Strategic Shareholder Climate and Risk Financial Financial Barclays PLC 57 report information sustainability report Governance review review statements Annual Report 2022 Managing risk (continued) The Enterprise Risk Management Framework defines nine Principal Risks Principal Risks Risks are classified into Principal Risks, as below How risks are managed The risk of loss to the Group from the failure of clients, customers or counterparties Credit risk teams identify, evaluate, sanction, limit and monitor various forms of credit exposure, individually and Credit risk (including sovereigns), to fully honour their obligations to the Group, including the whole in aggregate. and timely payment of principal, interest, collateral and other receivables. The risk of loss arising from potential adverse changes in the value of the Group’s assets A range of complementary approaches to identify and evaluate Market risk are used to capture exposure to Market risk and liabilities from fluctuation in market variables including, but not limited to, interest rates, Market risk. These are measured, limited and monitored by market risk specialists. foreign exchange, equity prices, commodity prices, credit spreads, implied volatilities and asset correlations. Liquidity risk Treasury and Capital risk is identified and managed by specialists in Capital Planning, Liquidity, Asset and Liability Treasury and Management and Market Risk. A range of approaches are used appropriate to the risk, such as limits; plan The risk that the Group is unable to meet its contractual or contingent obligations or that it Capital risk monitoring; and stress testing. does not have the appropriate amount, tenor and composition of funding and liquidity to support its assets. Capital risk The risk that the Group has an insufficient level or composition of capital to support its normal business activities and to meet its regulatory capital requirements under normal operating environments and stressed conditions (both actual and as defined for internal planning or regulatory testing purposes). This also includes the risk from the Group’s pension plans. Interest rate risk in the banking book The risk that the Group is exposed to capital or income volatility because of a mismatch between the interest rate exposures of its (non-traded) assets and liabilities. The impact on Financial and Operational Risks arising from climate change through physical The Group assesses and manages its Climate risk across its businesses and functions in line with its net zero Climate risk risks, risks associated with transitioning to a low-carbon economy and connected risks ambition by monitoring exposure to elevated risk sectors, conducting scenario analysis and risk assessments for arising as a result of second order impacts on portfolios of these two drivers. key portfolios. Climate risk controls are embedded across the financial and Operational Principal Risk types through the Barclays Group's frameworks, policies and standards. The risk of loss to the Group from inadequate or failed processes or systems, human The Group assesses and manages its Operational risk and control environment across its businesses and Operational risk factors or due to external events (for example, fraud) where the root cause is not due to functions with a view to maintaining an acceptable level of residual risk. credit or market risks. The potential for adverse consequences from decisions based on incorrect or misused Models are evaluated for approval prior to implementation, and on an ongoing basis. Model risk model outputs and reports. The risk of poor outcomes for, or harm to, customers, clients and markets, arising from the The Conduct Risk Management Framework (CRMF) sets out the control objectives and minimum control Conduct risk delivery of the Group's products and services. requirements which must be implemented to manage Conduct risk. A selection of tools is mandated in the CRMF and Barclays Control Framework to support with the assessment of conduct risks, whilst the governance of Conduct risk is fulfilled through management committees and forums with clear escalation and reporting lines to Board-level committees. The risk that an action, transaction, investment, event, decision, or business relationship Reputation risk is managed by embedding our Purpose and Values, and maintaining a controlled culture within the Reputation risk will reduce trust in the Group’s integrity and/or competence. Group, with the objective of acting with integrity, enabling strong and trusted relationships to be built with customers and clients, colleagues and broader society. Each business assesses Reputation risk using standardised tools and the governance is fulfilled through management committees and forums, clear escalation and reporting lines to the Group Board. The risk of loss or imposition of penalties, damages or fines from the failure of the Group to Legal risk is managed by the identification of legal risks by the Legal function, the engagement of the Legal Legal risk meet its legal obligations, including regulatory or contractual requirements. function in situations that have the potential for legal risk, and the escalation of legal risk as necessary.