General Purpose and Function of the Committee
The Risk Committee (the “Committee”) is an independent committee of the Board of Directors that has, as its sole and exclusive function, responsibility for the oversight of the risk management policies and practices of the Corporation’s global operations and oversight of the operation of the Corporation’s global risk management framework.
The global risk management framework shall be commensurate with the structure, risk profile, complexity, activities, and size of the Corporation and include:
- the Corporation’s Policies and procedures establishing risk management governance, risk management procedures, and risk control infrastructure for global operations; and
- the Corporation’s processes and systems for implementing and monitoring compliance with such policies and procedures, including (i) identifying and reporting of risks and risk management deficiencies, including emerging risks, and ensuring effective and timely implementation of actions to address emerging risks and risk management deficiencies for the Corporation’s global operations; (ii) establishing managerial and employee responsibility for risk management; (iii) ensuring the independence of the risk management function; and (iv) integrating risk management and associated controls with management goals and the Corporation’s compensation structure for its global operations.
The Committee will assist the Board of Directors in fulfilling its oversight responsibilities with regard to the risk appetite of the Corporation, the Corporation’s risk management and compliance framework, and the governance structure that supports it. Risk appetite is defined as the level and type of risk a firm is able and willing to assume in its exposures and business activities, given its business objectives and obligations to stakeholders.
In carrying out its oversight responsibilities, each Committee member shall be entitled to rely on the integrity and expertise of those persons providing information to the Committee and on the accuracy and completeness of such information, absent actual knowledge of inaccuracy.
The Committee will have the resources and authority appropriate to discharge its responsibilities, including sole authority to retain and terminate the engagement of such consultants or independent counsel to the Committee as it may deem necessary or helpful in carrying out its responsibilities, and to establish the fees and other terms for the retention of such consultants and counsel, such fees to be borne by the Corporation.
Composition, Meetings and Procedures
The Committee will consist of three or more independent directors. At least one member of the Committee shall have experience in identifying, assessing, and managing risk exposures of large, complex financial firms.
The Committee Chair shall be a director who:
- Is not an officer or employee of the Corporation and has not been an officer or employee of the Corporation during the immediately preceding three year period;
- Is not a member of the immediate family of a person who is, or who has been within the last three years, an executive officer of the Corporation; and
- Is an independent director under Securities and Exchange Commission standards.
Committee members and the Committee Chair (a) shall be appointed annually by the Board of Directors on recommendation of the Corporate Governance, Nominating and Social Responsibility Committee and (b) serve at the pleasure of the Board. The Committee shall report directly to the Board.
Except as limited by law, regulation or the rules of the New York Stock Exchange, the Committee may form subcommittees for any purpose that it deems appropriate and may delegate to such subcommittees or to members of the Corporation's management such power and authority as it deems appropriate, provided, however, that any such subcommittees shall meet all applicable independence requirements and that the Committee shall not delegate to persons other than independent directors any functions that are required — under applicable law, regulation, or stock exchange rule — to be performed by independent directors.
The Committee shall meet as frequently as necessary to fulfill its duties and responsibilities, but not less frequently than quarterly. A meeting of the Committee may be called by its chair or any two members of the Committee.
The Committee shall coordinate with the Audit Committee of the Board (which may be done through the Chairs of each Committee) to ensure that each Committee has received and, when appropriate, discussed the information necessary to fulfill their respective responsibilities and duties with respect to areas of common interest. These areas may include, among other matters, the Corporation's methods for identifying and managing risks, and significant matters including, but not limited to, investment portfolio issues, frauds, regulatory enforcement actions, litigation or whistleblower matters, and technology issues.
The Committee may request any officer or employee of the Corporation, or any special counsel or advisor, to attend a meeting of the Committee or to meet with any members of, or consultant to, the Committee. The agenda for each Committee meeting will provide time during which the Committee can meet separately in executive session as a Committee. As needed, the Committee may meet with management, the Chief Risk Officer, the Chief Compliance Officer, and the independent auditors during such executive sessions.
The Committee shall fully document and maintain records of its proceedings, including risk management decisions. Minutes of its meetings will be approved by the Committee and maintained on its behalf. The Committee shall report its activities to the Board of Directors on a regular basis and make such recommendations as it deems necessary or appropriate.
Specific Responsibilities and Duties
The Committee shall approve the appointment of the Chief Risk Officer, who will report directly to both the Committee and the Chief Executive Officer of the Corporation. Together with the Chief Executive Officer, the Committee has the responsibility to annually review the performance of the Chief Risk Officer and, as appropriate, replace the Chief Risk Officer. The Committee shall receive and review regular reports, at least quarterly, from the Chief Risk Officer.
As part of the Committee’s oversight responsibilities the Committee shall:
- Review and approve the significant risk management policies and associated risk management frameworks;
- Review and approve the Corporation’s risk appetite statement on an annual basis and approve any material amendment to the risk appetite statement;
- Review and approve the Contingency Funding Plan at least annually, and approve any material revisions to this plan prior to implementation;
- Review significant risk exposures and the steps that management has taken to identify, measure, monitor, control and report such exposures, including risks such as credit, market, liquidity, operational (which includes fiduciary and technology risks), strategic, and model and risks associated with incentive compensation plans;
- Evaluate risk exposure and tolerance;
- Review and evaluate the Corporation's practices with respect to risk assessment and risk management;
- Review significant issues identified by Risk and Compliance and the Internal Audit Department with respect to the risk management and compliance activities of the Corporation, together with management's responses and follow-up to these reports; and
- Review significant examination reports and associated matters identified by regulatory authorities relating to risk management and compliance issues, and management's responses.
Except to the extent subject to the jurisdiction of another committee of the Board of Directors pursuant to that committee's charter, the Committee will also have the responsibility to:
- Review the scope of work of Risk and Compliance and its planned activities with respect to the risk management and compliance activities of the Corporation;
- Annually, or at other appropriate intervals, review and approve the compensation of the Chief Risk Officer, as recommended by the Chief Executive Officer and/or the Human Resources and Compensation Committee;
- Receive from management regular updates regarding corporate-wide compliance with laws and regulations;
- Review the Corporation’s capital adequacy, capital planning process, stress testing and related activities;
- Escalate to Audit Committee members any items that have a significant financial statement impact or require significant financial statement/regulatory disclosures; and
- Escalate to Audit Committee members other significant issues, including, but not limited to, significant compliance issues, as soon as deemed necessary by the Committee.
Annual Performance Evaluation and Charter Review
Annually, there shall be a performance evaluation of the Committee, which may be a self-evaluation or an evaluation employing such other resources or procedures as the Committee and the Corporate Governance, Nominating and Social Responsibility Committee may deem appropriate. The Committee will review and assess the adequacy of this Charter annually and recommend changes to the Board of Directors when necessary. The Charter and any amendments to it must be approved by the Board of Directors.
Approved: April 12, 2021