Manulife US REIT - Annual Report 2020

All of MUST’s activities involve elements of risk-taking. The objective is to balance the REIT’s level of risk with its business, growth and profitability goals, in order to achieve consistent and sustainable performance over the long-term that benefits MUST and its Unitholders. ERM Framework The Manager employs an enterprise- wide approach to all risk-taking and risk management activities supporting the business objectives. Under the Enterprise Risk Management (ERM) framework, risk management strategies are established for each of the principal risks. The Manager embeds a strong risk culture and a common approach to risk management integral to the REIT’s risk management practices. This allows individuals and groups to make better risk- return decisions that align with the REIT’s overall risk appetite, strategic objectives and our Unitholders’ requirements. These ERM practices are influenced and impacted by internal and external factors, which can significantly impact the levels and types of risks MUST might face in its pursuit to strategically optimise risk-taking and risk management. The Manager’s ERM framework incorporates relevant impacts and mitigating actions as appropriate. The Board is responsible for the governance of risk across the REIT and ensuring sound risk management and internal control systems. This includes the overall risk strategy based on risk appetite, risk identification, risk measurement and assessment, risk monitoring and reporting, risk control and mitigation. The Board is supported by the Audit and Risk Committee (ARC) for the oversight of risk management and delegates this through a governance framework that is centred on the three lines of defence model: • MUST’s 1 st line of defence includes the management team and respective leaders of the Manager, also referred to as business units and functional support groups. They are ultimately accountable for the risks they assume and for the day-to-day management of the risks and related controls. • The 2 nd line of defence includes the oversight functions such as the Legal and Compliance teams. The ARC also contributes to the oversight of risk-taking and risk mitigation activities. Roles and Authorities Identify, Assess, Measure, Manage and Report INTERNAL Factors/Culture 1. Risk Identification • Embed a Strong Risk Culture • Continuously Understand and Identify Risks • Identify Emerging Risks Governance and Strategy Evaluate 2. Risk Assessment and Measurement • Risk Appetite • Risk Assessment Criteria • Risk and Control Self- Assessment • Measure Quantitatively or Assess Qualitatively • Assess Risk Impact and Risk Vulnerability 3. Risk Management and Reporting • Risk Control Activities • Risk Reduction Strategies • RiskMonitoring and Reporting EXTERNAL 57 ANNUAL REPORT 2020 ENTERPRISE RISK MANAGEMENT