Strategic Shareholder Climate and Risk Financial Financial Barclays PLC 266 report information sustainability report Governance review review statements Annual Report 2022 Risk management Barclays’ risk management strategy This section introduces the Group’s approach to managing and identifying risks, and for fostering a sound risk culture. Enterprise Risk Management risks, and set out details of which policies ▪ The Second line is comprised of the Risk Framework (ERMF) are needed, and high level governance and Compliance functions. The role of arrangements the second line is to establish the limits, The ERMF outlines the highest level rules and constraints, and the principles for risk management by setting ▪ policies set out the control objectives frameworks, policies and standards out standards, objectives and key and high level requirements to address under which all activities shall be responsibilities of different groups of the key principles articulated in their performed, consistent with the risk employees of the Group. associated frameworks. Policies state appetite of the Group, and to oversee ‘what’ those within scope are required to It is approved by the Barclays PLC Board the performance of the firm against do on recommendation of the Group Board these limits, rules and constraints . Risk Committee and the Group Chief Risk ▪ standards set out the detail of the Controls for first line activities will Officer. control requirements to ensure the ordinarily be established by the control The ERMF sets out: control objectives set by the policies are officers operating within the control met. ▪ principal risks faced by the Group, which framework of the firm. These will remain guide the organisation of risk subject to oversight by the second line. Segregation of duties – the ‘Three Lines management processes of Defence’ model ▪ The Third line of defence is Internal ▪ risk appetite requirements. This helps The ERMF sets out a clear lines of defence Audit, who are responsible for providing define the level of risk we are willing to model. All colleagues are responsible for independent assurance over the undertake in our business understanding and managing risks within effectiveness of governance, risk the context of their individual roles and management and controls over current, ▪ risk management and segregation of responsibilities, as set out below. systemic and evolving risks. duties: The ERMF defines a Three Lines of Defence model ▪ The First line comprises all employees ▪ The Legal function provides support to engaged in the revenue-generating and all areas of the bank and is not formally ▪ roles and responsibilities for key risk client-facing areas of the Group and all part of any of the three lines of defence, management and governance: The associated support functions, including The Legal function is responsible for the accountabilities of the Group CEO, Finance, Operations, Treasury, and identification of all Legal and Regulatory Group CRO and other senior managers, Human Resources. The first line is Risks. Except in relation to the legal as well as an overview of Barclays PLC responsible for identifying and managing advice it provides or procures, it is committees. the risks in which they are engaged, subject to second line oversight with The ERMF is complemented by operating within applicable limits, and respect to its own operational and frameworks, policies and standards which escalating risk events or issues as conduct risks, as well as with respect to are mainly aligned to individual principal appropriate. Employees in the first line the Legal and Regulatory Risks to which risks: have primary responsibility for their risks the bank is exposed. and their activities are subject to ▪ frameworks cover high level principles oversight from the relevant parts of the guiding the management of principal second and third lines.