Risk Committee of the Board of Directors
of The Bank of New York Mellon Corporation
Purposes, Resources and General Considerations
The purpose of the Risk Committee (the "Committee") is to assist the Board of Directors in fulfilling its oversight responsibilities with regard to the risk appetite of the Corporation and the risk management and compliance framework and the governance structure that supports it. Risk appetite is defined as the level and type of risk a firm is able and willing to assume in its exposures and business activities, given its business objectives and obligations to stakeholders.
In carrying out its oversight responsibilities, each Committee member shall be entitled to rely on the integrity and expertise of those persons providing information to the Committee and on the accuracy and completeness of such information, absent actual knowledge of inaccuracy.
The Committee will have the resources and authority appropriate to discharge its responsibilities, including sole authority to retain and terminate the engagement of such consultants or independent counsel to the Committee as it may deem necessary or helpful in carrying out its responsibilities, and to establish the fees and other terms for the retention of such consultants and counsel, such fees to be borne by the Corporation.
Composition, Meetings and Procedures
The Committee will consist of three or more independent directors.
Risk Committee members and the Committee Chairman (a) shall be appointed annually by the Board of Directors on recommendation of the Corporate Governance and Nominating Committee and (b) serve at the pleasure of the Board.
Except as limited by law, regulation or the rules of the New York Stock Exchange, the Committee may form subcommittees for any purpose that it deems appropriate and may delegate to such subcommittees or to members of the Corporation's management such power and authority as it deems appropriate, provided, however, that any such subcommittees shall meet all applicable independence requirements and that the Committee shall not delegate to persons other than independent directors any functions that are required — under applicable law, regulation, or stock exchange rule — to be performed by independent directors.
The Committee shall meet as frequently as necessary to fulfill its duties and responsibilities, but not less frequently than quarterly. A meeting of the Committee may be called by its chairman or any member.
The Committee may meet in joint session with the Audit Committee of the Board from time to time to discuss areas of common interest and significant matters including, but not limited to, major investment portfolio issues, frauds, major regulatory enforcement actions, major litigation or whistleblower matters, and systemic technology issues.
The Committee may request any officer or employee of the Corporation, or any special counsel or advisor, to attend a meeting of the Committee or to meet with any members of, or consultant to, the Committee. The agenda for each Risk Committee meeting will provide time during which the Committee can meet separately in executive session with management, the Chief Risk Officer, the Chief Compliance Officer, the independent auditors and as a Committee to discuss any matters the Committee or these groups believe should be discussed.
Minutes of its meetings will be approved by the Committee and maintained on behalf of the Committee. The Committee shall report its activities to the Board of Directors on a regular basis and make such recommendations as it deems necessary or appropriate.
Specific Responsibilities and Duties
The Committee will have the responsibility to:
- review and approve the Corporation's risk appetite statement on an annual basis; approve any material amendment to the risk appetite statement;
- review significant financial and other risk exposures and the steps management has taken to monitor, control and report such exposures, including, without limitation, credit, market, fiduciary, liquidity, reputational, operational, fraud, strategic, technology, (data-security business-continuity risk, etc.) and risks associated with incentive compensation plans;
- evaluate risk exposure and tolerance and approve appropriate transactional or trading limits;
- review and evaluate the Corporation's policies and practices with respect to risk assessment and risk management and annually present to the Audit Committee of the Board a report summarizing the Committee's review of the Corporation's methods for identifying and managing risks;
a.review reports and significant findings of the Risk Management and Compliance
Group and the Internal Audit Department with respect to the risk management and
compliance activities of the Corporation, together with management's responses
and follow-up to these reports, and
b.review significant reports from regulatory agencies relating to risk management
and compliance issues, and management's responses,
except to the extent subject to the jurisdiction of another
committee of the Board of Directors pursuant to that committee's charter;
- review reports on fiduciary activities of the Corporation's businesses;
- provide general oversight of the Corporation's investment of fiduciary assets;
- review the scope of work of the Risk Management and Compliance Group and its planned activities with respect to the risk management and compliance activities of the Corporation;
- review the appointment, performance and replacement of the Chief Risk Officer;
- notwithstanding anything in the charter of the Technology Committee of the Board, the Committee will have the responsibility to review the Corporation's risks relating to technology, including without limitation:
- receive from management regular updates regarding corporate-wide compliance with laws and regulations;
- make semi-annual reports regarding, among other things, corporate-wide compliance with laws and regulations to the Audit Committee of the Board;
- escalate to the Audit Committee for discussion at a joint session of the Audit and Risk Committees any items that have a significant financial statement impact or require significant financial statement/regulatory disclosures; and
- escalate other significant issues, including, but not limited to, significant compliance issues, as soon as deemed necessary by the Committee to a joint session of the Audit and Risk Committees.
a.review the Corporation's technology risk management programs; and
b.receive reports from management concerning the Corporation's
technology operations including, among other things, business continuity
planning, information security, software development project performance,
technical operations performance, technology architecture and significant
technology investments and approve related plans or policies or recommend
such plans and policies to the Board for approval, as appropriate;
Annual Performance Evaluation and Charter Review
Annually, there shall be a performance evaluation of the Committee, which may be a self-evaluation or an evaluation employing such other resources or procedures as the Committee and the Corporate Governance and Nominating Committee may deem appropriate. The Committee will review and assess the adequacy of this Charter annually and recommend changes to the Board of Directors when necessary.
Approved: April 9, 2013