Risk Oversight Committee Charter
The Risk Oversight Committee (the "Committee") is appointed by the Board of Directors (the "Board") to approve and periodically review the Company's risk management policies and oversee the operation of an enterprise-wide risk management framework and the Company's capital planning, liquidity risk management and resolution planning activities.
The Committee's role is one of oversight, recognizing that the Company's management is responsible for assessing and managing the Company's risks. The Company's management is responsible for designing, implementing and maintaining an effective and appropriate enterprise-wide risk management program, which is overseen by the Committee in accordance with its responsibilities and powers set forth in this charter.
- The Committee shall be comprised of at least three (3) Board members. Committee members shall serve at the pleasure of the Board and for such term as the Board determines. The Board shall designate one Committee member as the Committee's chair.
- Each member of the Committee shall be an independent director under applicable Securities and Exchange Commission regulations and New York Stock Exchange listing standards and the independence requirements of the Company. The membership of the Committee shall also satisfy any regulatory or legal requirements regarding experience, expertise or other qualifications that are or may become applicable to the Committee.
- The Committee shall meet at least quarterly and otherwise as needed, and shall report directly to the Board on a regular basis. Meetings shall include any participants the Committee deems appropriate and shall be of sufficient duration and scheduled at such times as the Committee deems appropriate to discharge properly its responsibilities.
- The Committee shall meet periodically in separate executive sessions with the Company's Chief Risk Officer and other members of management as it deems appropriate to carry out its responsibilities.
- The Committee shall review with the full Board any issues arising with respect to the performance of the corporate risk management function.
- The Committee shall have direct access to, and complete and open communication with, the Company's management, including the Chief Risk Officer, and may obtain advice and assistance from internal legal, risk or other advisors. The Committee may retain independent legal, risk or other advisors to assist it, and may determine compensation for such advisors, and the Company shall be responsible for any costs or expenses incurred.
- The Committee shall review and assess annually its performance and report the results to the Board. The Committee shall review and assess annually the adequacy of this charter and, if appropriate, recommend changes to the charter to the Board.
- The Committee (which may act through the Chair of the Committee) shall share information and liaise and meet in joint session with the Audit Committee as necessary or desirable to help ensure that the committees have received the information necessary to permit them to fulfill their duties and responsibilities with respect to oversight of risk management matters.
- The Committee shall fully document and maintain records of its proceedings, including risk management decisions.
Authority, Duties and Responsibilities
The sole and exclusive function of the Committee is overseeing the risk management policies of the Company and the operation of the Company's enterprise-wide risk management framework, such framework to be commensurate with the Company's structure, risk profile, complexity, activities and size, as well as providing oversight of the Company's capital planning, liquidity risk management and resolution planning activities. In furtherance thereof, the Committee's duties shall include:
Oversight of Enterprise-Wide Risk Management Framework
- Approve and periodically review risk management policies of the Company, including the ongoing alignment of the risk appetite framework approved by the Board with the Company's strategy and capital plans.
- Oversee the operation of policies and procedures establishing risk management governance, risk management procedures, risk appetite metrics and key risk indicators, and the risk-control infrastructure for the Company.
- Oversee the operation of processes and systems for implementing and monitoring compliance with such policies and procedures, including:
- Processes and systems for identifying and reporting risks and risk management deficiencies, including regarding emerging risks, and ensuring effective and timely implementation of actions to address emerging risks and risk management deficiencies;
- Processes and systems for establishing managerial and employee responsibility for risk management;
- Processes and systems for ensuring the independence of the risk-management function; and
- Processes and systems to integrate risk management and associated controls with management goals and its compensation structure.
- Review and make recommendations to the Board, as appropriate, regarding the Company's risk management framework, key risk management policies and the Company's risk appetite and tolerance.
- Receive and review regular reports, on not less than a quarterly basis, from the Chief Risk Officer on risk management deficiencies and emerging risks, the status of and changes to risk exposures, policies, procedures and practices, and the steps management has taken to monitor and control risk exposures.
- Receive reporting on compliance with the Company's risk appetite and limit structure and risk management policies, procedures and controls.
- Receive and review reports from the Company's internal audit function on the results of risk management reviews and assessments.
- Review and make recommendations, as appropriate, with respect to the appointment, performance, compensation and replacement of the Company's Chief Risk Officer.
- Review and discuss with the Chief Risk Officer whether corporate risk management has the appropriate resources, independence and authority to fulfill its risk management responsibilities.
- Perform such other duties and functions required of the Committee pursuant to enhanced prudential standards, as adopted by the Federal Reserve from time to time that are applicable to the Company.
- Receive and review examination reports, as well as information regarding examinations and communications from regulators, to the extent that they relate to matters within the purview of the Committee.
Oversight of Capital Planning, Liquidity Risk Management and Resolution Planning Activities
- Oversee the capital planning process, including periodic review of the risk infrastructure and significant capital resource and loss estimation methodologies, and highly critical inputs and assumptions; evaluation of capital goals; and assessment of the appropriateness of stress scenarios.
- Receive and review reports from senior management on the Company's liquidity risk profile and liquidity risk tolerance at least quarterly.
- Review the Company's annual capital plan, including planned capital actions, as part of the Company's regulatory submission.
- Review and approve the Company's contingency funding plan at least annually and approve any material revisions of the plan prior to the implementation of such revisions.
- Provide oversight of all resolution planning activities, including key assumptions and resolution strategies, resource allocations, and processes to ensure consistency with the Company's overall strategy and risk profile.
- Review the Company's resolution plan.
- Make such recommendations with respect to any of the above and other matters as the Committee deems necessary or appropriate.
- Have such other authority, duties and responsibilities as may be delegated to the Committee by the Board.
- The Committee may form, and delegate authority to, subcommittees comprised of one or more members of the Committee, as appropriate. Each subcommittee shall have the full power and authority of the Committee, as to matters delegated to it.
The Committee's authority, duties and responsibilities are discharged through evaluating reports given to the Committee and presentations made to the Committee by the Chief Risk Officer and other members of management, and by other persons or organizations the Committee deems appropriate.
As Amended: February 23, 2017