The purpose of the Board of Directors’ Risk Policy Committee (“DRPC”) is to assist the Board in its oversight of the operation of the Firm’s global risk management framework and to approve and periodically review the primary risk-management policies of the Firm’s global operations.
The Committee’s responsibilities include oversight of management’s exercise of its responsibility to assess and manage:
- credit risk, market risk, investment risk, liquidity risk, country risk, estimations and model risk, operational risk, and compliance risk including fiduciary risk;
- the governance frameworks or policies for risk identification, risk appetite, reputational risk, and conduct risk; and
- capital and liquidity planning and analysis.
The DRPC oversees reputational risks and conduct risks within its scope of responsibility.
- The DRPC shall be composed solely of non-management directors, not fewer than three in number.
- Each member of the DRPC shall meet the independence standards of the New York Stock Exchange corporate governance listing standards as of the Firm’s most recent annual meeting, as applied to members of the Audit Committee, and the Firm’s standards of independence as provided in the Corporate Governance Principles of the Board. The DRPC shall be chaired by an independent director as defined in the regulations of the Federal Reserve.
- Membership on the DRPC is reviewed each year by the Corporate Governance & Nominating Committee and approved by the Board, which also designates a Chair for the committee. Each DRPC member and Chair serves at the pleasure of the Board.
- The DRPC membership shall, in the determination of the Board, consist of the appropriate backgrounds and experience to discharge the oversight responsibilities of the DRPC, and the DRPC membership shall meet all applicable regulatory or legal requirements regarding expertise and other qualifications. At least one member shall have experience in identifying, assessing and managing risk exposures of large, complex financial firms.
- The DRPC shall meet as often as it determines is appropriate, but not less frequently than quarterly. The Chair, or Chair’s designee, shall preside at all meetings of the DRPC and shall set the agenda.
- The DRPC shall meet periodically with the Chief Risk Officer in private sessions to discuss any matters that the DRPC or the Chief Risk Officer believes should be discussed, and the DRPC shall also meet periodically in executive sessions. Such sessions shall generally be held in conjunction with each regularly scheduled meeting of the DRPC.
- The DRPC may ask any officer or employee of the Firm to attend the meeting of the DRPC or for such persons to meet with any members of, or advisors to, the DRPC.
- The DRPC has authority to retain advisers when it deems appropriate, including approval of fees and terms of retention, without the prior permission of the Board or management, and shall be provided the necessary resources for such purposes.
- The DRPC shall report periodically to the Board, generally at the next regularly scheduled Board meeting following a DRPC meeting, on actions taken and significant matters reviewed by the DRPC.
- The DRPC shall review and approve matters as required by law, regulation or agreement.
- The DRPC or its Chairman shall meet not less than annually with the Compensation & Management Development Committee of the Board to assist that committee in its review of the Firm’s compensation practices, including policies with respect to the compensation of risk professionals, and the relationship among risk, risk management and compensation in light of the Firm’s objectives, including its safety and soundness and the avoidance of compensation practices that would encourage excessive risk taking.
A. The DRPC shall, with respect to credit risk, market risk, investment risk, liquidity risk, country risk, estimations and model risk, operational risk, and compliance risk including fiduciary risk, and the governance frameworks or policies for risk identification, risk appetite, reputational risk, and conduct risk:
- Approve the Firm’s Risk Appetite Policy and annually review and approve any material changes to such policy. Approve such policies as may be designated by the DRPC as Primary Risk Policies, and annually review and approve any material changes to such policies.
- Receive reports on Risk Appetite results against defined risk appetite levels for quantitative parameters and qualitative factors. The DRPC Chair shall be notified promptly if Risk Appetite results have exceeded or are forecasted to exceed risk appetite levels. The DRPC shall review firmwide value-at-risk and market stress limits, and the DRPC Chair shall be notified promptly of firmwide breaches.
- Receive, periodically, from management for Risk and Compliance, as appropriate, communications and presentations on significant control issues in internal audit reports, management letters, and regulatory authorities’ examination reports, and such other significant control matters that are identified by the relevant function, as appropriate, and the resolution status thereof.
- Meet periodically with the CEOs of the lines of business and with the Chief Investment Officer.
B. The DRPC shall, with respect to evaluating that there is in place an effective system of controls reasonably designed to evaluate and control risk throughout the Firm:
- Review and approve, as appropriate, parameters, limits and/or thresholds as requested by management. The DRPC Chair shall be notified promptly of firmwide breaches.
- Review such other key metrics agreed to with management and performance against such metrics.
- Review reports of significant risk issues identified by management.
C. The DRPC shall, with respect to capital and liquidity analysis and planning:
- Review and approve the Capital Management Policy.
- Unless reviewed and approved by the Board as a whole, review and approve the Firm’s Recovery Plan and the annual capital plan.
- Review analysis of the Firm’s liquidity risk. If liquidity management issues develop between meetings of the DRPC that the Chief Financial Officer believes could have a material adverse impact on the Firm, the Chief Financial Officer will promptly report such issues to the Chair of the DRPC.
- With respect to liquidity risk management, approve the contingency funding plan at least annually, and approve any material revisions to the plan.
- Review the acceptable level of liquidity risk that the Firm may assume in connection with its operating strategies (liquidity risk tolerances) at least annually, and bring to the Board annually for its approval.
- Receive and review at least semi-annually information provided by senior management to determine whether the Firm is operating in accordance with its established liquidity risk tolerances, and bring to the Board semi-annually for its review.
- Review periodically the liquidity risk-management strategies, policies, and procedures established by senior management, and bring to the Board for its approval and periodic review.
- The Firm’s Chief Risk Officer shall report to the CEO and the DRPC.
- The DRPC shall consult with the CEO and shall approve the appointment, evaluation, replacement, reassignment, or dismissal of the Chief Risk Officer. The DRPC or its Chair shall consult with the CEO and the Compensation & Management Development Committee or its Chair and approve the compensation and succession planning of the Chief Risk Officer. The DRPC shall also review the performance and approve the succession planning of the Chief Risk Officer’s direct reports.
- The DRPC shall review the Chief Risk Officer’s proposed priorities, budget and staffing plans annually.
- The Chief Risk Officer, the Chief Risk Officers for each line of business, the Chief Compliance Officer for the Firm, and other direct reports of the Chief Risk Officer (as appropriate) will, at each regularly scheduled meeting, discuss with the DRPC any concerns that they reasonably believe could be material to the Firm or to a line of business. Such officers shall also describe any actions that have been or are planned to be taken to address such concerns.
- If risk management issues develop between meetings of the DRPC that the Chief Risk Officer believes could have a material adverse impact on the Firm, the Chief Risk Officer will promptly report such issues to the Chair of the DRPC.
- The DRPC shall, together with the Audit Committee, review audit results prepared by Internal Audit assessing the effectiveness of the risk governance framework, and the DRPC may also meet with the Audit Committee on such other topics of common interest or other matters as required by law, regulation or agreement. The Chief Risk Officer and the Chief Compliance Officer each shall have access to communicate with the DRPC on any matter relevant to risk and compliance.
- The DRPC has full and complete authority to act for and on behalf of the Firm’s national bank subsidiaries (the “Banks”) in the exercise of the risk committee responsibilities of the Banks, pursuant to authority granted to the DRPC by the By-laws of the Banks and by the Board of Directors of JPMorgan Chase & Co. In furtherance of such responsibilities, the DRPC has a duty to seek to preserve the safety and soundness of the Banks and exercises its oversight of the Banks’ risk committee matters with the understanding that the Banks’ interests are not to be subordinated to the interests of the parent holding company in a way as to jeopardize the safety and soundness of the Banks.
- The DRPC shall review, at least annually, the committee’s charter and recommend any proposed changes to the Corporate Governance & Nominating Committee and the Board for approval. The DRPC shall conduct, and report to the Board, the results of an annual performance evaluation of the DRPC, which evaluation shall include a comparison of the performance of the DRPC with the requirements of this charter.
Effective July 2018