MCAN Mortgage : Audit Commitee Mandate

AUDIT COMMITTEE MANDATE

Role

The primary purpose of the Audit Committee (the "Committee") is to assist the Board in its oversight role with respect to:

1. the effectiveness of MCAN's internal controls environment, including over business processes and financial reporting;
2. the quality and integrity of MCAN's financial information;
3. MCAN's compliance with legal and regulatory requirements pertaining to financial disclosure;
4. the meeting of MCAN's reporting issuer obligations;
5. the independent auditor's performance, qualifications and independence; and
6. the performance of MCAN's Finance, Internal Audit and Information Technology functions.

Composition and Operations

1. The Committee shall consist of at least three directors appointed annually by the Board.
2. No member of the Committee shall be an officer or employee of MCAN, its subsidiaries or affiliates. All members of the Committee shall be independent. A majority of the members of the Committee will not be affiliated with MCAN as such term is defined in the Trust and Loan Companies Act (Canada).
3. Each member of the Committee shall satisfy the applicable independence, proficiency and experience requirements of the laws, regulations and guidelines governing MCAN, the applicable stock exchange(s) on which MCAN's securities are listed, applicable securities regulatory authorities and MCAN's Director Independence Policy.
4. The Board shall appoint one member of the Committee as the Committee Chair.
5. Each member of the Committee shall be financially literate as such qualification is defined by applicable laws, regulations and guidelines and interpreted by the Board in its business judgement.
6. The Committee shall meet at least quarterly and as many additional times as necessary. The Committee shall report to the Board on its activities after each of its meetings.

2

7. The Committee strives for consensus, but the affirmative vote of a majority of the members of the Committee participating in any meeting of the Committee is necessary for the adoption of any resolution.

Specific Duties

Oversight of the Independent Auditor

1. Recommend to the Board the appointment, reappointment or removal of the independent auditor for the purpose of preparing or issuing an auditor's report or performing other audit, review or attestation services for MCAN, subject to required shareholder approval.
2. Review and discuss with management and the independent auditor, prior to the annual audit, the scope, planning, materiality and staffing of the annual audit. Satisfy itself that the audit plan is risk-based and addresses all of the relevant activities over a measurable cycle, that the work of the independent auditor and the internal auditor is coordinated and recommend to the Board the engagement letter.
3. Review, approve and recommend to the Board the compensation of the independent auditor and ensure that the audit fee is not affected by inappropriate levels of materiality, inappropriate scope limitations or inappropriate consideration of the significant audit risks.
4. Provide oversight of the work of the independent auditor engaged for the purpose of preparing or issuing an auditor's report or performing other audit, review or attestation services (including resolution of disagreements between management and the independent auditor regarding financial reporting). Ensure that the independent auditor reports directly to the Committee.
5. Pre-approveall audit services and permitted non-audit services (including the fees, terms and conditions for the performance of such services) to be provided by the independent auditor.
6. When appropriate, the Committee may delegate to the CFO and the Chair of the Committee the authority to grant pre-approvals of audit and permitted non-audit services, provided that such authorization does not exceed $100,000 for the CFO and an additional $100,000 for the Chair of the Committee in a calendar year, for a total aggregate pre-approval authority of $200,000 during a calendar year, and the full Committee shall be informed of such pre-approvals at its next scheduled meeting.
7. Evaluate the qualifications, performance and independence of the independent auditor, including:
8. 1. reviewing and evaluating the lead partner on the independent auditor's engagement with MCAN;

3

1. 1. 1. reviewing and evaluating the structure and governance of the independent audit firm;
      2. considering whether the independent auditor's quality controls are adequate and address the most recent and relevant CPAB Big Four inspection findings;
      3. reviewing and evaluating the independent audit firm's procedures to ensure that it is aware of regulatory requirements affecting MCAN that could impact the auditor's work;
      4. considering whether the provision of permitted non-audit services is compatible with maintaining the independent auditor's independence;
   2. reviewing with the independent auditor its annual independence letter and, in the event that the independent auditor has not changed for many years, considering the possibility of familiarity or self-interest bias;
   3. addressing any concerns raised by regulatory authorities or other stakeholders regarding the independent auditor's independence; and
   4. considering the overall effectiveness of the annual audit.
2. At least annually, complete an assessment of the overall quality of the independent auditor, including obtaining and reviewing a report from the independent auditor regarding:
3. 1. the independent auditor's internal quality-control procedures;
   2. any material issues raised by the most recent internal quality-control review, or peer review, of the independent auditor, or by any inquiry or investigation by governmental or professional authorities within the preceding five years respecting one or more independent audits carried out by the independent auditor;
   3. any steps taken to deal with any such issues; and
   4. all relationships between the independent auditor and MCAN.
4. No less frequently than every five years, complete a comprehensive review of the independent auditor using the guidance tool issued by CPA Canada.
5. Present the Committee's conclusions with respect to the independent auditor to the Board and, if so determined by the Committee, recommend that the Board take additional action to satisfy itself of the qualifications, performance and independence of the independent auditor.

4

1. Review with management annually the process for tendering the external audit.
2. Ensure that the independent auditor delivers all communications proposed in its annual audit plan as well as all communications to the Audit Committee as required by Canadian Generally Accepted Auditing Standards.
3. Ensure the rotation of the lead audit partner having primary responsibility for the audit as required by applicable laws, regulations, guidelines or professional standards.
4. Review and approve hiring policies regarding partners and employees or former partners and employees of the present and former independent auditor.
5. Establish and maintain free and open communication with the independent auditor, including meeting separately with the independent auditor to assess the adequacy and effectiveness of MCAN's internal control systems, and report to the Board on the effectiveness of the independent audit process.
6. Review and discuss with management at least annually the risk of the independent auditor withdrawing from the audit and contingency plans related thereto.

Financial Reporting

1. Review and discuss with management and the independent auditor the annual audited financial statements, including any climate-related financial disclosure, the independent auditor's report thereon, any changes to the audit scope or strategy, and any other returns or transactions required to be reviewed by the Committee and report to the Board prior to approval by the Board and publication of earnings.
2. Review and discuss with management MCAN's quarterly financial statements, including any climate-related financial disclosure, prior to approval by the Board and publication of earnings.
3. Review and discuss with management and the independent auditor, as appropriate, the annual and quarterly disclosures made in management's discussion and analysis, including any climate-related financial disclosure, prior to approval by the Board and publication.
4. Review such returns as the Office of the Superintendent of Financial Institutions may specify.
5. Discuss with management no less frequently than annually the procedures taken by management with respect to the design, implementation and operating effectiveness of the overall internal control environment including internal controls over financial reporting and for the prevention and detection of fraud and error.
6. Review, evaluate and approve the procedures established under item 21.

5

1. Review such investments and transactions that could adversely affect MCAN's well- being as the independent auditor or any officer of MCAN may bring to the attention of the Committee.
2. At least annually, review and discuss with management and the independent auditor significant financial reporting issues and judgements made in connection with the preparation of MCAN's financial statements, including:
3. 1. key areas of risk for material misstatement of the financial statements, including critical accounting estimates or areas of measurement uncertainty;
   2. whether the independent auditor considers estimates to be within an acceptable range and the rationale for the final valuation decision and whether it is consistent with industry practice;
   3. any significant changes in MCAN's selection or application of accounting principles and practices suggested by the independent auditor, internal audit personnel or management and assess whether MCAN's accounting practices are appropriate;
   4. any major issues as to the adequacy and effectiveness of MCAN's internal controls; and
   5. any special steps adopted in light of material control deficiencies.
4. At least annually, review and discuss with management and the independent auditor the findings of the independent auditor's work in completing the annual audit, including:
5. 1. critical accounting policies and practices to be used;
   2. the independent auditor's view on significant matters that arose during the audit, including any issues that involved significant judgements and/or estimates;
   3. alternative treatments of financial information within generally accepted accounting principles that have been discussed with management, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the independent auditor;
   4. any significant difficulties encountered by the independent auditor over the course of the audit;
   5. the nature and levels of misstatements identified during the audit;
   6. any issues or concerns of the independent auditor related to undertakings given by management in its letter of representation;

6

1. 1. any findings or recommendations of the independent auditor related to deficiencies in MCAN's internal controls over financial reporting; and
   2. other material written communications between the independent auditor and management, such as any management letter.
2. At least annually, review and discuss with management and the independent auditor the effect of regulatory and accounting initiatives as well as off-balance sheet structures on MCAN's financial statements.
3. Periodically review and recommend to the Board the Disclosure Policy, which governs the release of information about MCAN and requires timely, accurate and fair disclosure of such information in compliance with all legal and regulatory requirements.
4. Review all financial public disclosure documents, including information contained in earnings press releases, Investor Presentations, Annual Information Forms, Annual Reports and Management Information Circulars prior to approval by the Board.
5. Review and discuss with the CEO and the CFO the procedures undertaken in connection with the CEO and CFO certifications for the annual and interim filings with applicable securities regulatory authorities.
6. Review disclosures made by the CEO and CFO arising from their certification process for the annual and interim filing with applicable securities regulatory authorities about any significant deficiencies or material weaknesses in the design or operation of internal controls which could adversely affect MCAN's ability to record, process, summarize and report financial data, and any fraud involving management or other employees who have a significant role in MCAN's internal controls.
7. At least quarterly, discuss with management any legal matters that may have a material impact on the financial statements, operations and assets of MCAN and any material reports or inquiries received by MCAN or any of its subsidiaries from regulators or governmental agencies with respect to financial statements.

Oversight of the Finance Function

1. Together with the Conduct Review, Corporate Governance & Human Resources Committee, ensure an annual review of the mandate of the Chief Financial Officer.
2. At least annually, review the budget, structure and resources of the Finance function, prior to approval by the Board.
3. Together with the Conduct Review, Corporate Governance & Human Resources Committee, ensure an annual performance evaluation of the Chief Financial Officer

7

and assess the effectiveness of the Chief Financial Officer and the Finance function and report to the Board thereon.

1. Review the results of periodic independent reviews of the Finance function, including Treasury, Securitization and Term Deposits.
2. At least quarterly, meet separately with the Chief Financial Officer to assess the adequacy and effectiveness of the internal control systems and to obtain reasonable assurance that the controls are effective and report to the Board thereon.

Oversight of the Internal Audit Function

1. Together with the Conduct Review, Corporate Governance & Human Resources Committee, ensure an annual review of the mandate of the Chief Audit Officer.
2. Together with the Conduct Review, Corporate Governance & Human Resources Committee, approve decisions regarding the appointment and removal of the Chief Audit Officer.
3. At least annually, review the independence, budget, structure and resources of the Internal Audit function, prior to approval by the Board.
4. At least annually, review and approve the Internal Audit Charter, prior to approval by the Board.
5. Review and approve the annual internal audit plan, including any significant changes to the audit plan, and, as part of the review, satisfy itself that the audit plan is risk- based and addresses all relevant activities over a measurable cycle, prior to approval by the Board.
6. Review the scope of the audits to be performed by the Internal Audit function and the degree of co-ordination between the plans of the internal, other assurance providers and independent auditor.
7. Review and provide feedback on the individual audit reports compiled by the Internal Audit function communicating engagement results, applicable conclusions and recommendations.
8. Confirm that outstanding internal control matters as cited by the Office of the Superintendent of Financial Institutions or other regulatory agencies are adequately addressed in the scope of audits on a timely basis.
9. Review the quarterly reports of the Chief Audit Officer on internal audit activities, including audit findings, recommendations, progress in meeting the annual audit plan, any changes to the plan and key performance indicators.
10. Review the results of periodic independent reviews of the Internal Audit function.

8

1. Together with the Conduct Review, Corporate Governance & Human Resources Committee, ensure an annual performance evaluation of the Chief Audit Officer and assess the effectiveness of the Chief Audit Officer and the Internal Audit function and report to the Board thereon.
2. At least quarterly, meet separately with the Chief Audit Officer to assess the adequacy and effectiveness of the internal control systems and to obtain reasonable assurance that the controls are effective and report to the Board thereon.

Oversight of the Information Technology ("IT") Function

1. Review the development of plans and direction of IT initiatives and the effectiveness of IT solutions and services in meeting stakeholder needs and expectations.
2. Review the processes for identification and mitigation of IT risks, including cyber risk (including how they apply to relations with third-party service providers), and for compliance with all legal and regulatory requirements relative to the security of any IT-related assets including data and protection of private information.
3. At least annually, review the strategy, budget, structure and resources of the IT function prior to approval by the Board.
4. Annually review and recommend to the Board the Enterprise Cyber Security Framework and Information Security Policy at MCAN.
5. Review the results and remediation progress of periodic independent reviews of the IT function.
6. Meet at least quarterly with the Vice President, Information Technology to review practices for managing IT operations and cyber risk, and reports on data breaches related to cybersecurity.

Other

1. Annually review and recommend to the Board the Whistleblowing Policy.
2. Establish procedures for the receipt, retention and treatment of complaints received by MCAN regarding accounting, internal accounting controls, or auditing matters, and the confidential anonymous submission by employees of concerns regarding questionable accounting or auditing matters, and the potential retaliation against employees who raise complaints or concerns as contemplated in the Whistleblowing Policy.
3. Periodically review and recommend to the Board the Allowance Policy.
4. Annually review and recommend to the Board the Signing Authorities for MCAN.

9

1. Review quarterly expected credit loss ("ECL") allowances. Approve all new ECL allowances for Stage 3 loans in excess of $500,000 and ECL allowance reversals at a threshold of $100,000 per loan.
2. Review and recommend to the Board any banking facilities and other financing facilities as MCAN may, from time to time, require.
3. Review correspondence with Canadian securities regulators and administrators.
4. At the discretion of the Committee, retain, oversee, compensate and terminate independent advisors to assist the Committee in its activities.
5. Together with the Conduct Review, Corporate Governance & Human Resources Committee, ensure an annual review of the Committee mandate.
6. Carry out any other appropriate duties and responsibilities as assigned by the Board.

Approved: December 2023