Business Continuity, Crisis Management & Disaster Preparedness 81 2021 ESG REPORT Business Continuity, Crisis Management & Disaster Preparedness We have a business continuity function dedicated to supporting the well-being of associates and customers in times of natural disaster, pandemic, civil unrest, active threat and other unplanned incidents. The business continuity team plans for and performs exercises to seamlessly manage through a crisis and ensure our business operations are back up and running in a timely manner. Business continuity plans address multiple types of incidents and are exercised through centralized and location-specific simulations to ensure strategies are comprehensive and resilient. Active Threat Each year, training is provided to prepare associates for business disrupting incidents. All associates are required to complete active threat training, which provides strategies for personal safety and response in alignment with the U.S. Department of Homeland Security guidelines. To support active threats and other time-sensitive incidents, a mass notification system is used to alert associates across multiple contact channels on building closures, provide operational updates, and check on their safety and well-being. Crisis Management and Disaster Preparedness Our crisis management team is made up of senior leadership and provides guidance throughout crises. Annual preparation with the crisis management team provides guidelines and best practices for natural disasters, including hurricanes, tornadoes, wildfires and earthquakes. Updates on crisis management activities and business continuity preparedness are also provided to the Board of Directors on a periodic basis. Business Continuity Our business continuity team is led by our Chief Risk and Compliance Officer, who reports directly to our Chief Executive Officer. To navigate through the incident management life cycle, the team ensures preparedness, supports impacted locations, leads cross-functional exchanges of information, and suggests actions to mitigate risk across the business. Business continuity plans are developed and managed through industry-leading software to align the company’s critical business functions, technology needs and vendor relationships. The business continuity team closely partners with the IT disaster recovery technology team to ensure the alignment of applications for critical business functions. Disaster recovery testing across internal, cloud and vendor systems is performed annually to validate recovery requirements. All system recovery capabilities are closely coordinated between the teams to ensure IT capabilities for business-critical functions are available when needed.