Our Business Practices

Audit Committee Charter

Purpose

The Audit Committee (the "Committee") of Discover Financial Services (the "Parent") and Discover Bank (the "Bank," and together with the Parent, the "Company") is a committee of both boards of directors (collectively, the "Board") appointed to (a) assist the Board in its oversight of (i) the integrity of the Company's consolidated financial statements; (ii) the Company's compliance with certain legal and regulatory requirements; (iii) the Company's system of internal controls, and disclosure controls and procedures; (iv) the qualifications and independence of the Company's independent registered public accounting firm ("independent auditor"); and (v) the performance of the Company's internal audit function and independent auditors; and (b) prepare the report required by the Securities and Exchange Commission Regulation S-K Item 407(d)(3)(i) to be included in the Parent's annual proxy statement. The Committee shall perform such other duties and responsibilities enumerated in and consistent with this Charter.

The Committee's primary responsibility is one of oversight. It is the responsibility of the Company's management to prepare consolidated financial statements that are complete and accurate and in accordance with generally accepted accounting principles in the United States ("GAAP") and to establish satisfactory internal controls over financial reporting. It is the responsibility of the Company's independent auditor to audit the Company's financial statements and the effectiveness of the Company's internal controls over financial reporting. In carrying out its oversight duties, the Committee does not have responsibility for planning or conducting audits or determining that the Company's financial statements are complete or accurate or in accordance with GAAP. The Committee does not provide any expert or other special assurance as to such financial statements concerning compliance with laws, regulations or GAAP.

Membership

1. The Committee shall be comprised of at least three (3) Board members nominated by the Nominating, Governance and Public Responsibility Committee and appointed by the Board. No Board member shall serve simultaneously on the Committee and the audit committee of more than two (2) other public companies, unless the Board shall determine that such simultaneous service would not impair the Board member's ability to serve effectively on the Committee. Such determination shall be disclosed in the proxy statement. Committee members shall serve at the pleasure of the Board and for such term as the Board determines. The Board shall designate one Committee member as the Committee's chair (the "Chair").
2. The members of the Committee shall collectively meet the requirements of the New York Stock Exchange ("NYSE"), the Securities Exchange Act of 1934, as amended (the "Exchange Act"), the Sarbanes-Oxley Act of 2002, as amended ("SOX"), the Federal Deposit Insurance Corporation Improvement Act of 1991 ("FDICIA") and any applicable regulatory authority, including the independence requirements and the rules and regulations of the Securities and Exchange Commission (the "SEC") and any additional requirements that the Board deems appropriate. Determinations of qualifications, including independence, shall be made by the Nominating, Governance and Public Responsibility Committee, using its business judgment.
3. Each Committee member shall be financially literate in accordance with NYSE requirements or must become financially literate in accordance with such requirements within a reasonable period of time after his or her appointment to the Committee.
4. At least one Committee member shall have accounting or related financial management expertise in accordance with NYSE requirements and at least one Committee member should, if practical, be, in the judgment of the Board, an "audit committee financial expert" as defined by the rules of the SEC.
5. Members of the Committee shall be outside directors and will not include large customers of the Bank. At least two members will have banking or related financial management expertise as determined by the Board.

Operations

1. The Committee shall hold regular meetings at least four times per year and report to the Board on a regular basis. In the absence of the Chair at any meeting of the Committee, the members of the Committee may designate one of its members to serve as the Chair of the meeting. Meetings shall include any participants the Committee deems appropriate and shall be of sufficient duration and scheduled at such times as the Committee deems appropriate to discharge properly its responsibilities.
2. The Committee shall meet periodically with management, the independent auditor and the internal auditor in separate executive sessions.
3. The Committee shall make periodic reports to the Board summarizing the matters reviewed and actions taken at each Committee meeting and make available to the Board minutes of all meetings. The Committee shall review with the full Board any issues arising with respect to the quality or integrity of the Company's financial statements, the Company's compliance with legal or regulatory requirements, the effectiveness of internal controls, the performance and independence of the Company's independent auditor, or the performance of the internal audit function.
4. The Committee may form and delegate to one or more subcommittees all or any portion of the Committee's authority, duties and responsibilities, and may establish such rules as it determines necessary or appropriate to conduct its business. The Committee shall report on any such delegation to the full Board.
5. The Committee shall have direct access to, and have complete and open communication with, management and internal and independent auditors and may obtain advice and assistance from internal legal, accounting or other advisors. The Committee may retain independent legal, accounting or other advisors as it determines appropriate to assist it in fulfilling its responsibilities, without seeking approval of management or the Board. The Committee shall have authority to perform or supervise investigations, and the Company shall provide for appropriate funding, as determined by the Committee, for the payment of expenses related to any such investigation.
6. The Company shall provide for appropriate funding, as determined by the Committee, for the payment of: (i) compensation to the independent auditor engaged for the purpose of preparing or issuing an audit report or performing other audit, review or attest services or other permitted services for the Company; (ii) ordinary administrative expenses of the Committee that are necessary or appropriate in carrying out its duties and responsibilities; and (iii) compensation to independent legal, accounting or other advisors retained by the Committee.
7. The Committee shall review and evaluate annually its performance and report the results to the Board. The Committee shall review and assess annually the adequacy of this charter and, if appropriate, recommend changes to the Board for approval.
8. The Committee (which may act through the Chair) shall share information and liaise and meet in joint session with the Risk Oversight Committee as necessary or desirable to help ensure that the committees have received the information necessary to permit them to fulfill their duties and responsibilities with respect to oversight of risk-management matters.
9. The Committee shall document and maintain records of its proceedings.
10. Except as set forth herein, the Committee is governed by the same rules regarding meetings (including meetings in person or by telephone or other similar communications equipment), action without meetings, notice, waiver of notice, and quorum and voting requirements as are applicable to the Board.

Authority, Duties and Responsibilities

The Committee shall:

Oversight of the Company's Relationship with the Independent Auditor

1. Have the sole authority and responsibility to appoint (which appointment may be presented to shareholders for ratification), compensate, retain, oversee, evaluate and, when appropriate, replace the independent auditor engaged for the purpose of preparing or issuing an audit report or performing other audit, review and attest services. The independent auditor shall report directly to the Committee.
2. Preapprove all audit, review and attest services and permitted non-audit services (including the fees and terms thereof) to be performed for the Company by its independent auditor, subject to the de minimis exception for non-audit services described in Section 10A(i)(1)(B) of the Exchange Act that are approved by the Committee prior to the completion of the audit. The Committee may form and delegate authority to subcommittees consisting of one or more members the authority to grant preapprovals of audit and permitted non-audit services, or may delegate such authority to the Chair, provided that decisions of such subcommittee or the Chair to grant preapprovals shall be presented to the full Committee at its next scheduled meeting.
3. Review and evaluate annually the qualifications, performance and independence of the lead partner of the independent auditor and ensure regular rotation of the lead audit partner, reviewing partner and other audit engagement team partners of the independent auditor as required by law. Consider, as appropriate, the rotation of the independent audit firm. The Committee shall present its conclusions with respect to the independent auditor to the Board.
4. Evaluate annually the qualifications, performance, and independence of the independent auditor, including considering whether or not (i) the auditor's quality controls are adequate and (ii) the provision of permitted non-audit services is compatible with maintaining the auditor's independence, in each instance taking into account the opinions of management and internal auditors. The Committee shall present its conclusions with respect to the independent auditor to the Board.
5. Review and discuss the scope of the audit, including planning, staffing, and adequacy of resources, with management and the independent auditor.
6. Evaluate the independence of the independent auditor by, among other things, ensuring that the independent auditor periodically, and at least annually, submits to the Committee a formal written report delineating all relationships between the independent auditor and the Company, including any non-audit service permitted under the Exchange Act provided to the Company and the matters set forth in Public Company Accounting Oversight Board ("PCAOB") Rule 3526 – "Communication with Audit Committees Concerning Independence." Review and evaluate such report and engage in a dialogue with the independent auditor with respect to any disclosed relationships or services that may impact the independent auditor's objectivity and independence. Provide its conclusions to the Board. In making the evaluations mentioned in paragraph 3, 4 and in this paragraph, the Committee shall take into account the opinions of management and the Company's internal auditor.
7. Obtain, review and evaluate, at least annually, a report by the independent auditor describing the independent auditor's internal quality-control procedures, any material issues raised by the most recent internal quality-control review, peer review, or PCAOB review, of the independent auditor, or by any inquiry or investigation by governmental or professional authorities, within the preceding five years, in respect of one or more independent audits carried out by the independent auditor, and any steps taken in response to any such issues, and all relationships between the independent auditor and the Company for evaluation of auditor independence, including the matters set forth in the letter provided by the independent auditor pursuant to PCAOB Rule 3526.
8. Review and discuss with management and the independent auditor, at least annually: (i) developments and issues with respect to reserves; (ii) regulatory and accounting initiatives, as well as off-balance sheet arrangements, and their effect on the Company's consolidated financial statements; and (iii) accounting policies, critical accounting estimates, and valuation processes and methodologies used in the preparation of the Company's consolidated financial statements (specifically those policies for which management is required to exercise discretion or judgment regarding the implementation thereof).
9. Review and discuss with the independent auditor any other matters required to be discussed by PCAOB Auditing Standards No. 1301, Communications with Audit Committees.
10. Set clear policies for the Company with respect to hiring current and former employees of the independent auditor.
11. Periodically receive reports from management regarding all material audit and non-audit services fees paid to registered public accounting firms other than the Company's independent auditors.

Oversight of the Company's Internal Auditor and Internal Controls

12. Approve the appointment and, when and if appropriate, replacement of the Company's senior internal auditing executive, who shall report directly to the Committee and administratively to the Company's Chief Executive Officer. Review the qualifications of and approve the performance and compensation of the senior internal auditing executive on an annual basis.
13. Review the significant reports to management, or summaries thereof, prepared by the internal audit department and management's responses.
14. Review and discuss with management and the internal and independent auditors internal controls over financial reporting and any report by management thereon and any opinion of the independent auditor relating thereto. Receive reports from management regarding management's quarterly evaluations of changes in internal controls over financial reporting and discuss with management and the internal and independent auditors as appropriate. Discuss, as appropriate, the adequacy of the Company's internal controls over financial reporting with the internal and independent auditors and management including, without limitation, reports from the Chief Executive Officer or the Chief Financial Officer regarding significant deficiencies and material weaknesses in the design or operation of internal controls over financial reporting, which could adversely affect the Company's ability to record, process, summarize, and report financial data, or any fraud, whether or not material, that involves management or other employees who have a significant role in the Company's internal controls. Review and discuss, as appropriate, any major issues as to the adequacy of the Company's internal controls over financial reporting and any special audit steps adopted in light of material control deficiencies. Review the Chief Executive Officer and Chief Financial Officer certification process and the role of the Disclosure Committee.
15. Review and approve the charter, responsibilities, budget and staffing levels of the Company's internal audit function. Review and approve the audit plan and scope of work and internal audit's overall risk-assessment methodology. Review reports of any significant changes to audit budgets and timeliness for the completion of audits.
16. Review and approve all significant aspects of internal audit outsourcing arrangements.
17. Review the results of internal audit's risk assessment, including the most significant risks facing the Company as well as how these risks have been addressed in the internal audit plan.
18. Receive reporting on audits that have been rated less than satisfactory; audit plan completion status and compliance with report issuance timeframes; audit plan changes including the rationale for significant changes; audit issue information, including aging, past-due status, root-cause analysis and thematic trends; information on higher-risk issues indicating the potential impact, root cause, remediation status and impact of such issues on the Company's risk profile; results of internal and external quality assurance reviews; information on significant industry and institution trends in risks and controls; reporting of significant changes in audit staffing levels; significant changes in internal audit processes, including a periodic review of key internal audit policies and procedures; budgeted audit hours versus actual audit hours; information on major projects with respect to internal audit; and, at least annually, opinion on the adequacy of the risk management processes, including effectiveness of managements' self-assessment and remediation of identified issues.
19. Review and discuss with management and the internal and independent auditors findings that affect the Bank included in reports on the Company's internal controls over financial reporting and the independent auditor's attestation report regarding management's report.

Oversight of the Financial Statements, Audit and Disclosure

20. Review the results of internal and independent audits and reviews of, and meet to review and discuss with management and the independent auditor prior to public dissemination, the Parent's annual audited consolidated financial statements and quarterly financial statements, including reviewing the Parent's specific disclosures under "Management's Discussion and Analysis of Financial Condition and Results of Operations," and other matters required by applicable PCAOB standards or under applicable legal, regulatory or NYSE requirements.
21. Regularly review with the independent auditor significant issues regarding accounting principles and financial statement presentations, including (i) any significant changes in the Company's selection or application of accounting principles; (ii) analyses prepared by management and/or the independent auditor setting forth significant financial reporting issues and judgments made in connection with the preparation of the financial statements, including analyses of the effects of alternative GAAP methods on the financial statements; and (iii) any significant communications between the independent audit team and the independent auditor's national office in respect of auditing or accounting issues presented by the engagement.
22. Review and discuss with the independent auditor and, to the extent appropriate, management, in connection with the Parent's Annual Report on Form 10-K, and otherwise, as appropriate, any reports of the independent auditor required by law or professional auditing standards, including reports on: (i) all critical accounting policies and practices used in preparing the financial statements; (ii) all alternative treatments under GAAP for policies and practices related to material items discussed with management, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the independent auditor; (iii) any accounting adjustments that were noted or proposed by the independent auditor but were "passed"; and (iv) other material written communications between the independent auditor and management of the Parent, such as any management or internal control letter issued or proposed to be issued, and a schedule of unadjusted differences, if any.
23. Discuss with the independent auditor the matters required to be discussed by the applicable requirements of the PCAOB or other applicable standards relating to the audit, in accordance with applicable audit standards, including (i) the quality and appropriateness of the Company's accounting principles, (ii) any determination and reporting of critical audit matters (as that term is defined by the PCAOB), (iii) any audit problems or difficulties encountered in the course of the audit work, (iv) any restrictions on the scope of activities or access to requested information, (v) any significant disagreements with management, and (vi) management's response to each.
24. Obtain a statement from the independent auditor that the audit was conducted in a manner consistent with PCAOB standards and applicable portions of Section 10A of the Exchange Act, including assurance that Section 10A(b) has not been implicated.
25. After review, recommend to the Board whether the annual audited consolidated financial statements should be included in the Parent's Annual Report on Form 10-K.
26. Review and discuss with management and the independent auditors the Parent's earnings press releases, if any, as well as financial information and earnings guidance provided to analysts and rating agencies, if any. The Committee's discussion in this regard may be general in nature (i.e., discussion of the type of information to be disclosed and the type of presentation to be made) and need not take place in advance of each earnings release or each instance in which the Parent may provide financial information and earnings guidance.
27. Review or discuss, as and when appropriate: (i) the types of information to be disclosed and the type of presentation to be made in earnings press releases, including the use of "pro forma" or "adjusted" non-GAAP information and any reconciliation to GAAP information that have been, or will be, issued by the Parent, as well as financial information and earnings guidance that have been provided to analysts and rating agencies; and (ii) the effect of regulatory and accounting initiatives and off-balance sheet structures on the Company's consolidated financial statements.
28. Be responsible for resolution of disagreements between management and the independent auditor regarding financial reporting.

Oversight of Compliance with Legal and Regulatory Requirements

29. When deemed appropriate, review with management and the independent auditor the Bank's compliance with laws and regulations and review with the Company's General Counsel, or appropriate delegates, legal, disclosure or other matters that may have a material impact on the Company's consolidated financial statements or on the Company's compliance policies.
30. Review any material reports or inquiries received from, and any reports of examination of, federal and state financial institution regulatory authorities and management's response thereto. Obtain, review and evaluate reports from management with respect to the Company's compliance with applicable legal and regulatory requirements, and the Company's Code of Ethics and Business Conduct. Discuss with management whether or not there have been any violations of such laws, regulations, or codes of conduct that could materially impact the Company's financial statements. The Company's Chief Compliance Officer shall have the authority to communicate personally to the Committee promptly on any matter involving criminal conduct or potential criminal conduct and, at least annually, shall report to the Committee on the implementation and effectiveness of the Company's compliance program. Establish procedures for: (i) the receipt, retention, and treatment of complaints received by the Company regarding accounting, internal accounting controls, or auditing matters; and (ii) the confidential, anonymous submission by Company employees of concerns regarding questionable accounting or auditing matters.
31. Discuss with management and the independent auditor any correspondence with regulators or governmental agencies, any external or employee complaints, including complaints regarding accounting, internal accounting controls, or auditing matters, or published reports that raise material issues regarding the Company's financial statements or accounting policies, or other material complaint matters which affect the Bank, and receive summaries of corrective action plans and timetables.
32. Review and discuss, as and when appropriate, the internal auditor's review of perquisites, expenses and conflicts of interest, if any, of members of the Company's management and senior management of the business units. Review disclosures of insider and affiliated party transactions.
33. Provide the report of the Committee as required by the SEC for inclusion in the Parent's annual proxy statement.
34. Receive reporting on annual FDICIA and Call Report processes.
35. Satisfy itself that the audit procedures employed by the internal and independent auditors shall meet the requirements of the FDIC regulations.
36. Review and discuss any reports concerning material violations submitted to the Committee by Company attorneys or outside counsel pursuant to the SEC attorney professional responsibility rules or otherwise.

Oversight of the Company's Risk Management

37. Notwithstanding the Board's allocation of oversight responsibilities of risks and risk management to the Risk Oversight Committee, the Committee shall discuss policies with respect to risk assessment and management.
38. Receive and review reports from the Chief Risk Officer and other members of management as the Committee deems appropriate on the guidelines and policies for assessing and managing the Company's exposure to risks, the corporation's major financial risk exposures and the steps management has taken to monitor and control such exposures.
    
    The Committee (which may act through the Chair of the Committee) shall share information and liaise and meet in joint session with the Risk Oversight Committee as necessary or desirable to help ensure that the committees have received the information necessary to permit them to fulfill their duties and responsibilities with respect to oversight of risk management matters.

Other Authority

39. Make such recommendations with respect to any of the above and other matters as the Committee deems necessary or appropriate.
40. Have such other authority, duties and responsibilities as may be delegated to the Committee by the Board.

The Committee's authority, duties and responsibilities are discharged through evaluating reports given to the Committee, presentations made to the Committee and other significant financial reporting decisions reported to the Committee by management, the internal and independent auditors and by other persons or organizations the Committee deems appropriate.

As Amended: May 11, 2023