WTW: 10-K Risk Factor Changes

Investments in our ordinary shares are subject to various risks and uncertainties, including as described in this Item 1A of Part I of our Annual Report on Form 10-K. In addition to the factors discussed elsewhere in this Annual Report on Form 10-K, the following are some of the important factors that could cause our actual results to differ materially from those projected in any forward-looking statements. These risk factors should be carefully considered in evaluating our business and investing in us. The descriptions below are not the only risks and uncertainties that we face. Additional risks and uncertainties that are presently unknown to us could also affect our financial results, including by impairing our business operations, financial condition, results of operations or the price of our ordinary shares. If any of the risks and uncertainties described below or other risks were to occur, our business operations, financial condition, results of operations or the price of our ordinary shares could be materially and adversely impacted. The risk factors described below are grouped into categories; the headings of these categories are inserted for convenience of reference only and are not intended to be a part of or to affect the meaning or interpretation of any of the risk factors described herein. Many risks affect more than one category, and the risks are not in order of significance or probability of occurrence solely because they have been grouped by categories. With respect to the tax-related consequences of acquisition, ownership, and disposal of ordinary shares, you should consult with your own tax advisors.

Our financial performance, including our business results, financial condition, result of operations, cash flows and price of our ordinary shares, is subject to various risks and uncertainties, including as described in this Item 1A of Part I of our Annual Report on Form 10-K. In addition to the factors discussed elsewhere in this Annual Report on Form 10-K, the following are some of the important factors that could cause our actual results to differ materially from those projected in any forward-looking statements. These risk factors should be carefully considered in evaluating our business. The descriptions below are not the only risks and uncertainties that we face. Additional risks and uncertainties that are presently unknown to us could also impair our business operations, financial condition or results. If any of the risks and uncertainties below or other risks were to occur, our business operations, financial condition or results of operations could be materially and adversely impacted. Risks in this section are grouped into categories; the headings of these categories are inserted for convenience of reference only and are not intended to be a part of or to affect the meaning or interpretation of any of the risk factors described herein. Many risks affect more than one category, and the risks are not in order of significance or probability of occurrence solely because they have been grouped by categories. With respect to the tax-related consequences of acquisition, ownership, and disposal of ordinary shares, you should consult with your own tax advisors.

•Macroeconomic trends, including inflation, changes in interest rates and trade policies, as well as political events, trade and other international disputes, war, terrorism, natural disasters, public health issues and other business interruptions, can adversely affect our business, results of operations or financial condition. Macroeconomic trends, including inflation, changes in interest rates and trade policies, as well as political events, trade and other international disputes, war, terrorism, natural disasters, public health issues and other business interruptions, can adversely affect our business, results of operations or financial condition. Macroeconomic trends, including inflation, changes in interest rates and trade policies, as well as political events, trade and other international disputes, war, terrorism, natural disasters, public health issues and other business interruptions, can adversely affect our business, results of operations or financial condition. •Demand for our services could decrease for various reasons, including a general economic downturn, increased competition, or a decline in a client’s or an industry’s financial condition or prospects, all of which could substantially and negatively affect us. Demand for our services could decrease for various reasons, including a general economic downturn, increased competition, or a decline in a client’s or an industry’s financial condition or prospects, all of which could substantially and negatively affect us. Demand for our services could decrease for various reasons, including a general economic downturn, increased competition, or a decline in a client’s or an industry’s financial condition or prospects, all of which could substantially and negatively affect us. •Damage to our business, including to our reputation, arising from, among other things, the failure of third parties on whom we rely to perform services or maintain positive public perceptions, could adversely affect our business, operations and results. Damage to our business, including to our reputation, arising from, among other things, the failure of third parties on whom we rely to perform services or maintain positive public perceptions, could adversely affect our business, operations and results. Damage to our business, including to our reputation, arising from, among other things, the failure of third parties on whom we rely to perform services or maintain positive public perceptions, could adversely affect our business, operations and results. •Our business may be harmed by any negative developments that may occur in the insurance industry or if we fail to maintain good relationships with insurance carriers. Our business may be harmed by any negative developments that may occur in the insurance industry or if we fail to maintain good relationships with insurance carriers. Our business may be harmed by any negative developments that may occur in the insurance industry or if we fail to maintain good relationships with insurance carriers.

•Macroeconomic trends, including inflation, changes in interest rates and trade policies, as well as political events, trade and other international disputes, war, terrorism, natural disasters, public health issues and other business interruptions, can adversely affect our business, results of operations or financial condition. Macroeconomic trends, including inflation, changes in interest rates and trade policies, as well as political events, trade and other international disputes, war, terrorism, natural disasters, public health issues and other business interruptions, can adversely affect our business, results of operations or financial condition. Macroeconomic trends, including inflation, changes in interest rates and trade policies, as well as political events, trade and other international disputes, war, terrorism, natural disasters, public health issues and other business interruptions, can adversely affect our business, results of operations or financial condition. •Demand for our services could decrease for various reasons, including a general economic downturn, increased competition, or a decline in a client’s or an industry’s financial condition or prospects, all of which could substantially and negatively affect us. Demand for our services could decrease for various reasons, including a general economic downturn, increased competition, or a decline in a client’s or an industry’s financial condition or prospects, all of which could substantially and negatively affect us. Demand for our services could decrease for various reasons, including a general economic downturn, increased competition, or a decline in a client’s or an industry’s financial condition or prospects, all of which could substantially and negatively affect us. •Our business, financial condition, results of operations, and long-term goals may continue to be adversely affected, possibly materially, by negative impacts on the global economy and capital markets resulting from wars or any other geopolitical tensions. Our business, financial condition, results of operations, and long-term goals may continue to be adversely affected, possibly materially, by negative impacts on the global economy and capital markets resulting from wars or any other geopolitical tensions. Our business, financial condition, results of operations, and long-term goals may continue to be adversely affected, possibly materially, by negative impacts on the global economy and capital markets resulting from wars or any other geopolitical tensions. •Damage to our business, including to our reputation arising from, among other things, the failure of third parties on whom we rely to perform services or maintain positive public perceptions, could adversely affect our business, operations and results. Damage to our business, including to our reputation arising from, among other things, the failure of third parties on whom we rely to perform services or maintain positive public perceptions, could adversely affect our business, operations and results. Damage to our business, including to our reputation arising from, among other things, the failure of third parties on whom we rely to perform services or maintain positive public perceptions, could adversely affect our business, operations and results. •Our business may be harmed by any negative developments that may occur in the insurance industry or if we fail to maintain good relationships with insurance carriers. Our business may be harmed by any negative developments that may occur in the insurance industry or if we fail to maintain good relationships with insurance carriers. Our business may be harmed by any negative developments that may occur in the insurance industry or if we fail to maintain good relationships with insurance carriers.

We are exposed to various risks arising out of disasters and business continuity problems, such as fires (such as the recent wildfires in southern California), earthquakes, hurricanes, terrorist attacks, acts of war or civil unrest, pandemics, security breaches, ransomware or destructive malware attacks, power loss, telecommunications failures or other natural or man-made disasters. Should we experience such an event, we may incur operational challenges, and our continued success will depend, in part, on the availability of our personnel, our office facilities, our outsourcing providers or other vendors, access to data, and the proper functioning of our computer, telecommunication and other related systems and operations. A disaster or business continuity problem of a significant scale or affecting certain of our key operating areas within or across regions, or our inability to successfully recover from such an event, particularly if any of these problems occur during peak times, could materially interrupt our business operations and cause material financial loss, loss of human capital, regulatory actions, reputational harm, damaged client relationships or legal liability.

Should we or a third party on whom we rely experience a disaster or other business continuity problem, such as an earthquake, hurricane, terrorist attack, act of war or other geopolitical conflict, pandemic, including prolonged effects of the COVID-19 pandemic, security breach, ransomware or destructive malware attack, power loss, telecommunications failure or other natural or man-made disaster, our continued success will depend, in part, on the availability of our personnel, our office facilities, our outsourcing providers or other vendors, access to data, and the proper functioning of our computer, telecommunication and other related systems and operations. In such an event, we could experience operational challenges with regard to our operations. A disaster on a significant scale or affecting certain of our key operating areas within or across regions, or our inability to successfully recover should we experience a disaster or other business continuity problem, could materially interrupt our business operations and cause material financial loss, loss of human capital, regulatory actions, reputational harm, damaged client relationships or legal liability, particularly if any of these problems occur during peak times.

We have been and may continue to be subject to inquiries and investigations by federal, state, international, or other governmental agencies regarding aspects of our clients’ businesses and/or our own businesses, including (but not limited to) regulated businesses such as our insurance brokerage, Benefits, Delivery and Administration (‘BDA’) reporting unit, and investment advisory services. Such inquiries or investigations can consume significant management time and result in regulatory sanctions, fines or other actions as well as significant legal fees, which could have a material adverse impact on our business, results of operations and liquidity. Also, we face additional regulatory scrutiny as we expand our businesses geographically and as we increase the scope of new products and services that we offer. All of these items reflect an increased focus by government agencies (in the U.K., U.S., and elsewhere) on various aspects of the operations and affairs of our businesses. We are unable to predict the outcome of these inquiries or investigations. Any proposed changes that result from these investigations and inquiries, or any other investigations, inquiries or regulatory developments, or any potential fines or enforcement action, could materially adversely affect our business and our results of operations.

We have also been and may continue to be subject to inquiries and investigations by federal, state or other governmental agencies regarding aspects of our clients’ businesses or our own businesses, especially regulated businesses such as our insurance broker, BDA, securities broker-dealer and investment advisory services. Such inquiries or investigations may consume significant management time and result in regulatory sanctions, fines or other actions as well as significant legal fees, which could have a material adverse impact on our business, results of operations and liquidity. Also, we may face additional regulatory scrutiny as we expand our businesses geographically and in new products and services that we offer. All of these items reflect an increased focus by regulators (in the U.K., U.S., and elsewhere) on various aspects of the operations and affairs of our regulated businesses. We are unable to predict the outcome of these inquiries or investigations. Any proposed changes that result from these investigations and inquiries, or any other investigations, inquiries or regulatory developments, or any potential fines or enforcement action, could materially adversely affect our business and our results of operations. 29 29

Global economic events and other factors, such as accommodative monetary and fiscal policy, have contributed to significant inflation in many of the markets in which we operate over time. In particular, inflation in the United States, Europe and other geographies has recently risen to levels not experienced in decades and we have seen, and may continue to see, its impact on various aspects of our business. In some cases, such inflation has had, or could have in the future, a negative effect on our operations and financial condition. In order to combat inflation and restore price stability, a number of central banks around the world raised interest rates and, as inflation has moderated, have begun to reduce them. Potential trade wars, including tariffs and retaliatory actions, also may contribute to inflation and/or hinder economic growth. If interest rates fluctuate and/or inflation rates or trade barriers increase, economic growth in a number of markets where we do business may be hindered and may continue to have far-reaching effects on the global economy. Weakness in the economy and the possibility of a global recession has had, and may continue to have, a negative effect on our business and financial condition, including on the value of our ordinary shares. Additionally, fluctuations in short-term interest rates in our major markets can impact our interest income derived from the investment of our owned and fiduciary cash. Moreover, U.S. and global economic conditions have the potential to create market uncertainty and volatility. Such general economic conditions, such as inflation, stagflation, political volatility, costs of labor, cost of capital, interest rates and tax rates, affect our operating and general and administrative expenses, and we have no control or limited ability to control such factors. If our costs grow significantly in excess of our ability to raise revenue, our margins and results of operations may be materially and adversely impacted and we may not be able to achieve our strategic and financial objectives. These conditions also affect our clients’ businesses and the markets that they serve and may reduce demand for our services, increase demands for pricing accommodations or cause a higher rate of delays in the collection of, or losses on, our accounts receivable, which could adversely affect our results of operations. Major public health issues have adversely affected, and could in the future materially adversely affect, our business, results of operations and/or financial condition. The future impact of a public health crisis will depend on future developments that we are unable to predict. Public health issues could continue to disrupt, possibly materially, our business operations and services that we provide or impact our business operations and results in the future. We are exposed to various risks arising out of natural disasters, including fires (such as the recent wildfires in southern California), earthquakes, hurricanes, floods and tornadoes, many of which could be exacerbated by climate change. These consequences could, among other things, implicate other risks described herein, including without limitation: business continuity risks; human capital risks; regulatory and reputational risks; and risks relating to alleged errors and omissions in performing client work, and thereby adversely impact our business, results of operations or financial condition. Additionally, U.S. and global markets are affected by geopolitical conflict in highly unpredictable ways and are currently experiencing volatility and disruption as a result of the ongoing war between Russia and Ukraine and the Middle East conflicts. These ongoing wars and other geopolitical conflicts could lead to further market disruptions and could have a material adverse effect on our business, prospects, financial condition and operating results. Further, a slowdown in the global economy, including a recession, or in a particular region or industry, inflation or a tightening of the credit markets could negatively impact our business, financial condition and liquidity, including by way of inhibiting our continued access to preferred sources of liquidity when we would like or by our increasing our borrowing costs. In particular, tightening of the credit markets could limit our ability to obtain external financing to fund our operations and capital expenditures, if and when needed. In addition, we could experience losses on our holdings of cash and investments due to failures of financial institutions and other 21 21 21 parties. Thus, a deterioration or prolonged period of negative or stagnant macroeconomic conditions in the U.S. and globally could adversely affect our business, results of operations or financial condition.

Global economic events and other factors, such as accommodative monetary and fiscal policy and the impacts of the COVID-19 pandemic, have contributed to significant inflation in many of the markets in which we operate. In particular, recently inflation in the United States, Europe and other geographies had risen to levels not experienced in recent decades and we have and may see its impact on various aspects of our business, which in some cases have, or could in the future, negatively affect our business and financial condition. In order to combat inflation and restore price stability, a number of central banks around the world have raised interest rates and may continue to do so in 2024. Increased inflation and the fluctuation of interest rates may hinder the economic growth in a number of markets where we do business, and has had, and may continue to have, far-reaching effects on the global economy. Weakness in the economy and the possibility of a global recession has had, and may continue to have, a negative effect on our business and financial condition, including on the value of our ordinary shares. Moreover, U.S. and global economic conditions have created market uncertainty and volatility. Such general economic conditions, such as inflation, stagflation, political volatility, costs of labor, cost of capital, interest rates and tax rates, affect our operating and general and administrative expenses, and we have no control or limited ability to control such factors. If our costs grow significantly in excess of our ability to raise revenue, our margins and results of operations may be materially and adversely impacted and we may not be able to achieve our strategic and financial objectives. These conditions also affect our clients’ businesses and the markets that they serve and may reduce demand for our services, increase demands for pricing accommodations or cause a higher rate of delays in the collection of, or losses on, our accounts receivable, which could adversely affect our results of operations. Major public health issues, including the COVID-19 pandemic, have adversely affected, and could in the future materially adversely affect our business, results of operations or financial condition. The COVID-19 pandemic disrupted certain aspects of our business and the businesses of our clients, third-party vendors, business partners and others, in every geography in which we operate and the ultimate extent of its impact on us, how we operate and our results, will depend on future developments that we are unable to predict. Public health issues could continue to disrupt, possibly materially, our business operations and services that we provide or impact our business operations and results in the future. Additionally, U.S. and global markets are affected by geopolitical conflict in highly unpredictable ways and are currently experiencing volatility and disruption as a result of the war between Russia and Ukraine and the Israel-Hamas war. These ongoing wars and other geopolitical conflicts could lead to further market disruptions and could have a material adverse effect on our business, prospects, financial condition, and operating results as further discussed in ‘Our business, financial condition, results of operations, and long-term goals may continue to be adversely affected, possibly materially, by negative impacts on the global economy and capital markets resulting from wars or any other geopolitical tensions’ below. Further, the continued slowdown in the global economy, including a recession, or in a particular region or industry, inflation or a tightening of the credit markets could negatively impact our business, financial condition and liquidity, including our ability to continue to access preferred sources of liquidity when we would like, and our borrowing costs could increase. In particular, further tightening of the credit markets could limit our ability to obtain external financing to fund our operations and capital expenditures, if and when needed. In addition, we could experience losses on our holdings of cash and investments due to failures of financial institutions and other parties. Thus, a deterioration or prolonged period of negative or stagnant macroeconomic conditions in the U.S. and globally could adversely affect our business, results of operations or financial condition. 21 21

We have stated certain financial goals, including with respect to our cash flows, our growth and margin targets, and our share repurchases. We have stated, and may in the future state, other goals for future periods. Our initiatives aiming to implement our strategy and to achieve future financial objectives pose potential operational risks and may result in distraction of management and colleagues. We cannot be certain whether we will be able to realize benefits from current revenue-generating or cost-saving initiatives, including our recently-completed Transformation program and our continued strategic efforts to achieve operational efficiencies, and ultimately realize our strategic objectives. Furthermore, we may not repurchase as many of our outstanding shares as anticipated due to market or business conditions or due to other factors, including decisions to prioritize acquisitions, investments or other uses of capital. There can be no assurance that our actual results will meet our stated financial goals. In addition, our pipeline estimates may prove to be unreliable either in a particular quarter or over a longer period of time. Should we be unable to succeed in our initiatives to drive growth and achieve our financial goals, we may have to delay, scale back or discontinue the development, deployment and commercialization of our products or services or delay our efforts to expand our transaction pipeline. As a result, our ability to deliver continued sustainable and profitable growth may be negatively impacted and financial performance across our segments and geographies may be adversely affected.

We have stated certain financial goals through the end of fiscal 2024, including with respect to our cash flows, our growth and margin targets, and our share repurchases. We have stated, and may in the future state, other goals for 2024 or future periods. Our initiatives aiming to implement our targets and future financial objectives pose potential operational risks and may result in distraction of management and colleagues. We cannot be certain whether we will be able to realize benefits from current revenue-generating or cost-saving initiatives, including our Transformation program, and ultimately realize our strategic objectives. In addition, costs necessary to realize the savings benefits of such initiatives may be greater, or require more time, than originally projected. There can be no assurance that our actual results will meet our stated financial goals. In addition, our pipeline estimates may prove to be unreliable either in a particular quarter or over a longer period of time. Should we be unable to succeed in our initiatives to drive growth and achieve our stated financial targets, we may have to delay, scale back or discontinue the development, deployment and commercialization of our products or services or delay our efforts to expand our transaction pipeline. As a result, our ability to deliver continued sustainable and profitable growth may be negatively impacted and financial performance across our segments and geographies may be adversely affected.

International conflicts and related geopolitical tensions increase the risk of sanctions impacting our business. In February 2022, Russia invaded Ukraine, which led to a series of economic and other sanctions on Russia imposed by the U.S., the E.U., the U.K., and other authorities. There also continue to be diplomatic and trade tensions between the U.S. and China, which have been exacerbated by Chinese military exercises around Taiwan, and which could lead to an increase in sanctions and the implementation of other trade measures. There has been an increase in U.S. sanctions designations in relation to Russia and China and counter-sanctions from both Russia and China in response to these sanctions. Additionally, in October 2023, conflict escalated in the Middle East between Israel 30 30 30 and Hamas, and subsequently Hezbollah and Iran. Sanctions issued in response to these Middle East conflicts could have an adverse impact on our operations. Sanctions imposed by the U.S., the E.U., the U.K. and other authorities on Russia, as well as Russian counter-sanctions, are extensive. Russian actions and the resulting sanctions could adversely affect the global economy and financial markets and lead to instability and lack of liquidity in capital markets. The ramifications of the hostilities and sanctions, however, may not be limited to Russia and Russian companies but may spill over to and negatively impact other regional and global economic markets (including Europe and the United States), companies in other countries (particularly those that have done business with Russia) and various sectors, industries and markets for securities and commodities globally, such as oil and natural gas. Accordingly, the actions discussed above and the potential for a wider conflict could increase financial market volatility and could cause severe negative effects on regional and global economic markets, industries and companies. In addition, retaliatory actions and other countermeasures by Russia, including cyberattacks and espionage against other countries and companies around the world, including where we do business, may negatively impact such countries and companies like us. The extent and duration of the Russian actions or future escalation of such hostilities, the extent and impact of existing and future sanctions, market disruptions and volatility, and the result of any diplomatic negotiations cannot be predicted. Touchpoints with sanctioned individuals, entities or locations can be difficult to identify and, given the increased scope and complexity of sanctions and the manual and varied nature of some of our processes, there is an increased risk of non-compliance. A number of volatile geopolitical events are likely to affect the implementation of sanctions such as the escalation of sanctions towards Belarus, Russia's invasion of Ukraine, the Israel-Hamas conflict, negotiations between the E.U., U.S. and Iran over a new nuclear deal, as well as continuing tensions between the U.S. and China with their sanctions and subsequent counter-sanctions. Some of these jurisdictions, such as China, may include significant businesses for us. As a result, we cannot predict the impacts of any changes in the U.S., E.U., U.K. or other sanctions, and whether such changes could have a material adverse impact on our operations or financial results.

As described above, our businesses are subject to the risk of sanctions imposed by the U.S., the E.U., the U.K. and other governments. International conflicts and related geopolitical tensions increase the risk of sanctions impacting our business. In February 2022, Russia invaded Ukraine, which led to a series of economic and other sanctions on Russia imposed by the U.S., the E.U., and the U.K. There also continue to be diplomatic and trade tensions between the U.S. and China, which have been exacerbated by Chinese military exercises around Taiwan, and which could lead to an increase in sanctions and the implementation of other trade measures. There has been an increase in U.S. sanctions designations in relation to Russia and China and counter-sanctions from both Russia and China in response to these sanctions. Touchpoints with sanctioned individuals, entities or locations can be difficult to identify and, given the increased scope and complexity of sanctions and the manual nature of some of our processes, there is an increased risk of non-compliance. A number of volatile geopolitical events are likely to affect the implementation of sanctions such as the escalation of sanctions towards Belarus, Russia's invasion of Ukraine, the Israel-Hamas conflict, negotiations between the E.U., U.S. and Iran over a new nuclear deal as well as continuing tensions between the U.S. and China with their sanctions and subsequent counter-sanctions. Some of these jurisdictions, such as China, may include significant businesses for us. As a result, we cannot predict the impacts of any changes in the U.S., E.U., U.K. or other sanctions, and whether such changes could have a material adverse impact on our operations or financial results.

The Company is heavily invested in the U.K. through our businesses and activities. Brexit has resulted in greater restrictions on business conducted between the U.K. and E.U. countries and has increased regulatory complexities. Uncertainty remains as to how changes to the U.K.’s access to the E.U. Single Market and the wider trading, legal, regulatory, tax, social and labor environments, especially in the U.K. and E.U., will be impacted over time, including the resulting impacts on our business and that of our clients. These Brexit-related changes may adversely affect our operations and financial results. We believe we have implemented appropriate arrangements for the continued servicing of client business in the countries most affected. However, various significant risks remain in relation to the effects of the post-Brexit arrangements between the E.U. and U.K. including the following, among others: •the risk that regulators in the U.K. or E.U. may issue amended guidance or regulations in relation to those solutions (including any amended E.U. regulatory guidance in connection with the use of third-country branches of E.U.-domiciled insurance intermediary entities, whether following supervisory statements such as that issued by European Insurance and Occupational Pensions Authority (‘EIOPA’) on February 3, 2023 or otherwise) or that we fail to gain regulatory authorizations which could affect our business, operations or strategic plans; the risk that regulators in the U.K. or E.U. may issue amended guidance or regulations in relation to those solutions (including any amended E.U. regulatory guidance in connection with the use of third-country branches of E.U.-domiciled insurance intermediary entities, whether following supervisory statements such as that issued by European Insurance and Occupational Pensions Authority (‘EIOPA’) on February 3, 2023 or otherwise) or that we fail to gain regulatory authorizations which could affect our business, operations or strategic plans; •the risk that we may require further changes to client contract terms and have to address additional regulatory requirements, including with respect to data protection and privacy standards; the risk that we may require further changes to client contract terms and have to address additional regulatory requirements, including with respect to data protection and privacy standards; •the risk over time of a loss of key talent, or an inability to hire sufficient and qualified talent, or the disruption to client servicing as a result of a need to relocate talent or roles or both between or within the E.U. and the U.K. as the regulatory and business environment changes following Brexit; the risk over time of a loss of key talent, or an inability to hire sufficient and qualified talent, or the disruption to client servicing as a result of a need to relocate talent or roles or both between or within the E.U. and the U.K. as the regulatory and business environment changes following Brexit; •the risk that the business solutions implemented by our market counterparties change as the U.K.-E.U. regulatory environment evolves in a way that necessitates further alterations to our business models, with the risks described above; the risk that the business solutions implemented by our market counterparties change as the U.K.-E.U. regulatory environment evolves in a way that necessitates further alterations to our business models, with the risks described above; •the risk that the U.K. will continue to have in place a limited number of trade agreements with the E.U. member states and/or any non-E.U. states leading to potentially adverse trading conditions with other territories; and the risk that the U.K. will continue to have in place a limited number of trade agreements with the E.U. member states and/or any non-E.U. states leading to potentially adverse trading conditions with other territories; and •the risk that the way in which the U.K.-E.U. regulatory and legal environment evolves differs from current expectations, resulting in the need to quickly and materially change our plans, and the risks described above with respect to any associated changes in such plans. the risk that the way in which the U.K.-E.U. regulatory and legal environment evolves differs from current expectations, resulting in the need to quickly and materially change our plans, and the risks described above with respect to any associated changes in such plans.

In 2023, approximately 18% of our revenue from continuing operations was generated in the U.K., although only about 11% of revenue from continuing operations was denominated in Pounds sterling as much of the insurance business is transacted in U.S. dollars or other currencies. Approximately 17% of our expenses from continuing operations were denominated in Pounds sterling. The impact that Brexit has had and may continue to have on the economy and market conditions in Europe, including in the U.K., or on the Pound sterling, Euro or other European currencies could materially adversely affect us and our operations. Among other things, the ongoing and future effects of Brexit could result in: lower growth in the region due to indecision by businesses holding off on generating new projects or due to adverse market conditions and/or reduced reported revenue and earnings because foreign currencies may translate into fewer U.S. dollars due to the fact that we convert revenue denominated in non-U.S. currencies, such as Pounds sterling, into U.S. dollars for our financial statements. In addition, there is a corresponding risk that our current or future hedging strategies may not be effective. On December 24, 2020, the E.U. and the U.K. agreed to the terms of a Trade and Cooperation Agreement (the ‘TCA’) that reflects certain matters agreed upon between the parties in relation to a broad range of separation issues, which provisionally applied as of January 1, 2021, and entered into force on May 1, 2021. While many separation issues have been resolved, some uncertainty remains in relation to the future regulation of financial services, among other matters. The TCA addresses issues related to financial services on a limited basis. The E.U. and the U.K. have separately agreed to a Memorandum of Understanding to establish a framework for future regulatory cooperation. The British government and the E.U. will therefore continue over time to negotiate certain terms of the U.K.’s future relationship with the E.U. that are not addressed in the TCA. The Company is heavily invested in the U.K. through our businesses and activities. If the outcomes of Brexit and the TCA negatively impact the U.K., then it could have a material adverse impact on us. 34 34 Brexit has resulted in greater restrictions on business conducted between the U.K. and E.U. countries and has increased regulatory complexities. Uncertainty remains as to how changes to the U.K.’s access to the E.U. Single Market and the wider trading, legal, regulatory, tax, social and labor environments, especially in the U.K. and E.U., will be impacted over time, including the resulting impacts on our business and that of our clients. For example, the loss of pre-Brexit passporting rights or regulatory limitations on the ability to conduct business in various E.U. countries by relying on a regulatory permission in the U.K. (or, conversely, doing business in the U.K. by relying on a regulatory permission in an E.U. country) may increase our costs of doing business or our ability to conduct business in impacted jurisdictions. These Brexit-related changes may adversely affect our operations and financial results. We believe we have implemented appropriate arrangements for the continued servicing of client business in the countries most affected. These arrangements include the transaction of certain businesses and/or the movement of certain businesses outside of the U.K. However, various significant risks remain in relation to the effects of the post-Brexit arrangements between the E.U. and U.K. some of which have yet to be agreed upon, including the following, among others: •the risk that our implemented business solutions could cost more than expected, or that regulators in the U.K. or E.U. may issue amended guidance or regulations in relation to those solutions (including any amended E.U. regulatory guidance in connection with the use of third-country branches of E.U.-domiciled insurance intermediary entities, whether following supervisory statements such as that issued by European Insurance and Occupational Pensions Authority (‘EIOPA’) on February 3, 2023 or otherwise) or that we fail to gain regulatory authorizations which could affect our business, operations or strategic plans; the risk that our implemented business solutions could cost more than expected, or that regulators in the U.K. or E.U. may issue amended guidance or regulations in relation to those solutions (including any amended E.U. regulatory guidance in connection with the use of third-country branches of E.U.-domiciled insurance intermediary entities, whether following supervisory statements such as that issued by European Insurance and Occupational Pensions Authority (‘EIOPA’) on February 3, 2023 or otherwise) or that we fail to gain regulatory authorizations which could affect our business, operations or strategic plans; •the risk that we may require further changes to client contract terms and have to address additional regulatory requirements, including with respect to data protection and privacy standards; the risk that we may require further changes to client contract terms and have to address additional regulatory requirements, including with respect to data protection and privacy standards; •the risk over time of a loss of key talent, or an inability to hire sufficient and qualified talent, or the disruption to client servicing as a result of equivalence not being granted on qualifications or qualification requirements themselves being changed, or a need to relocate talent or roles or both between or within the E.U. and the U.K. as the regulatory and business environment changes following Brexit; the risk over time of a loss of key talent, or an inability to hire sufficient and qualified talent, or the disruption to client servicing as a result of equivalence not being granted on qualifications or qualification requirements themselves being changed, or a need to relocate talent or roles or both between or within the E.U. and the U.K. as the regulatory and business environment changes following Brexit; •the risk that the efforts and resources allocated to the post-Brexit evolution of regulations and laws, and associated changes to our operations, cause disruptions to our existing businesses, whether inside or outside the U.K., or both; the risk that the efforts and resources allocated to the post-Brexit evolution of regulations and laws, and associated changes to our operations, cause disruptions to our existing businesses, whether inside or outside the U.K., or both; •the risk that the business solutions implemented by our market counterparties change as the U.K.-E.U. regulatory environment evolves in a way that necessitates further alterations to our business models, with the risks described above; the risk that the business solutions implemented by our market counterparties change as the U.K.-E.U. regulatory environment evolves in a way that necessitates further alterations to our business models, with the risks described above; •the risk that the U.K. will continue to have in place a limited number of trade agreements with the E.U. member states and/or any non-E.U. states leading to potentially adverse trading conditions with other territories; and the risk that the U.K. will continue to have in place a limited number of trade agreements with the E.U. member states and/or any non-E.U. states leading to potentially adverse trading conditions with other territories; and •the risk that the way in which the U.K.-E.U. regulatory and legal environment evolves differs from current expectations, resulting in the need to quickly and materially change our plans, and the risks described above with respect to any associated changes in such plans. the risk that the way in which the U.K.-E.U. regulatory and legal environment evolves differs from current expectations, resulting in the need to quickly and materially change our plans, and the risks described above with respect to any associated changes in such plans. There is also a risk that other countries may decide to leave the E.U. We cannot predict the impact that any additional countries leaving the E.U. will have on us, but any such impacts could materially adversely affect us.

Our success depends, in part, on our ability to develop and implement innovative technology, data and analytic solutions that anticipate, lead, keep pace with or respond to rapid and continuing changes in technology both for internal operations, for maintaining industry standards, meeting client preferences and gaining competitive advantage. We may not be successful in anticipating or responding to these developments in a timely and cost-effective manner or in attracting and maintaining personnel with the necessary skills in this area. Our ideas may not lead to the desired internal efficiencies or be accepted in the marketplace. In addition, we may not be able to implement technology-based solutions as quickly as desired if, for example, greater resources are required than originally expected or resources are otherwise needed elsewhere. The effort to gain technological and data expertise and develop new technologies or analytic techniques in our business requires us to incur significant cost and attract qualified technical talent who are in high demand. Our competitors are seeking to develop competing or new technologies, and their success in this space may impact our ability to differentiate our services to our clients through the use of unique technological solutions. If we do not keep up with technological changes or execute effectively on our strategic initiatives, our business and results of operations could be adversely impacted. For example, incorporating artificial intelligence (‘AI’) into certain product offerings is becoming more important in our operations, particularly as our competitors, including new entrants focused on using technology and innovation, such as generative AI, digital platforms, data analytics, robotics and blockchain, seek to simplify and improve the client experience, increase efficiencies, alter business models and effect other potentially disruptive changes in the industries in which we operate. If we fail to keep pace with rapidly evolving AI and other technological developments, our competitive position and business results may be negatively impacted. In certain cases, we may decide, based on perceived business needs, to make investments that may be greater than we currently anticipate. If we cannot offer new technologies or data and analytic services or solutions as quickly or effectively as our competitors, or if our competitors develop more cost-effective technologies or analytic tools, it could have a material adverse effect on our ability to obtain and complete client engagements. There are significant risks involved in our efforts to keep pace with technological developments and no assurance can be provided that the usage of such technology will enhance our business or assist us in being more efficient or profitable. While development and enhancement of our technology systems may improve the efficiency of data analytics and reduce certain costs, there is no assurance that the benefits related to such advancements will outweigh such investment costs or outweigh such risks. The enhancement and development of technology systems may enhance cybersecurity risks and operational and technological risks, as any latency, disruption or failure in such technological tools could result in errors in analyses and compromise the integrity, security or privacy of generated content. Additionally, the process of integrating technology systems of businesses we acquire is complex and exposes us to additional risk. We may not adequately identify weaknesses in the information systems or information handling, privacy and security policies and protocols of targets, which could expose us to unexpected liabilities or make our own systems and data more vulnerable to cybersecurity incidents. For further discussion of risks relating to these technology systems, please see ‘Data and cybersecurity breaches or improper disclosure of confidential company or personal data could result in material financial loss, regulatory actions, reputational harm and/or legal liability’ below. 20 20 20 We depend on our technology systems for conducting business, as well as for providing the data and analytics we use to manage and administer our business. As a result, our business success is dependent on maintaining the effectiveness of existing technology systems and on continuing to develop and enhance technology systems that support our business processes and strategic initiatives in a cost- and resource-efficient manner, particularly as our business processes become more digital. We have a number of strategic initiatives involving investments in technology and infrastructure to support our own systems as well as partnerships with technology companies. These investments can be costly and require significant capital expenditures, and such investment may not be profitable or may be less profitable than what we have experienced historically. In addition, investments in technology systems may not deliver the benefits or perform as expected or may be replaced or become obsolete more quickly than expected, which could result in operational difficulties or additional costs. In some cases, we also depend on our partners and key vendors to provide technology and other support for these and other strategic initiatives. If these partners or vendors fail to perform their obligations as we expect them to do or at all or such partners or vendors otherwise cease to work with us, our ability to execute on our strategic initiatives, and our business and results of operations, could be adversely impacted.

Our success depends, in part, on our ability to develop and implement technology, data and analytic solutions that anticipate, lead, or keep pace with rapid and continuing changes in technology both for internal operations and for maintaining industry standards and meeting client preferences. We may not be successful in anticipating or responding to these developments in a timely and cost-effective manner or in attracting and maintaining personnel with the necessary skills in this area. Additionally, our ideas may not lead to the desired internal efficiencies or be accepted in the marketplace. In addition, we may not be able to implement technology-based solutions as quickly as desired if, for example, greater resources are required than originally expected or resources are otherwise needed elsewhere. The effort to gain technological and data expertise and develop new technologies or analytic techniques in our business requires us to incur significant cost and attract qualified technical talent who are in high demand. Our competitors are seeking to develop competing or new technologies, and their success in this space may impact our ability to differentiate our services to our clients through the use of unique technological solutions. For example, incorporating artificial intelligence into certain product offerings may become more important in our operations over time. If we fail to keep pace with rapidly evolving artificial intelligence technological developments, our competitive position and business results may be negatively impacted. In certain cases, we may decide, based on perceived business needs, to make investments that may be greater than we currently anticipate. If we cannot offer new technologies or data and analytic services or solutions as quickly or effectively as our competitors, or if our competitors develop more cost-effective technologies or analytic tools, it could have a material adverse effect on our ability to obtain and complete client engagements. We depend on our technology systems for conducting business, as well as for providing the data and analytics we use to manage our business. As a result, our business success is dependent on maintaining the effectiveness of existing technology systems and on continuing to develop and enhance technology systems that support our business processes and strategic initiatives in a cost- and resource-efficient manner, particularly as our business processes become more digital. We have a number of strategic initiatives involving investments in technology and infrastructure to support our own systems as well as partnerships with technology companies as part of our Transformation program and as a subset of our overall growth strategy. These investments may be costly and require significant capital expenditures and/or may not be profitable or may be less profitable than what we have experienced historically. In addition, investments in technology systems may not deliver the benefits or perform as expected or may be replaced or become obsolete more quickly than expected, which could result in operational difficulties or additional costs. If we do not keep up with technological changes or execute effectively on our strategic initiatives, our business and results of operations could be adversely impacted. As part of our efforts to enhance our technological capabilities, from time to time, we may utilize artificial intelligence, machine learning, data analytics, and similar tools that collect, aggregate and analyze data (collectively, ‘Data Tools’). There are significant risks involved in utilizing Data Tools and no assurance can be provided that the usage of such Data Tools will enhance our business or assist us in being more efficient or profitable. While Data Tools may improve the efficiency of data analytics and reduce certain costs, there is no assurance that the expenses related to Data Tools directly or indirectly borne by us will outweigh such reduced investment costs or outweigh such risks. In addition, the use of Data Tools may enhance cybersecurity risks and operational and technological risks. The technologies underlying Data Tools and their use cases are rapidly developing, and remain subject to existing laws, including privacy, consumer protection and federal equal opportunity laws. As a result, it is not possible to predict all of the legal, 20 20 operational or technological risks related to the use of Data Tools. Moreover, Data Tools are the subject of evolving review by various regulatory agencies, including the SEC and the U.S. Federal Trade Commission, and changes in the regulation of the use of Data Tools may adversely affect our ability to use them in a manner that is cost- and resource-effective. For further discussion of risks relating to these technology systems, please see ‘Data and cybersecurity breaches or improper disclosure of confidential company or personal data could result in material financial loss, regulatory actions, reputational harm, and/or legal liability’ below.

We are subject to numerous laws and regulations in the U.S. and foreign jurisdictions, only certain of which are named here, designed to protect the personal information of client and company constituents and suppliers. These laws often develop in ways we cannot predict, and some laws may be in conflict with one another. This may significantly increase our cost of doing business, particularly as we expand our localization efforts. In addition, we may not be readily able to achieve compliance with the requirements of certain privacy and data security laws and regulations within the required periods for compliance. Certain laws and regulations we are subject to prohibit or restrict the transmission of data outside of certain countries’ borders, and certain others impose heightened obligations on specific categories of sensitive personal information, such as health or financial information. These laws have significantly increased our responsibilities when handling personal data including, without limitation, requiring us: to conduct privacy impact assessments or data protection impact assessments; to restrict the transmission or cross border transfers of data; to adopt and maintain new privacy policies and notices; and to publicly disclose significant data breaches. For example, we are subject to the European Union’s General Data Protection Regulation (the ‘E.U. GDPR’), violations of which may result in possible fines of up to 4% of global annual turnover for the preceding financial year or €20 million (whichever is higher). Furthermore, following Brexit, we became subject to the U.K.’s Data Protection Act (together with the E.U. GDPR, the ‘GDPR’). In June 2021, the European Commission formally approved an adequacy decision for the U.K. on data protection in which they deemed the U.K.’s data protection regime sufficient to protect E.U. personal data, but the U.K. is considering changes to the Data Protection Act and there is no guarantee that the European Commission will continue to retain its adequacy decision with respect to U.K. data protection law in the future. Additionally, legal developments in Europe have created complexity and regulatory compliance uncertainty regarding certain transfers of personal information from the European Economic Area to the U.S. For example, a July 2020 judgment by the Court of Justice of the European Union on Schrems II invalidated the E.U.-U.S. Data Privacy Shield and on July 10, 2023, the European Commission adopted a new adequacy decision on the E.U.-U.S. Data Privacy Framework (‘Data Privacy Framework’). The Data Privacy Framework created new privacy obligations allowing personal information to be transferred from the E.U. to U.S. entities who have self-certified under the framework. We currently rely on a mixture of mechanisms to lawfully transfer personal data from our U.K. and E.U. businesses to the U.S. and other countries, with standard contractual clauses being the preferred transfer mechanism. As supervisory authorities issue enforcement actions and further guidance on personal information export mechanisms, including circumstances where the standard contractual clauses cannot be used, we could suffer additional costs, or become subject to complaints, regulatory investigations and/or fines. Moreover, if we are otherwise unable to transfer personal information between and among countries and regions in which we operate, it could affect the manner in which we provide our services and could adversely affect our financial results. Additionally, U.S. states continue to adopt comprehensive state-level privacy laws, which began with the California Consumer Privacy Act (‘CCPA’) (effective January 1, 2020), as amended by the California Privacy Rights Act (‘CPRA’) (effective on January 1, 2023). These laws generally provide consumers with certain rights (including rights to correct their data, limit the use and disclosure of sensitive personal information, and opt out of the sharing of personal information for certain targeted behavioral advertising purposes), and require companies to make detailed disclosures to residents of those states about their data collection, use and sharing practices. The Company is also subject to data privacy laws and regulations that apply to the collection, storage and use of personal health information, including, without limitation, the U.S. Health Insurance Portability and Accountability Act of 1996 (‘HIPAA’), enforced by the Office for Civil Rights within the Department of Health and Human Services, and the New York State Department of Financial Services’ cybersecurity regulations outlining required security measures for the protection of data, and numerous U.S. and foreign marketing and telecommunications laws and regulations designed to protect consumers from unwanted or fraudulent communications. A violation of any such law may lead to litigation or regulatory liability, including substantial financial damages or fines. The burdens imposed by the U.S. state-level privacy laws and other laws that may be enacted at the federal and state level in the future may require us to modify our data processing practices and policies and to incur substantial costs in order to comply with these laws and to 26 26 26 investigate and defend against potential private class-action litigation or litigation brought by regulatory authorities. We expect that other U.S. states and other countries will continue to implement their own data privacy and data security laws. The People’s Republic of China and India, among other countries, have enacted stringent data protection laws that, among other things, may restrict data transfers out of each of those countries. Additionally, as a part of our efforts to implement innovative technology, data and analytic solutions, we may invest in and develop technologies such as AI, digital platforms, data analytics, robotics and blockchain. The technologies underlying such technological innovations and their use cases are rapidly developing, and remain subject to existing laws, including privacy, consumer protection and federal equal opportunity laws. As a result, it is not possible to predict all the legal, operational or technological risks related to the use of these technological innovations. Moreover, these technologies are the subject of evolving review by various regulatory agencies, including the SEC and the U.S. Federal Trade Commission, and changes in the regulation of the use these technological innovations may adversely affect our ability to use them in a manner that is cost- and resource-effective, the nature of which cannot be determined at this time. The evolving and potentially conflicting interpretations of these laws and regulations in the U.S and abroad, as well as laws applicable to the Company that are not named in these risk factors, may restrict the manner in which we provide services to our clients, divert resources from other important initiatives, increase the risk of non-compliance, impose significant compliance and other costs that are likely to increase over time, and increase the risk of fines, lawsuits or other potential liability, all of which could have a material adverse effect on our business and results of operations. Our failure to adhere to or successfully develop processes in response to legal or regulatory requirements, including legal or regulatory requirements that may be developed or revised due to economic or geopolitical changes such as Brexit, and changing customer expectations in this area, could result in substantial legal liability and impairment to our reputation or business. We are also subject to the terms of our privacy policies and contractual obligations to third parties related to privacy, data protection and information security. In addition to government regulation, privacy advocates and industry groups may propose new and different self-regulatory standards that either legally or contractually apply to us. We also expect that there will continue to be new proposed laws and regulations concerning privacy, data protection and information security, but cannot yet determine the impact such future laws, regulations and standards may have on our business. New laws, amendments to or re-interpretations of existing laws and regulations, industry standards, contractual obligations and other obligations may require us to incur additional costs and restrict our business operations. Because the interpretation and application of laws and other obligations relating to privacy and data protection are still uncertain, it is possible that these laws and other obligations may be interpreted and applied in a manner that is inconsistent with our existing data management practices. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices, which could harm our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all. Any inability to adequately address privacy concerns, even if unfounded, or comply with applicable privacy or data protection laws, regulations and policies, could result in additional cost and liability, damage to our reputation, or harm to our business.

We are subject to numerous laws and regulations in the U.S. and foreign jurisdictions, only certain of which are named here, designed to protect the personally identifiable information of client and company constituents and suppliers, notably the European Union’s General Data Protection Regulation (‘GDPR’), which became effective on May 25, 2018, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 and its implementing regulations (‘CCPA’), which became effective in its current form on January 1, 2023, the Virginia Consumer Data Protection Act (‘VCDPA’), which became effective on January 1, 2023 and Connecticut Data Privacy Act (‘CDPA’), which became effective on July 1, 2023. We are also subject to regulations from other countries that prohibit or restrict the transmission of data outside of such countries’ borders, and to various U.S. federal and state laws governing the protection of health, financial or other individually identifiable information. The GDPR, as well as other more recently enacted privacy laws, significantly increased our responsibilities when handling personal data including, without limitation, requiring us to conduct privacy impact assessments, restricting the transmission of data, and requiring public disclosure of significant data breaches. Violations of the GDPR may result in possible fines of up to 4% of global annual turnover for the preceding financial year or €20 million (whichever is higher). A July 2020 judgment by the Court of Justice of the European Union on Schrems II has made cross border data transfers to organizations outside the European Economic Area more onerous and uncertain. Further, as a result of the U.K.’s withdrawal from the European Union (‘Brexit’), the data transfer regime between the U.K. and the European Economic Area is subject to some uncertainty if the U.K.’s data strategy diverges from the E.U.’s in the coming years. The Company is also subject to numerous U.S. and foreign marketing and telecommunications laws and regulations designed to protect consumers from unwanted or fraudulent communications. A violation of any such law may lead to litigation or regulatory liability, including substantial financial damages or fines. Laws and regulations in this area are evolving and generally becoming more stringent, including, without limitation, the U.S. Health Insurance Portability and Accountability Act of 1996 (‘HIPAA’), enforced by the Office for Civil Rights within the Department of Health and Human Services, and the New York State Department of Financial Services’ cybersecurity regulations outlining required security measures for the protection of data. Certain U.S. states have also recently enacted laws requiring certain data security and privacy measures of regulated entities, notably the CCPA, VDCPA, and CDPA, with other states enacting similar data privacy laws that will become effective in the next 24 months. We expect that other U.S. states and other countries will follow in implementing 26 26 their own data privacy and data security laws. The People’s Republic of China and India, among other countries, have enacted stringent data protection laws that, among other things, may restrict data transfers out of each of those countries. Each of these evolving laws and regulations, in the United States and abroad, as well as laws applicable to the Company that are not named here, may be subject to evolving and conflicting interpretations, restrict the manner in which we provide services to our clients, divert resources from other important initiatives, increase the risk of non-compliance, impose significant compliance and other costs that are likely to increase over time, and increase the risk of fines, lawsuits or other potential liability, all of which could have a material adverse effect on our business and results of operations. Our failure to adhere to or successfully develop processes in response to legal or regulatory requirements, including legal or regulatory requirements that may be developed or revised due to economic or geopolitical changes such as Brexit, and changing customer expectations in this area, could result in substantial legal liability and impairment to our reputation or business. We are also subject to the terms of our privacy policies and contractual obligations to third parties related to privacy, data protection and information security. In addition to government regulation, privacy advocates and industry groups may propose new and different self-regulatory standards that either legally or contractually apply to us. We also expect that there will continue to be new proposed laws and regulations concerning privacy, data protection and information security, but cannot yet determine the impact such future laws, regulations and standards may have on our business. New laws, amendments to or re-interpretations of existing laws and regulations, industry standards, contractual obligations and other obligations may require us to incur additional costs and restrict our business operations. Because the interpretation and application of laws and other obligations relating to privacy and data protection are still uncertain, it is possible that these laws and other obligations may be interpreted and applied in a manner that is inconsistent with our existing data management practices. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices, which could harm our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all. Any inability to adequately address privacy concerns, even if unfounded, or comply with applicable privacy or data protection laws, regulations and policies, could result in additional cost and liability, damage to our reputation, or harm to our business.

Increasing focus on ESG matters has and will continue to result in the adoption of legal and regulatory requirements that may be designed to mitigate, among other things, the effects of climate change on the environment and ensure sustainable supply chains, which require additional disclosure and reporting. As a result of our global operations, we can be subject to conflicting regulatory requirements from which conflicts may be exacerbated in markets with anti-ESG regulations. If new laws or regulations are more stringent than or conflict with current legal or regulatory requirements, we may experience increased compliance burdens and costs to meet such obligations. In addition, our selection of voluntary disclosure frameworks and standards, and the interpretation or application of those frameworks and standards, may change from time to time or may not meet the expectations of investors or other stakeholders. From time to time we may set, change or withdraw commitments or goals relating to sustainability (i.e., our ESG efforts relating to our internal operations) or our membership or support for certain sustainability-related organizations or initiatives. Our ability to develop and achieve our sustainability commitments and goals are subject to numerous risks, many of which are outside of our control, such as: the availability and cost of low- or non-greenhouse gas-intensive energy sources; infrastructure and technologies; evolving regulatory requirements affecting sustainability standards or disclosures; the sustainability posture of others in our value 33 33 33 chain such as suppliers and other counterparties; and the availability and reliability of information upon which we determine our commitments, goals, and achievements. Our processes and controls for reporting sustainability matters across our operations are evolving along with standards for identifying, measuring and reporting sustainability metrics, including sustainability-related disclosures that may be required by the SEC, European and other regulators, and such standards may change over time, which could result in significant revisions to our current goals, reported progress in achieving such goals, or ability to achieve such goals on a timely basis or at all. Methodologies for reporting sustainability data may be updated and previously-reported sustainability data may be adjusted to reflect: improvement in availability, measurement or quality of data, changing assumptions and use of estimates, changes in the nature and scope of our operations and other changes in circumstances. As we work to prepare to comply with new and amended applicable legal and regulatory requirements, including European Sustainability Reporting Standards under the E.U. Corporate Sustainability Reporting Directive (‘CSRD’), the E.U. Corporate Sustainability Due Diligence Directive, California’s Health and Safety Code as amended by S.B. 219 and IFRS Sustainability Standards issued by the International Sustainability Standards Board that may become applicable to us in our global operations, as well as focus on our own sustainability assessments and priorities, we may disclose additional metrics against which we may measure ourselves or be measured and tracked by others over time. We cannot predict future legal, regulatory and other developments in these areas, and any changes to the regulatory framework or our disclosure obligations could also negatively impact our business and results.

Increasing focus on ESG matters has resulted in, and is expected to continue to result in, the adoption of legal and regulatory requirements designed to mitigate, among other things, the effects of climate change on the environment, which require additional disclosure and reporting. As a result of our global operations, the regulatory requirements are also sometimes conflicting. If new laws or regulations are more stringent than current legal or regulatory requirements, or conflict, we may experience increased compliance burdens and costs to meet such obligations. In addition, our selection of voluntary disclosure frameworks and standards, and the interpretation or application of those frameworks and standards, may change from time to time or may not meet the expectations of investors or other stakeholders. Our ability to achieve our ESG commitments is subject to numerous risks, many of which are outside of our control, such as the availability and cost of low- or non-greenhouse gas-intensive energy sources, infrastructure and technologies, evolving regulatory requirements affecting ESG standards or disclosures, and the ESG posture of others in our value chain such as suppliers and other counterparties. We may also face challenges in obtaining sufficient information on such parties when seeking to evaluate how such relationships impact our own position on ESG matters. Furthermore, if we determine it is in the Company’s interest to do so, we may decide that a commitment or goal, or membership or support for certain ESG-related organizations or initiatives, should change or be withdrawn. 33 33 Our processes and controls for reporting ESG matters across our operations are evolving along with standards for identifying, measuring and reporting ESG metrics, including ESG-related disclosures that may be required by the SEC, European and other regulators, and such standards may change over time, which could result in significant revisions to our current goals, reported progress in achieving such goals, or ability to achieve such goals in the future. Methodologies for reporting ESG data may be updated and previously-reported ESG data may be adjusted to reflect: improvement in availability or quality of data, changing assumptions, changes in the nature and scope of our operations and other changes in circumstances. As we work to align our reporting with the recommendations of the Financial Stability Board’s Task Force on Climate-related Financial Disclosures, the Sustainability Accounting Standards Board and other reporting frameworks, and comply with the adoption of and changes to applicable legal and regulatory requirements, including reporting obligations pursuant to the Corporate Sustainability Reporting Directive as well as focus on our own ESG assessments and priorities, we may disclose additional metrics against which we may measure ourselves or be measured and tracked by others over time. We cannot predict future legal, regulatory and other developments in these areas, and any changes to the regulatory framework or our disclosure obligations could also negatively impact our business and results.

•Our success largely depends on our ability to achieve our global business strategy as it evolves, and our results of operations and financial condition could suffer if the Company were unable to successfully establish and execute on its strategy and generate anticipated revenue growth and cost savings and efficiencies. Our success largely depends on our ability to achieve our global business strategy as it evolves, and our results of operations and financial condition could suffer if the Company were unable to successfully establish and execute on its strategy and generate anticipated revenue growth and cost savings and efficiencies. Our success largely depends on our ability to achieve our global business strategy as it evolves, and our results of operations and financial condition could suffer if the Company were unable to successfully establish and execute on its strategy and generate anticipated revenue growth and cost savings and efficiencies. •We may not be able to fully realize the anticipated benefits of our strategy or our expected product, service and transaction pipelines. We may not be able to fully realize the anticipated benefits of our strategy or our expected product, service and transaction pipelines. We may not be able to fully realize the anticipated benefits of our strategy or our expected product, service and transaction pipelines. •Our ability to successfully manage ongoing organizational changes could impact our business results and may involve significant or evolving costs and/or disruption to the management and/or operations of our business and generate fewer benefits than originally expected. Our ability to successfully manage ongoing organizational changes could impact our business results and may involve significant or evolving costs and/or disruption to the management and/or operations of our business and generate fewer benefits than originally expected. Our ability to successfully manage ongoing organizational changes could impact our business results and may involve significant or evolving costs and/or disruption to the management and/or operations of our business and generate fewer benefits than originally expected. •The growth and portfolio optimization elements of our strategy depend, in part, on our ability to execute strategic transactions, including both acquisitions and dispositions. We face risks when we acquire or divest businesses, and we could have difficulty in acquiring, integrating or managing acquired businesses, or with effecting internal reorganizations, all of which could harm our business, financial condition, results of operations and/or reputation. The growth and portfolio optimization elements of our strategy depend, in part, on our ability to execute strategic transactions, including both acquisitions and dispositions. We face risks when we acquire or divest businesses, and we could have difficulty in acquiring, integrating or managing acquired businesses, or with effecting internal reorganizations, all of which could harm our business, financial condition, results of operations and/or reputation. The growth and portfolio optimization elements of our strategy depend, in part, on our ability to execute strategic transactions, including both acquisitions and dispositions. We face risks when we acquire or divest businesses, and we could have difficulty in acquiring, integrating or managing acquired businesses, or with effecting internal reorganizations, all of which could harm our business, financial condition, results of operations and/or reputation. •The growth element of our strategy also depends, in part, on organic growth and our ability to develop and grow new and existing areas of our business. We face risks when we invest in new lines of business, products, services and platforms or other areas, which could harm our business, financial condition, results of operations and/or reputation. The growth element of our strategy also depends, in part, on organic growth and our ability to develop and grow new and existing areas of our business. We face risks when we invest in new lines of business, products, services and platforms or other areas, which could harm our business, financial condition, results of operations and/or reputation. The growth element of our strategy also depends, in part, on organic growth and our ability to develop and grow new and existing areas of our business. We face risks when we invest in new lines of business, products, services and platforms or other areas, which could harm our business, financial condition, results of operations and/or reputation. •Our business performance and growth plans could be negatively affected if we are not able to develop and implement improvements in technology and effectively apply technology, data and analytics to drive value for our clients through technology-based solutions or gain internal efficiencies through the effective application of technology, analytics and related tools. Our business performance and growth plans could be negatively affected if we are not able to develop and implement improvements in technology and effectively apply technology, data and analytics to drive value for our clients through technology-based solutions or gain internal efficiencies through the effective application of technology, analytics and related tools. Our business performance and growth plans could be negatively affected if we are not able to develop and implement improvements in technology and effectively apply technology, data and analytics to drive value for our clients through technology-based solutions or gain internal efficiencies through the effective application of technology, analytics and related tools.

•Our success largely depends on our ability to achieve our global business strategy as it evolves, and our results of operations and financial condition could suffer if the Company were unable to successfully establish and execute on its strategy and generate anticipated revenue growth and cost savings and efficiencies. Our success largely depends on our ability to achieve our global business strategy as it evolves, and our results of operations and financial condition could suffer if the Company were unable to successfully establish and execute on its strategy and generate anticipated revenue growth and cost savings and efficiencies. Our success largely depends on our ability to achieve our global business strategy as it evolves, and our results of operations and financial condition could suffer if the Company were unable to successfully establish and execute on its strategy and generate anticipated revenue growth and cost savings and efficiencies. •We may not be able to fully realize the anticipated benefits of our growth strategy or our expected product, service, and transaction pipelines. We may not be able to fully realize the anticipated benefits of our growth strategy or our expected product, service, and transaction pipelines. We may not be able to fully realize the anticipated benefits of our growth strategy or our expected product, service, and transaction pipelines. •Our ability to successfully manage ongoing organizational changes could impact our business results, where the level of costs and/or disruption may be significant and change over time, and the benefits may be less than we originally expect. Our ability to successfully manage ongoing organizational changes could impact our business results, where the level of costs and/or disruption may be significant and change over time, and the benefits may be less than we originally expect. Our ability to successfully manage ongoing organizational changes could impact our business results, where the level of costs and/or disruption may be significant and change over time, and the benefits may be less than we originally expect. •Our growth strategy depends, in part, on our ability to make acquisitions or grow our business organically. We face risks when we acquire or divest businesses, and we could have difficulty in acquiring, integrating or managing acquired businesses, or with effecting internal reorganizations, all of which could harm our business, financial condition, results of operations or reputation. Our growth strategy depends, in part, on our ability to make acquisitions or grow our business organically. We face risks when we acquire or divest businesses, and we could have difficulty in acquiring, integrating or managing acquired businesses, or with effecting internal reorganizations, all of which could harm our business, financial condition, results of operations or reputation. Our growth strategy depends, in part, on our ability to make acquisitions or grow our business organically. We face risks when we acquire or divest businesses, and we could have difficulty in acquiring, integrating or managing acquired businesses, or with effecting internal reorganizations, all of which could harm our business, financial condition, results of operations or reputation. •The sale of Willis Re to Gallagher, including transitional arrangements, creates incremental business, operational, regulatory and reputational risks. The sale of Willis Re to Gallagher, including transitional arrangements, creates incremental business, operational, regulatory and reputational risks. The sale of Willis Re to Gallagher, including transitional arrangements, creates incremental business, operational, regulatory and reputational risks. •Our business performance and growth plans could be negatively affected if we are not able to develop and implement improvements in technology and effectively apply technology, data and analytics to drive value for our clients through technology-based solutions or gain internal efficiencies through the effective application of technology, analytics and related tools. Our business performance and growth plans could be negatively affected if we are not able to develop and implement improvements in technology and effectively apply technology, data and analytics to drive value for our clients through technology-based solutions or gain internal efficiencies through the effective application of technology, analytics and related tools. Our business performance and growth plans could be negatively affected if we are not able to develop and implement improvements in technology and effectively apply technology, data and analytics to drive value for our clients through technology-based solutions or gain internal efficiencies through the effective application of technology, analytics and related tools.

Our growth depends in part on our ability to make acquisitions and execute other strategic transactions. We may not be successful in identifying appropriate candidates for acquisitions, dispositions, joint ventures or strategic investments, or consummating such transactions on terms acceptable or favorable to us. We also face additional risks related to acquisitions, including the ability to negotiate transactions on favorable terms, the ability to secure regulatory approval of transactions where required, the ability to successfully integrate them into our existing businesses and culture, and the potential that any acquired business could significantly underperform relative to our expectations. If we are unable to identify and successfully make, integrate and manage acquisitions, our business could be materially adversely affected. In addition, we face risks related to divesting businesses, including that we may not receive adequate consideration or any earnout proceeds in return for the divested business, we may continue to be subject to the liabilities of the divested business after its divestiture (including with respect to work we might have performed on behalf of the divested business), and we may not be able to reduce overhead or redeploy assets or retain colleagues after the divestiture closes. For example, we completed the divestiture of our then-reinsurance business to Gallagher in 2021 and our sale of the TRANZACT business in 2024, each of which gives rise to such risks, including: in the case of TRANZACT, the risk that such post-closing transition arrangements, which are complex, may impose greater-than-expected costs or liabilities, may give rise to errors in execution or may be distracting to our management; the risk that such a divestiture could cause disruption to our business or our relationships with clients, colleagues, correspondents, suppliers, regulators, competitors and other third parties; the risk that litigation associated with the transaction or with contingent liabilities we have retained, if any, may arise; and other risks detailed in this Annual Report on Form 10-K and in our other SEC filings. We also may not otherwise meet our operational or strategic expectations at all or on the anticipated timeline following the divestiture. Further, we cannot be certain that our acquisitions will be accretive to earnings or that our acquisitions or joint ventures will otherwise meet our operational or strategic expectations. Acquisitions and joint ventures, such as our recently-announced joint venture with Bain Capital, involve special risks, including the potential assumption of unanticipated liabilities and contingencies and difficulties in integrating acquired businesses or in achieving a successful joint venture. Acquired businesses or joint ventures may not achieve the levels of revenue, profit, or productivity we anticipate or otherwise perform as we expect. In addition, if the operating performance of an acquired business or joint venture deteriorates significantly or capital needs increase, we may need to make additional investments or write down the value of the goodwill and other acquisition-related intangible assets recorded on our consolidated balance sheet. With respect to any such acquisition transactions or joint ventures, we face risks related to the potential impacts of the transaction on relationships, including with clients, colleagues, correspondents, suppliers, regulators, competitors, and other third parties, as well as the risk related to contingent liabilities (including litigation) potentially creating material liabilities for the Company. The following risks, in addition to those described above, may also adversely affect our ability to successfully implement and integrate these acquisitions or to manage joint ventures: material changes in U.S. and foreign jurisdiction regulations (including those related to the healthcare system and insurance brokerage, pension advisory, and investment services); changes in general economic, business and political conditions in relevant markets, including changes in the financial markets; significant competition in the marketplace; the need to manage potential conflicts of interest; and compliance with extensive and evolving government regulations in the U.S. and in foreign jurisdictions. We may be unable to effectively integrate an acquired business into our organization and may not succeed in managing such acquired businesses or the larger company that results from such acquisitions. The process of integrating an acquired business may subject us to a number of risks, including, without limitation, an inability to retain the management, key personnel and other colleagues of the acquired business; an inability to establish uniform standards, controls, systems, procedures and policies or to achieve anticipated savings; and exposure to legal claims or regulatory censure for activities of the acquired business prior to acquisition. 19 19 19 If acquisitions or joint ventures are not successfully integrated or managed and the intended benefits of the acquisitions or joint ventures are not achieved, our business, financial condition and results of operations could be materially adversely affected, as well as our professional reputation. We also own interests in a number of associated companies and ventures where we do not exercise management control and we are therefore limited in our ability to direct or manage the business to realize the anticipated benefits that we could achieve if we had full ownership.

Our growth depends in part on our ability to make acquisitions and grow organically. We may not be successful in identifying appropriate acquisition and disposition candidates or consummating acquisitions on terms acceptable or favorable to us. We also face additional risks related to acquisitions, including the ability to negotiate transactions on favorable terms, the ability to secure regulatory approval of transactions where required, the ability to successfully integrate them into our existing businesses and culture, and the potential that any acquired business could significantly underperform relative to our expectations. In addition, we may not repurchase as many of our outstanding shares as anticipated due to our acquisition activity or investment opportunities, as well as other market or business conditions. If we are unable to identify and successfully make, integrate and manage acquisitions, our business could be materially adversely affected. In addition, we face risks related to divesting businesses, including that we may not receive adequate consideration in return for the divested business, we may continue to be subject to the liabilities of the divested business after its divestiture (including with respect to work we might have performed on behalf of the divested business), and we may not be able to reduce overhead or redeploy assets or retain colleagues after the divestiture closes. For example, we completed the divestiture of the Willis Re business to Gallagher in 2022 which gives rise to such risks including those risks associated with managing transition arrangements. In addition, we cannot be certain that our acquisitions will be accretive to earnings or that our acquisitions or divestitures will otherwise meet our operational or strategic expectations. Acquisitions involve special risks, including the potential assumption of unanticipated liabilities and contingencies and difficulties in integrating acquired businesses, and acquired businesses may not achieve the levels of revenue, profit, or productivity we anticipate or otherwise perform as we expect. In addition, if the operating performance of an acquired business deteriorates significantly, we may need to write down the value of the goodwill and other acquisition-related intangible assets recorded on our consolidated balance sheet. Beyond inorganic acquisition activity, we may further our organic growth strategy by entering into lines of business or by offering new products and services within existing lines of business. These lines of business, products and services present us with additional risks, particularly in instances where the markets are heavily regulated, meaningfully competitive with high bars to entry, or new or not fully developed. Such risks include the investment of significant time and resources; the possibility that these efforts will not be successful and could result in reputational damage to us; the possibility that the marketplace does not accept our products or services or that we are unable to retain clients that adopt our new products or services; and the risk of new or additional liabilities associated with these efforts, including potential E&O or other claims. In addition, many of the businesses that we acquire and develop will likely have significantly smaller scales of operations prior to the implementation of our growth strategy. External factors, such as compliance with new or revised regulations, competitive alternatives and shifting market preferences may also impact the successful implementation of a line of business, product or service. We may be unable to effectively integrate an acquired business into our organization and may not succeed in managing such acquired businesses or the larger company that results from such acquisitions. The process of integrating an acquired business may subject us to a number of risks, including, without limitation, an inability to retain the management, key personnel and other colleagues of the acquired business; an inability to establish uniform standards, controls, systems, procedures and policies or to achieve anticipated savings; and exposure to legal claims or regulatory censure for activities of the acquired business prior to acquisition. With respect to any such acquisition transactions, we face the risk related to the potential impacts of the transaction and integration on relationships, including with colleagues, correspondents, suppliers, clients and competitors, as well as the risk related to contingent liabilities (including litigation) potentially creating material liabilities for the Company. The following risks, in addition to those described above, may also adversely affect our ability to successfully implement and integrate these acquisitions: material changes in U.S. and foreign jurisdiction regulations (including those related to the healthcare system and Medicare and insurance brokerage, pension advisory, and investment services); changes in general economic, business and political conditions in relevant markets, including changes in the financial markets; significant competition in the marketplace; and compliance with extensive and evolving government regulations in the U.S. and in foreign jurisdictions. 19 19 If acquisitions or entry into businesses, products or services are not successfully integrated and the intended benefits of the acquisitions or business developments are not achieved, our business, financial condition and results of operations could be materially adversely affected, as well as our professional reputation. We also own an interest in a number of associates and companies where we do not exercise management control and we are therefore limited in our ability to direct or manage the business to realize the anticipated benefits that we could achieve if we had full ownership.

A material portion of our revenue is affected by statutory or regulatory changes. Some examples of statutory or regulatory changes that could materially impact us are any changes to the U.S. Patient Protection and Affordable Care Act (‘PPACA’), the Healthcare and Education Reconciliation Act of 2010 (‘HCERA’), which we refer to collectively as ‘Healthcare Reform’, or to the Medicare laws and regulations. While the U.S. Congress has not passed legislation replacing or fundamentally amending Healthcare Reform (other than changes to the individual mandate), such legislation, or another version of Healthcare Reform, could be implemented in the future. In addition, some U.S. political candidates and representatives elected to office have expressed a desire to amend all or a portion of Healthcare Reform or otherwise establish alternatives to employer-sponsored health insurance or replace it with government-sponsored health insurance, often referred to as ‘Medicare for All’. If we are unable to adapt our services to potential new laws and regulations, or judicial modifications, with respect to Healthcare Reform or otherwise, our ability to provide effective services in these areas may be impacted. In addition, more restrictive marketing rules or interpretations of the Centers for Medicare and Medicaid Services, or judicial decisions that restrict or otherwise change existing provisions of U.S. healthcare regulation, could have an adverse impact on our healthcare-related businesses. In addition, on April 23, 2024, the United States Department of Labor (‘DOL’) released a final rule (the ‘Retirement Security Rule’) that, among other things, expands the definition of an investment advice fiduciary under the Employee Retirement Income Security Act (‘ERISA’) and broadens the scope of advice that must meet fiduciary standards. As we continue to review the Retirement Security Rule, uncertainty exists regarding the Retirement Security Rule’s impact on one or more of our businesses, the conduct of which may become subject to fiduciary standards. Industry trade groups brought legal challenges to the Retirement Security Rule and, in late July 2024, two federal district courts issued stays halting the implementation of the entirety of the Retirement Security Rule until further notice. The DOL has appealed these decisions to the United States Court of Appeals for the Fifth Circuit. Many other areas in which we provide services are the subject of government regulation, which is constantly evolving. For example, our activities in connection with insurance brokerage services are subject to regulation and supervision by national, state or other authorities. Insurance laws in the markets in which we operate are often complex and generally grant broad discretion to supervisory authorities in adopting regulations and supervising regulated activities. That supervision generally includes the licensing of insurance brokers and agents and the regulation of the handling and investment of client funds held in a fiduciary capacity. Our continuing ability to provide insurance brokerage in the markets in which we currently operate is dependent upon our compliance with the rules and regulations promulgated from time to time by the regulatory authorities in each of these locations. Changes in government and accounting regulations in the U.S. and the U.K., two of our principal geographic markets, affecting the value, use or delivery of benefits and human capital programs, may materially adversely affect the demand for, or the profitability of, our various services. In addition, we have significant operations throughout the world, which further subject us to applicable laws and 31 31 31 regulations of countries outside the U.S. and the U.K. Changes in legislation or regulations and actions by regulators in particular countries, including changes in administration and enforcement policies, could require operational improvements or modifications, which may result in higher costs or hinder our ability to operate our business in those countries. Given the uncertainties relating to legal, statutory and regulatory changes that affect health insurance plans across the globe, the impact is difficult to determine, but it could have material negative effects on us, including: •increasing our competition; increasing our competition; •reducing or eliminating the need for health insurance agents and brokers or demand for the health insurance that we sell; reducing or eliminating the need for health insurance agents and brokers or demand for the health insurance that we sell; •decreasing the number of types of health insurance plans that we sell, as well as the number of insurance carriers offering such plans; decreasing the number of types of health insurance plans that we sell, as well as the number of insurance carriers offering such plans; •causing insurance carriers to change the benefits and/or premiums for the plans they sell; or causing insurance carriers to change the benefits and/or premiums for the plans they sell; or •causing insurance carriers to reduce the amount they pay for our services or change our relationship with them in other ways. causing insurance carriers to reduce the amount they pay for our services or change our relationship with them in other ways. Any of these effects could materially harm our business and results of operations. And, if such legal, statutory or regulatory changes do occur, or if insurance carriers decide to limit our ability to sell their plans or determine not to sell individual health insurance plans altogether, our business, results of operations and financial condition would be materially harmed.

A material portion of our revenue is affected by statutory or regulatory changes. An example of a statutory or regulatory change that could materially impact us is any change to the U.S. Patient Protection and Affordable Care Act (‘PPACA’), and the Healthcare and Education Reconciliation Act of 2010 (‘HCERA’), which we refer to collectively as ‘Healthcare Reform’. While the U.S. Congress has not passed legislation replacing or fundamentally amending Healthcare Reform (other than changes to the individual mandate), such legislation, or another version of Healthcare Reform, could be implemented in the future. In addition, some U.S. political candidates and representatives elected to office have expressed a desire to amend all or a portion of Healthcare Reform or otherwise establish alternatives to employer-sponsored health insurance or replace it with government-sponsored health insurance, often referred 30 30 to as ‘Medicare for All’. If we are unable to adapt our services to potential new laws and regulations, or judicial modifications, with respect to Healthcare Reform or otherwise, our ability to provide effective services in these areas may be substantially impacted. In addition, more restrictive marketing rules or interpretations of the Centers for Medicare and Medicaid Services, or judicial decisions that restrict or otherwise change existing provisions of U.S. healthcare regulation, could have a material adverse impact on our healthcare-related businesses. In addition, as we implement and expand our direct-to-consumer sales and marketing solutions, we are subject to various federal and state laws and regulations that prescribe when and how we may market to consumers (including, without limitation, the Telephone Consumer Protection Act and other telemarketing laws and the Medicare Communications and Marketing Guidelines issued by the Center for Medicare Services (‘CMS’) of the U.S. Department of Health and Human Service). Federal and state legislators and/or regulators recently have expressed concerns about existing methods of marketing individual health policies, particularly Medicare Advantage and Medicare Supplement policies, and have held hearings and sought information from us and from competitors. In addition, CMS has recently expanded its regulation and oversight of the marketing of Medicare Advantage policies. Changes to these laws and/or regulations, or increased scrutiny or enforcement by regulators, could negatively affect our ability to market directly to consumers or increase our costs or liabilities. In particular, CMS recently issued a proposed rule for Contract Year 2025 for the Medicare Advantage and Medicare Prescription Drug programs that modifies the agent, broker and other third-party requirements. Among other things, the proposed rule seeks to limit the administrative fees that agents and brokers may receive in relation to the initial enrollment and renewals of Medicare Advantage and Medicare Prescription Drug policies. Substantial uncertainty remains regarding the interpretation and implementation of the proposed rule, but the proposed rule has the potential to materially and negatively affect the amount of revenue that our Medicare insurance business may receive. In addition, the United States Department of Labor (‘DOL’) recently released a proposed rule defining who is an investment advice fiduciary rule (‘Proposed DOL Fiduciary Rule’) under the Employee Retirement Income Security Act (‘ERISA’). Substantial uncertainty exists regarding this proposed rule as well, but the proposed rule may have a material and potentially negative impact on one or more of our businesses. For example, if the current Proposed DOL Fiduciary Rule were implemented without change, our Health Savings Accounts business may need to be restructured before it could continue to receive certain compensation for its services. Many other areas in which we provide services are the subject of government regulation, which is constantly evolving. For example, our activities in connection with insurance brokerage services are subject to regulation and supervision by national, state or other authorities. Insurance laws in the markets in which we operate are often complex and generally grant broad discretion to supervisory authorities in adopting regulations and supervising regulated activities. That supervision generally includes the licensing of insurance brokers and agents and the regulation of the handling and investment of client funds held in a fiduciary capacity. Our continuing ability to provide insurance brokerage in the markets in which we currently operate is dependent upon our compliance with the rules and regulations promulgated from time to time by the regulatory authorities in each of these locations. Changes in government and accounting regulations in the U.S. and the U.K., two of our principal geographic markets, affecting the value, use or delivery of benefits and human capital programs, may materially adversely affect the demand for, or the profitability of, our various services. In addition, we have significant operations throughout the world, which further subject us to applicable laws and regulations of countries outside the U.S. and the U.K. Changes in legislation or regulations and actions by regulators in particular countries, including changes in administration and enforcement policies, could require operational improvements or modifications, which may result in higher costs or hinder our ability to operate our business in those countries.

There is increased and sometimes conflicting focus, including from governments, non-governmental organizations, investors, colleagues and clients, on sustainability matters such as environmental stewardship, climate change, inclusion and diversity, racial justice and workplace conduct. Negative public perception, adverse publicity or negative comments in social media and other forums could damage our reputation if we do not, or are not perceived to, adequately or appropriately address any one or more of these issues. Any harm to our reputation relating to sustainability matters could impact colleague engagement and retention and the willingness of clients and others to do business with us. In addition, with anti-ESG regulations and sentiment present in some of our markets, we could experience reduced revenue and reputational harm if we are targeted by government actors, private groups or influential individuals who disagree with our public positions on social or environmental issues, including our membership or commitments to sustainability-related organizations or initiatives. Similarly, we could become the target of litigation or investigations initiated by government authorities or private actors alleging that our sustainability-related activities are anti-competitive, discriminatory or otherwise unlawful. Disclosures around our sustainability-related activities combined with increased demand for and scrutiny of sustainability-related strategies and advice may increase the risk that we could be perceived as, or accused of, making inaccurate or misleading statements, commonly referred to as ‘greenwashing,’ or that we have otherwise violated regulations. We may also face heightened scrutiny if we provide advice to our clients on or otherwise advocate in favor of particular sustainability strategies but do not implement them within our own business. Such perceptions or accusations could damage our reputation, result in litigation or regulatory enforcement actions and adversely affect our business. Investors, in particular, have increased their emphasis on the sustainability practices of companies across all industries, including with respect to climate and human capital management. Certain investors have developed their own sustainability ratings while others use third-party benchmarks or scores to measure a company’s sustainability practices and make investment decisions or otherwise engage with the company to influence its practices in these areas. Additionally, our clients may evaluate our sustainability practices and/or request that we adopt certain sustainability-related policies in order to work with us. Also, organizations that provide ratings information to certain investors on sustainability-related matters may assign unfavorable ratings to the Company, which may lead to negative investor sentiment and the diversion of investment capital to other companies or industries, which could have a negative impact on the price of our ordinary shares and our costs of capital. New government regulations could also result in new or more stringent forms of sustainability oversight and new mandatory and voluntary reporting, diligence and disclosure and related assurance. These new laws, rules and regulations could affect our operations or require significant expenditures. As the nature, scope, and complexity of sustainability reporting, diligence and disclosure requirements expand, we may have to undertake additional costs to control, assess and report on sustainability metrics. Any failure or perceived failure, whether valid or not, to meet expectations or metrics, whether such expectations or metrics are set by us or by investors or other stakeholders, or to any other failure to make progress in this area on a timely basis, or at all, could negatively impact our reputation and our business. Finally, in addition to the management, reporting, diligence and disclosure obligations governing our ESG practices, we are exposed to the business, operational and financial risks arising out of natural disasters, many of which could be exacerbated by climate change. See the Risk Factor under the heading ‘Macroeconomic trends, including inflation, changes in interest rates and trade policies, as well as political events, trade and other international disputes, war, terrorism, natural disasters, public health issues and other business interruptions, can adversely affect our business, results of operations or financial condition’ for more information. 34 34 34

There is increased and sometimes conflicting focus, including from governments, non-governmental organizations, investors, colleagues and clients, on ESG issues such as environmental stewardship, climate change, diversity and inclusion, racial justice and workplace conduct. Negative public perception, adverse publicity or negative comments in social media and other forums could damage our reputation if we do not, or are not perceived to, adequately or appropriately address any one or more of these issues. Any harm to our reputation could impact colleague engagement and retention and the willingness of clients and others to do business with us. Investors, in particular, have increased their emphasis on the ESG practices of companies across all industries, including with respect to climate and human capital management. Certain investors have developed their own ESG ratings while others use third-party benchmarks or scores to measure a company’s ESG practices and make investment decisions or otherwise engage with the company to influence its practices in these areas. Additionally, our clients may evaluate our ESG practices and/or request that we adopt certain ESG policies in order to work with us. Also, organizations that provide ratings information to certain investors on ESG matters may assign unfavorable ratings to the Company, which may lead to negative investor sentiment and the diversion of investment capital to other companies or industries, which could have a negative impact on the price of our ordinary shares and our costs of capital. New government regulations could also result in new or more stringent forms of ESG oversight and new mandatory and voluntary reporting, diligence and disclosure. These new laws, rules and regulations of our business could affect our operations or require significant expenditures. Our failure to meet expectations or metrics, whether expectations or metrics set by us or by investors or other stakeholders, or to any other failure to make progress in this area on a timely basis, or at all, could negatively impact our reputation and our business.

We have in the past few years undergone several significant business and organizational changes, including the conclusion of our multi-year operational Transformation program at the end of fiscal year 2024 and the implementation of a new management and organizational structure, and have other planned or future initiatives aimed at transforming and updating our systems and processes 18 18 18 and gaining efficiencies. These initiatives may have adverse impacts on the business or different results than intended. In connection with these future changes, we will manage a number of large-scale and complex projects in furtherance of our strategic objectives, which may include multiple and connected phases dependent on factors that are outside of our control. As a result, we cannot guarantee the success of these projects or initiatives, individually or collectively. Effectively managing these organizational changes (including ensuring that they are implemented on schedule, within budget and without interruption to the existing business, or that transitions to new systems do not create significant control vulnerabilities during the period of transition) is critical to retaining talent, servicing clients and enhancing our business success overall. We may have difficulty attracting, training and retaining the talent that we need to successfully manage these changes. Further, many of the risks described herein increase during periods of significant organizational change and transformation. The failure to effectively manage such risks could adversely impact our resources or our business or financial results.

We have in the past few years undergone several significant business and organizational changes, including multi-year operational transformation programs and a new management and organizational structure, among others. There are also a number of other initiatives planned or ongoing to transform and update our systems and processes and gain efficiencies. In addition, our strategy continues to evolve, and such evolution may result in further organizational changes or more or different investments than we currently anticipate. In connection with all these changes, we may manage a number of large-scale and complex projects. Such projects may include multiple and connected phases, many of which may be dependent on factors that are outside of our control. While we plan to undertake these types of large, complex projects based on our determination that each is necessary or desirable for 18 18 the execution of the Company’s business strategy, we cannot guarantee that the collective effect of all of these projects will not adversely impact our business or results of operations or that the benefits will be as we originally expected. Effectively managing these organizational changes (including ensuring that they are implemented on schedule, within budget and without interruption to the existing business, or that transitions to new systems do not create significant control vulnerabilities during the period of transition) is critical to retaining talent, servicing clients and our business success overall. We may have difficulty attracting, training, and retaining the talent that we need to successfully manage this change. Further, many of the risks described herein increase during periods of significant organizational change and transformation. The failure to effectively manage such risks could adversely impact our resources or business or financial results.