Manulife US REIT - Annual Report 2021

MANULIFE US REIT 74 The Manager employs an enterprise-wide approach to all risk-taking and risk management activities supporting the business objectives. Under the Enterprise RiskManagement (ERM) framework, riskmanagement strategies areestablished for each of the principal risks. TheManager embeds a strong risk culture and a common approach to risk management integral to the REIT’s risk management practices. This allows individuals and groups to make better risk-return decisions that align with the REIT’s overall risk appetite, strategic objectives and our Unitholders’ requirements. Our approach to riskmanagement is communicated through risk policies, which are intended to enable consistent design and execution of strategies across the REIT. Our risk policies cover: • Roles and authorities – Assignment of accountability and delegation of authority for risk oversight and risk management at various levels within the REIT, as well as accountability principles; • Governance and strategy – The types and levels of risk the REIT seeks, given its strategic plan, the internal and external environment, and risk appetite which drive risk limits and policies; • Execution – Risk identification, assessment, measurement and mitigation which enable those accountable for risks to manage and monitor their risk profile; and • Evaluation – Validation, back testing and oversight to confirm that the REIT generated the risk profile it intended, root cause analysis of any notable variation, and any action required to re-establish desired levels when exposures materially increase to bring exposures back to desired levels and achieve higher levels of operational excellence. These ERMpractices are influenced and impacted by internal and external factors, which can significantly impact the levels and types of risks MUST might face in its pursuit to strategically optimise risk-taking and risk management. The Manager’s ERM framework incorporates relevant impacts and mitigating actions as appropriate. The Board is responsible for the governance of risk across the REIT and ensuring sound riskmanagement and internal control systems. This includes the overall risk strategy based on risk appetite, risk identification, risk measurement and assessment, risk monitoring and reporting, risk control and mitigation. The Board is supported by the Audit and Risk Committee (ARC) for the oversight of risk management and delegates this through a governance framework that is centred on the three lines of defence model: • MUST’s 1 st line of defence includes the management team and respective leaders of the Manager, also referred to as business units and functional support groups. They are ultimately accountable for the risks they assume and for the day-to-day management of the risks and related controls. All of MUST’s activities involve elements of risk-taking. The objective is to balance the REIT’s level of risk with its business, growth and profitability goals, in order to achieve consistent and sustainable performance over the long-term that benefits MUST and its Unitholders. Roles and Authorities Factors/Culture Execution 1. Risk Identification • Embed a Strong Risk Culture • Continuously Understand and Identify Risks • Identify Emerging Risks Governance and Strategy Evaluation 2. Risk Assessment and Measurement • Risk Appetite • Risk Assessment Criteria • Risk and Control Self-Assessment • Measure Quantitatively or Assess Qualitatively • Assess Risk Impact and Risk Vulnerability 3. Risk Management and Reporting • Risk Control Activities • Risk Reduction Strategies • RiskMonitoring and Reporting EXTERNAL INTERNAL Enterprise Risk Management ERM Framework