FY21 ESG Disclosures July 2022 Unaudited 65 Technological risk related to transitional climate change impacts Financial risks and opportunities related to shifting geopolitics Mitigation strategy Our strategy to mitigate this risk includes continuing to partner with our clients, leveraging our relationships and engaging in regular, proactive dialogue to ensure we understand their business, customers and evolving needs. Our FY22 Climate Risk Assessment identifies other risk mitigation measures as part of an adaptive planning process, which include: 1. Conduct early market research on potential technology-related acquisitions and partnerships to expand capabilities and leverage third-party expertise. 2. Develop energy and emissions solutions that are targeted towards particular sector-based climate challenges. 3. Develop our own internal capabilities to apply technology to support our clients’ implementation of sustainable principles and business models—for example, a circular economy. Strengthen multi-capital assessments capability to articulate net zero, social and environmental benefits of sector-based technology and solutions. Several planning and review governance mechanisms enable regular assessment and response to dynamic geopolitical circumstances. Our Global Enterprise Risk Steering Committee, chaired by our EVP for ERM, oversees and works with teams, including the Economic and Geopolitical Risk Team, to evaluate risks, opportunities and potential impacts to end markets, client sectors and operations, among others. We conduct annual and quarterly business planning, which provides a regular governance cycle to review changing E&G circumstances, assess impacts to the business and evaluate response options and priorities. This cycle also includes detailed operations management reviews and planning, including client trends and global talent management. Our company strategy refreshes approximately every 3 years. Generally, this process includes third party-assisted detailed market research based on global trends; comprehensive consultative engagement with Senior Vice Presidents and above regarding challenges, opportunities and priorities within the business and regular updates to the Board during the development process. GOV.12 Corruption Our publicly-available Code of Conduct for our employees , Board of Directors , CEO and senior financial officers, and publicly-available Supplier Code of Conduct for our suppliers and other business partners summarize our anti-bribery and corruption policy. We have a Global Anti-Bribery Policy and anti- competitive related policies, including Gifts and Hospitality, Charitable and Political Contributions, and Due Diligence of Third Parties. These policies set forth specific procedures that must be followed, and criteria and processes that are required, before onboarding a supplier or other Third Party, extending hospitality, etc. We conduct annual Code of Conduct training and periodic training specifically on anti- bribery and corruption and anti-competitive behavior. Additional details can be found in the Values, Ethics and Code of Conduct section of this document. In FY21, 99% of our employees completed our online Code of Conduct training, which included a written acknowledgment of completion. Our FY21 Form 10-K contains a discussion of some of the risks and uncertainties that could have a material adverse effect on the Company, including from corruption. GOV.13 Cybersecurity and Data Privacy Data security is overseen by our Vice President, Cybersecurity, Enterprise Architecture and Quality Assurance, who reports to our Chief Digital & Information Officer. We drive a holistic and integrated protection program inclusive of GS&R and Legal. Our program includes executing to our business management system, which provides clarity and defined accountabilities for risk assessment and management; administrative, technical, regulatory, and procedural requirements and safeguards; periodic