Our Business Practices
We adhere to the highest standards of corporate governance and ethical conduct. We believe that accountability, transparency and good decision-making support our business, serve our customers and create value for our shareholders.
Risk Oversight Committee Charter
The Risk Oversight Committee (the "Committee") is appointed by the Board of Directors (the "Board") of Discover Financial Services (the "Company") to approve and periodically review the Company's risk management policies and oversee the operation of an enterprise-wide risk management framework and the Company's capital planning, liquidity risk management and resolution planning activities.
The Committee's role is one of oversight, recognizing that the Company's management is responsible for assessing and managing the Company's risks. The Company's management is responsible for designing, implementing and maintaining an effective and appropriate enterprise-wide risk management program, which is overseen by the Committee in accordance with its responsibilities and powers set forth in this charter.
- The Committee shall be comprised of at least three (3) Board members appointed by the Board. Committee members shall serve at the pleasure of the Board and for such term as the Board determines. The Board shall designate one Committee member as the Committee's chair (the "Chair").
- Each member of the Committee shall be an independent director under applicable Securities and Exchange Commission regulations and New York Stock Exchange listing standards and the independence requirements of the Company. The membership of the Committee shall also satisfy any regulatory or legal requirements regarding experience, expertise or other qualifications that are or may become applicable to the Committee.
- The Committee shall meet at least quarterly and otherwise as needed, and shall report directly to the Board on a regular basis. Meetings shall include any participants the Committee deems appropriate and shall be of sufficient duration and scheduled at such times as the Committee deems appropriate to discharge properly its responsibilities.
- The Committee shall meet periodically in separate executive sessions with the Company's Chief Risk Officer and other members of management as it deems appropriate to carry out its responsibilities.
- The Committee shall review with the full Board any issues arising with respect to the performance of the corporate risk management function.
- The Committee shall have direct access to, and complete and open communication with, the Company's management, including the Chief Risk Officer, and may obtain advice and assistance from internal legal, risk or other advisors. The Committee may retain independent legal, risk or other advisors to assist it, and may determine compensation for such advisors, and the Company shall be responsible for any costs or expenses incurred.
- The Committee shall review and assess annually its performance and report the results to the Board. The Committee shall review and assess annually the adequacy of this charter and, if appropriate, recommend changes to the charter to the Board.
- The Committee (which may act through the Chair of the Committee) shall share information and liaise and meet in joint session with the Audit Committee as necessary or desirable to help ensure that the committees have received the information necessary to permit them to fulfill their duties and responsibilities with respect to oversight of risk management matters.
- The Committee shall fully document and maintain records of its proceedings, including risk management decisions.
Authority, Duties and Responsibilities
The sole and exclusive function of the Committee is overseeing the risk management policies of the Company and the operation of the Company's enterprise-wide risk management framework, such framework to be commensurate with the Company's structure, risk profile, complexity, activities and size, as well as providing oversight of the Company's capital planning, liquidity risk management and resolution planning activities. In furtherance thereof, the Committee's duties shall include:
Oversight of Enterprise-Wide Risk Management Framework
- Approve and periodically review risk management policies of the Company, including the ongoing alignment of the risk appetite framework approved by the Board with the Company's strategy and capital plans.
- Oversee the operation of policies and procedures establishing risk management governance, risk management procedures, risk appetite metrics and key risk indicators, and the risk-control infrastructure for the Company.
- Oversee the operation of processes and systems for implementing and monitoring compliance with such policies and procedures, including:
- Processes and systems for identifying and reporting risks and risk management deficiencies, including regarding emerging risks, and ensuring effective and timely implementation of actions to address emerging risks and risk management deficiencies;
- Processes and systems for establishing managerial and employee responsibility for risk management;
- Processes and systems for ensuring the independence of the risk-management function; and
- Processes and systems to integrate risk management and associated controls with management goals and its compensation structure.
Oversight of Capital Planning, Liquidity Risk Management and Resolution Planning Activities
- Oversee the capital planning process, including periodic review of the risk infrastructure and significant capital resource and loss estimation methodologies, and highly critical inputs and assumptions; evaluation of capital goals; and assessment of the appropriateness of stress scenarios.
- Receive and review reports from senior management on the Company's liquidity risk profile and liquidity risk tolerance at least quarterly.
- Review the Company's annual capital plan, including planned capital actions, as part of the Company's regulatory submission.
- Review and approve the Company's contingency funding plan at least annually and approve any material revisions of the plan prior to the implementation of such revisions.
- Provide oversight of all resolution planning activities, including key assumptions and resolution strategies, resource allocations, and processes to ensure consistency with the Company's overall strategy and risk profile.
- Review the Company's resolution plan
- Make such recommendations with respect to any of the above and other matters as the Committee deems necessary or appropriate.
- Have such other authority, duties and responsibilities as may be delegated to the Committee by the Board.
- The Committee may form, and delegate authority to, subcommittees comprised of one or more members of the Committee, as appropriate. Each subcommittee shall have the full power and authority of the Committee, as to matters delegated to it.
The Committee's authority, duties and responsibilities are discharged through evaluating reports given to the Committee and presentations made to the Committee by the Chief Risk Officer and other members of management, and by other persons or organizations the Committee deems appropriate.
As Amended: February 21, 2019