Risk Management and Internal Control

Morgan has an established risk?management methodology which?seeks to identify, prioritise and?mitigate risks, underpinned by?a ‘three lines of defence’ model?comprising an internal control?framework, internal monitoring?and independent assurance?processes.

The Board considers that risk management and internal control are fundamental to achieving the Group aim of delivering long-term sustainable growth in shareholder value.

Principal risks and emerging risks are identified both ‘top down’ by the Board and the Executive Committee and ‘bottom up’ through the Group’s global business units (GBUs) and divisions. The severity of each risk is quantified by assessing its inherent impact and mitigated probability, to ensure that the residual risk exposure is understood and prioritised for control throughout the Group.

Senior executives are responsible for the strategic management of the Group’s principal and emerging risks, including related policy, guidelines and processes, subject to Board oversight.

Further information on risk management is available on pages 38 – 43 of the 2021 Annual Report.