Purposes, Resources and General Considerations
The Risk Committee (the “Committee”) is an independent committee of the Board of Directors that has, as its sole and exclusive function, responsibility for the risk management policies of the Corporation’s global operations and oversight of the operation of the Corporation’s global risk management framework.
The Committee will assist the Board of Directors in fulfilling its oversight responsibilities with regard to the risk appetite of the Corporation and the risk management and compliance framework and the governance structure that supports it. Risk appetite is defined as the level and type of risk a firm is able and willing to assume in its exposures and business activities, given its business objectives and obligations to stakeholders.
In carrying out its oversight responsibilities, each Committee member shall be entitled to rely on the integrity and expertise of those persons providing information to the Committee and on the accuracy and completeness of such information, absent actual knowledge of inaccuracy.
The Committee will have the resources and authority appropriate to discharge its responsibilities, including sole authority to retain and terminate the engagement of such consultants or independent counsel to the Committee as it may deem necessary or helpful in carrying out its responsibilities, and to establish the fees and other terms for the retention of such consultants and counsel, such fees to be borne by the Corporation.
Composition, Meetings and Procedures
The Committee will consist of three or more independent directors. At least one member of the Committee shall have experience in identifying, assessing, and managing risk exposures of large, complex financial firms.
The Committee Chairman shall be a director who:
- is not an officer or employee of the Corporation and has not been an officer or employee of the Corporation during the immediately preceding three year period;
- is not a member of the immediate family of a person who is, or who has been within the last three years, an executive officer of the Corporation; and
- is an independent director under Securities and Exchange Commission standards
Committee members and the Committee Chairman (a) shall be appointed annually by the Board of Directors on recommendation of the Corporate Governance and Nominating Committee and (b) serve at the pleasure of the Board. The Committee shall report directly to the Board.
Except as limited by law, regulation or the rules of the New York Stock Exchange, the Committee may form subcommittees for any purpose that it deems appropriate and may delegate to such subcommittees or to members of the Corporation's management such power and authority as it deems appropriate, provided, however, that any such subcommittees shall meet all applicable independence requirements and that the Committee shall not delegate to persons other than independent directors any functions that are required — under applicable law, regulation, or stock exchange rule — to be performed by independent directors.
The Committee shall meet as frequently as necessary to fulfill its duties and responsibilities, but not less frequently than quarterly. A meeting of the Committee may be called by its chairman or any two members of the Committee.
The Committee may meet in joint session with the Audit Committee of the Board from time to time to discuss areas of common interest and significant matters including, but not limited to, major investment portfolio issues, frauds, major regulatory enforcement actions, major litigation or whistleblower matters, and systemic technology issues.
The Committee may request any officer or employee of the Corporation, or any special counsel or advisor, to attend a meeting of the Committee or to meet with any members of, or consultant to, the Committee. The agenda for each Committee meeting will provide time during which the Committee can meet separately in executive session with management, the Chief Risk Officer, the Chief Compliance Officer, the independent auditors and as a Committee to discuss any matters the Committee or these groups believe should be discussed.
The Committee shall fully document and maintain records of its proceedings, including risk management decisions. Minutes of its meetings will be approved by the Committee and maintained on behalf of the Committee. The Committee shall report its activities to the Board of Directors on a regular basis and make such recommendations as it deems necessary or appropriate.
Specific Responsibilities and Duties
The Chief Risk Officer shall report directly to both the Committee and the Chief Executive Officer of the Corporation. The Committee shall receive and review regular reports, at least quarterly, from the Chief Risk Officer.
The Committee shall:
- approve and periodically review the risk management policies of the Corporation’s global operations; and
- oversee the operation of the Corporation’s global risk management framework, which shall be commensurate with the structure, risk profile, complexity, activities, and size of the Corporation, including:
- policies and procedures establishing risk management governance, risk management procedures, and risk control infrastructure for global operations; and
- processes and systems for implementing and monitoring compliance with such policies and procedures, including processes and systems to:
- Identify and report risks and risk management deficiencies, including emerging risks, and ensure effective and timely implementation of actions to address emerging risks and risk management deficiencies for the Corporation’s global operations;
- Establish managerial and employee responsibility for risk management;
- Ensure the independence of the risk management function; and
- Integrate risk management and associated controls with management goals and the Corporation’s compensation structure for its global operations.
As part of these requirements, the Committee will have the responsibility to:
- review and approve the Corporation’s risk appetite statement on an annual basis; approve any material amendment to the risk appetite statement;
- review and approve the Contingency Funding Plan contained in the Corporation’s Liquidity Policy at least annually, and approve any material revisions to this plan prior to implementation;
- review significant financial and other risk exposures and the steps management has taken to monitor, control and report such exposures, including, without limitation, credit, market, fiduciary, liquidity, reputational, operational, fraud, strategic, technology, (data-security business-continuity risk, etc.) and risks associated with incentive compensation plans;
- evaluate risk exposure and tolerance and approve appropriate transactional or trading limits;
- review and evaluate the Corporation's policies and practices with respect to risk assessment and risk management and annually present to the Audit Committee of the Board a report summarizing the Committee's review of the Corporation's methods for identifying and managing risks;
- review reports and significant findings of the Risk Management and Compliance Group and the Internal Audit Department with respect to the risk management and compliance activities of the Corporation, together with management's responses and follow-up to these reports, and
- review significant reports from regulatory agencies relating to risk management and compliance issues, and management's responses, except to the extent subject to the jurisdiction of another committee of the Board of Directors pursuant to that committee's charter;
- except to the extent subject to the jurisdiction of another committee of the Board of Directors pursuant to that committee's charter;
- review reports on fiduciary activities of the Corporation's businesses;
- provide general oversight of the Corporation's investment of fiduciary assets;
- review the scope of work of the Risk Management and Compliance Group and its planned activities with respect to the risk management and compliance activities of the Corporation;
- review the appointment, performance and replacement of the Chief Risk Officer;
- notwithstanding anything in the charter of the Technology Committee of the Board, the Committee will have the responsibility to review the Corporation’s risks relating to technology, including without limitation:
- review the Corporation's technology risk management programs; and
- receive reports from management concerning the Corporation’s technology operations including, among other things, business continuity planning, information security, software development project performance, technical operations performance, technology architecture and significant technology investments and approve related plans or policies or recommend such plans and policies to the Board for approval, as appropriate;
- receive from management regular updates regarding corporate-wide compliance with laws and regulations;
- semi-annually present, among other things, corporate-wide compliance with laws and regulations to the Audit Committee of the Board;
- escalate to the Audit Committee for discussion at a joint session of the Audit and Risk Committees any items that have a significant financial statement impact or require significant financial statement/regulatory disclosures; and
- escalate other significant issues, including, but not limited to, significant compliance issues, as soon as deemed necessary by the Committee to a joint session of the Audit and Risk Committees.
Annual Performance Evaluation and Charter Review
Annually, there shall be a performance evaluation of the Committee, which may be a self-evaluation or an evaluation employing such other resources or procedures as the Committee and the Corporate Governance and Nominating Committee may deem appropriate. The Committee will review and assess the adequacy of this Charter annually and recommend changes to the Board of Directors when necessary. The Charter and any amendments to it must be approved by the Board of Directors.
Approved: April 11, 2017