S&P Global employs internal controls and processes to proactively identify emerging risks and opportunities, promote resilience and comply with applicable laws and regulations. We also work to foster a risk-aware culture by empowering our people to recognize and manage risk and make informed, data-driven decisions in our day-to-day operations.

Risk management is overseen by the Board of Directors. The Board regularly reviews key risks at the board and committee level and periodically assesses the appropriate oversight structure for such risks. For additional information on the Board’s oversight of risk management, including committeelevel responsibility for specific risk categories, see the 2025 Proxy Statement.

While the Board provides oversight, management is responsible for the day-to-day management of the company’s risk exposures in a manner consistent with the company’s strategic and agreed risk appetite. Management provides regular updates to the Board and Audit Committee concerning strategic, operational and emerging risks and the company’s efforts to help mitigate those risks.

As a critical component of the company’s risk management process, the company has adopted an integrated risk management framework to continuously identify, assess, measure, manage, monitor and report current and emerging risks. As part of this framework, the company has an Executive Risk Management Committee (ERMC), which is chaired by the company’s Chief Risk Officer. The ERMC oversees the company’s risk management framework, including the implementation of the framework components across the company. In addition, the Management Risk Committee (MRC) and divisional risk committees provide executive-level forums for regular discussion and oversight of risks specific to each division or function. The ERMC promotes a strong, company-wide culture of risk management, compliance and control.