diff --git a/ee/app/models/ee/merge_request.rb b/ee/app/models/ee/merge_request.rb
index f869fc80f965f1328b0e17f34145df20d2ab012a..50631ce79a5b1c607fa4cee017e9230ee0bb7495 100644
--- a/ee/app/models/ee/merge_request.rb
+++ b/ee/app/models/ee/merge_request.rb
@@ -171,7 +171,7 @@ def policies_overriding_approval_settings
 
         if security_policies_through_violations.any?
           security_policies_through_violations
-            .select { |policy| policy.content['approval_settings'].compact_blank.present? }
+            .select { |policy| policy.content['approval_settings']&.compact_blank.present? }
             .index_with { |policy| policy.content['approval_settings'].compact_blank.symbolize_keys }
         else
           # TODO: Temporary code path without policy details
diff --git a/ee/spec/models/merge_request_spec.rb b/ee/spec/models/merge_request_spec.rb
index e8f362705f7c4ebffce9dd39744583993b3c945f..dff4dd38b631f6a58bda5048c0f0dfa432b08fb5 100644
--- a/ee/spec/models/merge_request_spec.rb
+++ b/ee/spec/models/merge_request_spec.rb
@@ -517,6 +517,20 @@
           expect(overriding_policies.values).to contain_exactly(overrides)
         end
 
+        context 'when policy does not set approval_settings' do
+          let(:policy) { create(:security_policy) }
+
+          it { is_expected.to be_empty }
+        end
+
+        context 'when policy does not set overriding approval_settings' do
+          let(:policy) do
+            create(:security_policy, content: { approval_settings: { require_password_to_approve: false } })
+          end
+
+          it { is_expected.to be_empty }
+        end
+
         context 'when there are multiple policies' do
           let(:other_approval_settings) { { require_password_to_approve: true } }
           let(:other_policy) do