Important components of our ERM strategy Multiple risk committees Our business risk committees play an important role in identifying and escalating risk findings and engaging in robust discussions around risk with senior management. The Marsh McLennan Risk Committee is the highest-level risk committee that provides a forum for the discussion and resolution of risk-related issues. Bottom-up and top-down reviews Our annual ERM process consists of (1) a bottom- up review of all risks facing Marsh McLennan, with Enterprise Risk Management business risk committees ultimately escalating risks to the Marsh McLennan Risk Committee, and (2) a top-down review of all risks facing the company Our Enterprise Risk Management (ERM) team advocates for and facilitates strong risk through the Board and Executive Committee risk management processes across our businesses and functions. Broadly stated, our goal is assessments. to manage risk — not avoid it. In coordination with our Executive Committee and Board of Board oversight Directors, we’ve developed a Risk Appetite Statement to encourage debate about the level of risk that we’re willing to absorb to achieve our goals. The Marsh McLennan Board annually reviews the Through our ERM process we: company’s key enterprise risks. Senior management presents to the Board on its strategy for each risk • Raise awareness of key risks and delivers mid-year and year-end reports. The Board receives updates on specific risks throughout • Implement a framework for managing top risks the year, including cybersecurity, human capital management and climate. • Integrate discussion about risk into our decision-making process • Foster alignment between senior management and the Board of Directors Overview Environment Social Governance Appendix 2022 ESG REPORT 49