Capital and Risk Management Pillar 3 Disclosures for the period ended December 31, 2021

2. Risk Management Objectives and Policies

2.1 Risk Governance

The principal types of risk inherent in our business are market, liquidity, credit and operational risks.

The Board has overall responsibility for determining the strategy for risk management, setting the Group's risk appetite and ensuring that risk is monitored and controlled effectively. It accomplishes its mandate through the activities of two dedicated committees:

The Risk Policy and Compliance Committee ("RPCC"): This committee of the Board assists the Board in fulfilling its responsibilities by overseeing the Group's risk profile and its performance against approved risk appetites and tolerance thresholds. Specifically, the committee considers the sufficiency of the Group's policies, procedures and limits related to the identification, measurement, monitoring and control of activities that give rise to credit, market, liquidity, interest rate, operational, regulatory, compliance, climate and reputational risks, as well as overseeing its compliance with laws, regulations and codes of conduct.

The Audit Committee: This committee reviews the overall adequacy and effectiveness of the Group's system of internal controls and the control environment, including in respect of the risk management process. It reviews recommendations arising from internal and independent audit review activities and management's response to any findings raised.

Both the RPCC and Audit Committee are supported in the execution of their respective mandates by the dedicated Audit, Compliance and Risk Policy Committees for our UK, Guernsey, Jersey, Cayman Islands and The Bahamas operations, which oversee the sufficiency of local risk management policies and procedures and the effectiveness of the system of internal controls that are in place. These committees are chaired by non-executive directors drawn from the boards of directors for each segment.

The Group executive management team is led by the Chairman and CEO and includes the members of executive management reporting directly to the Chairman and CEO. The executive management team is responsible for setting business strategy and for monitoring, evaluating and managing risks across the Group. It is supported by the following management committees:

The Group Risk and Compliance Committee ("GRCC"): This committee comprises executive and senior management team members and is chaired by the Group Chief Risk Officer. It provides a forum for the strategic assessment of risks assumed across the Group as a whole based on an integrated view of credit, market, liquidity, legal, regulatory and financial crime compliance, fiduciary, operational, cybersecurity, climate, insurance, pension, investment, capital and reputational risks, ensuring that these exposures are consistent with the risk appetites and tolerance thresholds promulgated by the Board and oversees the compliance of regulatory obligations arising under applicable laws, rules and regulations. It is responsible (i) for reviewing, evaluating and recommending the Group's Risk Appetite Framework, the results of the Capital Assessment and Risk Profile and recovery and resolution planning processes (including all associated stress testing performed) and the Group's key risk policies to the Board for approval; (ii) for reviewing and evaluating current and proposed business strategies in the context of our risk appetites; and (iii) for identifying, reviewing and advising on current and emerging risk issues and associated mitigation plans; and (iv) for reviewing the Group's compliance with external regulations and internal policies.

The Group Asset and Liability Committee ("GALCO"): This committee comprises executive and senior management team members and is chaired by the Group CFO. The committee is responsible for liquidity, interest rate and foreign exchange rate risk management and other balance sheet issues. It also oversees key policies and the execution of the Group's investment and capital management strategies and monitors the associated risks assumed. It is supported in the execution of its mandate by the work undertaken by the dedicated Asset & Liability Committees in each of the Bank's segments.

The Group Credit Committee ("GCC"): This committee comprises executive and senior management and is chaired by the Group Chief Risk Officer. The committee is responsible for a broad range of activities relating to the monitoring, evaluation and management of credit risks assumed across the Group at both transaction and portfolio levels. It is supported in the execution of its mandate by the Financial Institutions Committee ("FIC"), a dedicated sub-committee that is responsible for the evaluation and approval of recommended inter-bank and counterparty exposures assumed in the Group's treasury and investment portfolios, and by the activities of the jurisdictional Credit Committees, which review and approve transactions within delegated authorities and recommends specific transactions outside of these limits to the GCC for approval.

The Provisions and Impairments Committee: This committee comprises executive and senior management team members and is chaired by the Group Chief Risk Officer. The committee is responsible for approving significant provisions and other impairment charges. It also oversees the overall credit risk profile of the Group in regards to non-accrual loans and assets. It is supported in the execution of its mandate by jurisdictional credit committees and the GCC, which make recommendations to this committee.