Risk Policy Committee Charter
The purpose of the Board of Director's Risk Policy Committee ("DRPC") is to assist the Board in its oversight of management's exercise of its responsibility to:
- 1. Assess and manage the Firm's credit risk, market risk, structural interest rate risk, investment risk, liquidity risk, fiduciary risk and model risk.
- 2. Ensure that there is in place an effective system reasonably designed to evaluate and control such risk throughout the Firm.
- 3. Manage capital and liquidity planning and analysis.
Primary responsibility for assisting the Board in its oversight with respect to operating risk, legal risk and compliance rests with the Audit Committee. Each committee of the Board oversees reputation risk issues within its scope of responsibility.
Top of page
- 4. The DRPC shall be composed solely of non-management directors, not fewer than three in number.
- 5. Each member of the DRPC shall meet the independence standards of the New York Stock Exchange corporate governance listing standards as of the Firm's most recent annual meeting, as applied to members of the Audit Committee, and the Firm's standards of independence as provided in the Corporate Governance Principles of the Board.
- 6. Membership on the DRPC is reviewed each year by the Corporate Governance & Nominating Committee and approved by the Board, which also designates a Chair for the committee. Each DRPC member and Chair serves at the pleasure of the Board.
- 7. The DRPC membership shall, in the determination of the Board, consist of the appropriate backgrounds and experience to discharge the oversight responsibilities of the DRPC, and the DRPC membership shall meet all applicable regulatory or legal requirements regarding expertise and other qualifications.
Top of page
- 8. The DRPC shall meet as often as it determines is appropriate, but not less frequently than quarterly. The Chair shall preside at all meetings of the DRPC and shall set the agenda.
- 9. The DRPC shall meet periodically with the Chief Risk Officer in private sessions to discuss any matters that the DRPC or the Chief Risk Officer believes should be discussed, and the DRPC shall also meet periodically in executive sessions. Such sessions shall generally be held in conjunction with each regularly scheduled meeting of the DRPC.
- 10. The DRPC may ask any officer or employee of the Firm to attend the meeting of the DRPC or for such persons to meet with any members of, or advisors to, the DRPC.
- 11. The DRPC has authority to retain advisers when it deems appropriate, including approval of fees and terms of retention, without the prior permission of the Board or management, and shall be provided the necessary resources for such purposes.
- 12. The DRPC shall report periodically to the Board, generally at the next regularly scheduled Board meeting following a DRPC meeting, on actions taken and significant matters reviewed by the DRPC.
- 13. The DRPC shall meet not less then semi-annually with the Audit Committee on topics of common interest.
- 14. The DRPC or its Chairman shall meet not less than annually with the Compensation & Management Development Committee of the Board to assist that committee in its review of the Firm's compensation practices, including policies with respect to the compensation of risk professionals, and the relationship among risk, risk management and compensation in light of the Firm's objectives, including its safety and soundness and the avoidance of compensation practices that would encourage excessive risk
Top of page
The DRPC shall have the following duties and responsibilities with respect to oversight of:
A. Management's responsibility to assess and manage the Firm's credit risk, market risk, structural interest rate risk, investment risk, liquidity risk, fiduciary risk and model risk.
The DRPC shall:
- 15. Approve the Firm's Risk Appetite Policy, annually review and approve any material changes to such policy, and receive reports of actual and forecast instances when the Firm has exceeded or is forecast to exceed its risk appetite tolerances.
- 16. Approve such policies as may be designated by the DRPC as Primary Risk Policies, and annually review and approve any material changes to such policies. (See Note 1.)
- 17. Review a report to be submitted periodically by the Chief Risk Officer to the DRPC and to the Audit Committee on:
- The Firm's risk management control environment, including: the establishment, review, and compliance with limits; staffing; independence of the risk function; and the adequacy of reporting structures.
- Any material issues regarding risk management raised by internal audit reports rated less than satisfactory or by regulatory reports identifying issues as matters requiring attention.
- Other matters as required by law, regulation or agreement.
- 18. Meet periodically with the CEOs of the lines of business and with the Chief Investment Officer.
B. Management's responsibility to ensure that there is in place an effective system of controls reasonably designed to evaluate and control risk throughout the Firm.
The DRPC shall:
- 19. Review firmwide value-at-risk and stress limits established by management in accordance with the Firm's Risk Appetite Policy and be notified promptly of any excesses.
- 20. Review such other key metrics agreed to with management and performance against such metrics.
- 21. Review reports of significant issues identified by risk management officers, including reports describing the Firm's credit risk profile, information about concentrations including country risks, and material limits excesses.
- 22. Review reports on credit and valuation reserves.
C. Management's responsibility to conduct capital and liquidity analysis and planning.
The DRPC shall:
- 23. Review the Firm's capital allocation.
- 24. Unless reviewed and approved by the Board as a whole, review and approve the Firm's Internal Capital Adequacy Assessment Process, the Recovery Plan and the annual capital plan.
- 25. Review liquidity risk guidelines, reports from management pertaining to liquidity risk, and any material changes recommended to existing liquidity or funding guidelines. If liquidity management issues develop between meetings of the DRPC that the Chief Financial Officer believes could have a material adverse impact on the Firm, the Chief Financial Officer will promptly report such issues to the Chairman of the DRPC.
D. Management's responsibility to provide effective risk management.
- 26. The Firm's Chief Risk Officer reports to the CEO and is accountable to the Board, primarily through the DRPC.
- 27. The DRPC shall consult with the CEO and concur in the appointment, evaluation and any replacement, reassignment, or dismissal of the Chief Risk Officer. The DRPC or its Chair shall consult with the CEO and the Compensation & Management Development Committee or its Chair on the compensation of the Chief Risk Officer.
- 28. The DRPC shall review the Chief Risk Officer's proposed priorities, budget and staffing plans annually.
- 29. The Chief Risk Officer and the Chief Risk Officers for each line of business will, at each regularly scheduled meeting, discuss with the DRPC any concerns that they believe could reasonably be material to the Firm or to a line of business. Such officers shall also describe any actions that have been or are planned to be taken to address such concerns.
- 30. If risk management issues develop between meetings of the DRPC that the Chief Risk Officer believes could have a material adverse impact on the Firm, the Chief Risk Officer will promptly report such issues to the Chairman of the DRPC.
- 31. The DRPC shall, together with the Audit Committee, review reports prepared by Internal Audit regarding the performance of the risk management function.
E. Management's responsibility to manage the Firm's fiduciary risk.
- 32. The DRPC is responsible for oversight of the Firm's fiduciary risks, including those arising from asset management activities. In that capacity, the DRPC reviews the oversight structure for fiduciary activities, reviews general policies and receives reports regarding these activities.
Top of page
- 33. The DRPC shall review, at least annually, the committee's charter and recommend any proposed changes to the Corporate Governance & Nominating Committee for approval. The DRPC shall conduct, and report to the Board, the results of an annual performance evaluation of the DRPC. This evaluation shall compare the performance of the DRPC with the requirements of this charter.
As of March 19, 2013, the DRPC has designated the following as Primary Risk Policies: Capital Risk Management, Consumer Risk Management, Country Risk Management, Liquidity Risk Management, Market Risk Management, Model Risk Policy, Operational Risk Management, Principal Risk Management, Reputation Risk, Risk Appetite, Risk Management Governance, and Wholesale Credit Risk Management.
Top of page