7. Duties

The Committee is responsible for:

Recommending the Group's overall risk appetite and tolerance to the Board for approval.

Reviewing the Group's material risk exposures, including market, credit, insurance, operational, regulatory, customer/conduct, reputational, cyber, investment, liquidity and economic and regulatory capital risks against the Group's risk methodologies and management's actions to monitor and control such exposures.

Reviewing and approving the Group's top risks annually, advising the Board on the likelihood and impact of principal risks materialising and their management and mitigation.

Reviewing the Group Risk Framework and related policies. The Committee will review and approve changes to the framework and new risk policies while recommending to the Board any material policies which require Board approval.

Facilitating the independent review 1 , in line with GWS guidance, of the Group Risk Framework at least once every three years, in order to ascertain that it remains fit for purpose. The Committee will approve any updates which do not require Board approval.

Reviewing compliance with the Group Risk Framework and risk policies, including resultant actions in respect of policy breaches.

Reviewing and approving the metrics to be used and changes required to the system of Group Approved Limits.

Reviewing breaches to Group Approved Limits and the proposed remedial actions, including cases which are escalated to the Committee by the Group Chief Risk and Compliance Officer.

Reviewing the outcome of the Group's stress and scenario testing and monitoring management's response to the results.

Approving the annual Risk and Compliance plan for the Group, monitoring progress and key control findings from Compliance reviews, and requesting that the function undertake specific work where appropriate.