tax compliance • Governance structure and • Insurance risk processes • Capital and liquidity requirements • Shareholder concerns MANAGEMENT • At least annually, our Chief Risk Officer presents a comprehensive risk management overview to the Board to demonstrate management coverage and Board oversight of significant identified risks. This overview outlines our procedures for the identification and measurement of, response to, and monitoring and reporting of risk. • Management representatives from our risk, legal, regulatory, compliance, human resources, treasury, finance, investments, reserving, information security, accounting and internal audit functions: – Regularly report to the Board and each committee at quarterly scheduled sessions, including at least annually to the Governance and Human Capital Committee regarding the potential risks of our compensation policies and practices; and – Separately meet with, and are interviewed by, our committees in executive sessions. Page 4
2022 ClimateWise Report Page 5 Page 7