Northern Trust Company Global Risk Management Federal Reserve Bank - Chicago and DePaul University Risk Conference April 2009 Joyce St. Clair Executive Vice President Global Head of Corporate Risk Management

Risk Culture at Northern Trust Northern Trust believes that inherent risks must be managed as close to the source of risk as possible, with the support of risk management specialists and oversight by Corporate Management, Senior Management and the Board of Directors Board Review Committees Approves policies, risk appetites and tolerances Corporate Oversight Entities Develops and approves policies, risk appetites and tolerances Business Risk Management Units Provides regular reporting on key indicators and current initiatives Joyce St. Clair Management At The Source Of Risk Provides daily, weekly, and monthly risk reporting; escalates emerging risks Discussion of Emerging Risk Topics (at all levels)

Comprehensive Approach for Managing Risk - Example

Global Risk Management Governance Structure Board of Directors Business Strategy Committee Business Risk Committee Audit Committee Board Executive Policy G L O B A L E N T E R P R I S E R I S K C O M M I T T E E Management Implementation Asset / Liability Committee Credit Policy Committee Operational Risk Committee Regional Risk Committees Fiduciary Risk Committee Compliance Oversight Committee Country/Legal Entity Risk Committees Market & Liquidity Risk Council Additional Credit Risk Committees Additional Fiduciary Risk Committees Additional Operational Risk Committees Additional Compliance Risk Committees BU Risk Committees Risk policies, appetites/tolerances, reporting and emerging issues flow from various risk committees through to the Board of Directors

Current Challenges Evolving requirements and increased oversight from regulators and the U.S. Treasury (TARP) Ensuring Northern Trust is Basel II complaint while not jeopardizing existing capital adequacy management Managing expenses under volatile market conditions while evolving risk management capabilities Continuing focus on challenging credit environment

Changes to Address Current Economic/Political Climate Monitor developing situations Alert and mobilize resources to respond to occurring events Plan for events by developing scenarios and testing effectiveness Institutionalize and globalize the Incident Management Process Exec. Mgt. meets weekly to discuss emerging risk issues Board spending more time in interactive discussions, less time on prepared presentations Greater focus on emerging issues More attention on scenario analysis and stress-testing to determine capital adequacy Greater focus on: Broad-based capital assessments Deeper analysis on individual risk categories Use-test validation