Risk Policy Committee Charter


The purpose of the Board of Director's Risk Policy Committee ("DRPC") is to approve and periodically review the primary risk-management policies of the bank holding company's global operations and oversee the operation of the bank holding company's global risk management framework.

The Committee's responsibilities include oversight of management's exercise of its responsibility to assess and manage:

1 credit risk, market risk, structural interest rate risk, principal risk, liquidity risk, country risk and model risk;
2 the governance frameworks or policies for operational, fiduciaryfootnote 1, reputational risks and New Business Initiative Approval (NBIA); and
3 capital and liquidity planning and analysis.

Primary responsibility for assisting the Board in its oversight of legal risk, compliance and operational risk, including the NBIA process, rests with the Audit Committee.  Each committee of the Board oversees reputational risks within its scope of responsibility.

Top of page



The DRPC shall be composed solely of non-management directors, not fewer than three in number.


Each member of the DRPC shall meet the independence standards of the New York Stock Exchange corporate governance listing standards as of the Firm's most recent annual meeting, as applied to members of the Audit Committee, and the Firm's standards of independence as provided in the Corporate Governance Principles of the Board. The DRPC shall be chaired by an independent director as defined in the regulations of the Federal Reserve.

6 Membership on the DRPC is reviewed each year by the Corporate Governance & Nominating Committee and approved by the Board, which also designates a Chair for the committee. Each DRPC member and Chair serves at the pleasure of the Board.
7 The DRPC membership shall, in the determination of the Board, consist of the appropriate backgrounds and experience to discharge the oversight responsibilities of the DRPC, and the DRPC membership shall meet all applicable regulatory or legal requirements regarding expertise and other qualifications.  At least one member shall have experience in identifying, assessing and managing risk exposures of large, complex financial firms.
Top of page


8 The DRPC shall meet as often as it determines is appropriate, but not less frequently than quarterly. The Chair, or Chair’s designee, shall preside at all meetings of the DRPC and shall set the agenda.
9 The DRPC shall meet periodically with the Chief Risk Officer in private sessions to discuss any matters that the DRPC or the Chief Risk Officer believes should be discussed, and the DRPC shall also meet periodically in executive sessions. Such sessions shall generally be held in conjunction with each regularly scheduled meeting of the DRPC.
10 The DRPC may ask any officer or employee of the Firm to attend the meeting of the DRPC or for such persons to meet with any members of, or advisors to, the DRPC.
11 The DRPC has authority to retain advisers when it deems appropriate, including approval of fees and terms of retention, without the prior permission of the Board or management, and shall be provided the necessary resources for such purposes.
12 The DRPC shall report periodically to the Board, generally at the next regularly scheduled Board meeting following a DRPC meeting, on actions taken and significant matters reviewed by the DRPC.
13 The DRPC shall meet not less then semi-annually with the Audit Committee on topics of common interest or other matters as required by law, regulation or agreement.  
14 The DRPC or its Chairman shall meet not less than annually with the Compensation & Management Development Committee of the Board to assist that committee in its review of the Firm's compensation practices, including policies with respect to the compensation of risk professionals, and the relationship among risk, risk management and compensation in light of the Firm’s objectives, including its safety and soundness and the avoidance of compensation practices that would encourage excessive risk taking.
Top of page

Duties and responsibilities of the DRPC

A The DRPC shall, with respect to credit risk, market risk, structural interest rate risk, principal risk, liquidity risk, country risk and model risk, and the governance frameworks and/or policies for operational, fiduciary, reputational risks and New Business Initiative Approval (NBIA):
15 Approve the Firm’s Risk Appetite Policy and annually review and approve any material changes to such policy.  Approve such policies as may be designated by the DRPC as Primary Risk Policies, and annually review and approve any material changes to such policies. (footnote See Note 1.)
16 Receive reports on risk appetite results with respect to the reference ranges.
17 Review a report to be submitted periodically by the Chief Risk Officer to the DRPC and to the Audit Committee on:
  • The Firm’s risk management control environment, including: the establishment, review, and compliance with limits; staffing; and independence of the risk function.
  • Any material issues regarding risk management raised by internal audit reports rated less than satisfactory or by regulatory reports identifying matters requiring attention.
18 Meet periodically with the CEOs of the lines of business and with the Chief Investment Officer.
B The DRPC shall, with respect to evaluating that there is in place an effective system of controls reasonably designed to evaluate and control risk throughout the Firm:

Review firmwide value-at-risk and market stress tolerances, as well as any other parameter tolerances established by management in accordance with the Firm’s Risk Appetite Policy.  The DRPC Chair shall be notified promptly of firmwide breaches

20 Review such other key metrics agreed to with management and performance against such metrics.
21 Review reports of significant issues identified by risk management officers, including reports describing the Firm’s credit risk profile, and information about concentrations and country risks.
22 Review reports on material credit and valuation reserves.

The DRPC shall, with respect to capital and liquidity analysis and planning:

23 Review the Firm’s allocation of capital.
24 Unless reviewed and approved by the Board as a whole, review and approve the Firm’s Internal Capital Adequacy Assessment Process, the Recovery Plan and the annual capital plan.
25 Review liquidity risk guidelines, reports from management pertaining to liquidity risk, and any material changes recommended to existing liquidity or funding guidelines. If liquidity management issues develop between meetings of the DRPC that the Chief Financial Officer believes could have a material adverse impact on the Firm, the Chief Financial Officer will promptly report such issues to the Chairman of the DRPC.
26 With respect to liquidity risk management, approve the contingency funding plan at least annually, and approve any material revisions to the plan.
27 Review the acceptable level of liquidity risk that the Firm may assume in connection with its operating strategies (liquidity risk reference ranges) at least annually, and bring to the Board annually for its approval.
28 Receive and review at least semi-annually information provided by senior management to determine whether the Firm is operating in accordance with its established liquidity risk reference range, and bring to the Board semi-annually for its review.
29 Review periodically the liquidity risk-management strategies, policies, and procedures established by senior management, and bring to the Board for its approval and periodic review.
Top of page

DRPC oversight of senior management

30 The Firm’s Chief Risk Officer shall report to the CEO and the DRPC.
31 The DRPC shall consult with the CEO and concur in the appointment, evaluation and any replacement, reassignment, or dismissal of the Chief Risk Officer. The DRPC or its Chair shall consult with the CEO and the Compensation & Management Development Committee or its Chair on the compensation of the Chief Risk Officer. The DRPC also reviews the performance and succession planning of the CRO’s direct reports.
32 The DRPC shall review the Chief Risk Officer’s proposed priorities, budget and staffing plans annually.
33 The Chief Risk Officer and the Chief Risk Officers for each line of business will, at each regularly scheduled meeting, discuss with the DRPC any concerns that they reasonably believe could be material to the Firm or to a line of business. Such officers shall also describe any actions that have been or are planned to be taken to address such concerns.
34 If risk management issues develop between meetings of the DRPC that the Chief Risk Officer believes could have a material adverse impact on the Firm, the Chief Risk Officer will promptly report such issues to the Chairman of the DRPC.
35 The DRPC shall, together with the Audit Committee, review reports prepared by Internal Audit regarding the performance of the risk management function.
Top of page

Action on behalf of national bank subsidiaries

36 The DRPC has full and complete authority to act for and on behalf of the Firm’s national bank subsidiaries (the “Banks”) in the exercise of the risk committee responsibilities of the Banks, pursuant to authority granted to the DRPC by the By-laws of the Banks and by the Board of Directors of JPMorgan Chase & Co.  In furtherance of such responsibilities, the DRPC has a duty to seek to preserve the safety and soundness of the Banks and exercises its oversight of Banks’ risk committee matters with the understanding that the Banks’ interests are not to be subordinated to the interests of the parent holding company in a way as to jeopardize the safety and soundness of the Banks.
Top of page

Charter Review

37 The DRPC shall review, at least annually, the committee’s charter and recommend any proposed changes to the Corporate Governance & Nominating Committee and the Board for approval. The DRPC shall conduct, and report to the Board, the results of an annual performance evaluation of the DRPC.  This evaluation shall compare the performance of the DRPC with the requirements of this charter.

1Pursuant to OCC regulation, the firm's national banks must conduct an audit of all significant fiduciary activities and report any significant findings to the Audit Committee. The Audit Committee also receives reports on firmwide fiduciary risk as part of its oversight of compliance and legal risks. In addition, the Compensation & Management Development Committee exercises authority over the corporation's own benefit plans.

Note 1 As of July 15, 2014, the DRPC has designated the following as Primary Risk Policies: Capital Management, Consumer Risk Management, Country Risk Management, Liquidity Risk Oversight & Liquidity Management, Market Risk Management, Model Risk Management, Operational Risk Management, Principal Risk Management, Reputation Risk Management, Risk Appetite, Risk Management, Governance, Interest Rate Risk Management, Wholesale Credit Risk Management Principles, and Fiduciary Risk Management.

Top of page