Risk Committee Charter

(as amended October 25, 2017)

Purpose

The Committee is appointed by the Board of Directors to assist the Board in its oversight of (i) the Company’s global enterprise risk management framework, (ii) the Company’s capital, liquidity and funding planning and strategy, (iii) the Company’s risk appetite statement, including risk limits and tolerances (“Risk Appetite Statement”) and (iv) the performance of the Company’s Chief Risk Officer. 

Risk assessment and risk management are the responsibility of the Company’s management. The Committee’s responsibility in this regard is one of oversight and review. 

Membership

  1. The Committee shall be comprised of at least three Board members appointed by the Board after considering the recommendation of the Nominating and Governance Committee.  Committee members shall meet applicable legal and regulatory criteria. The Board shall designate one Committee member, which Committee member shall satisfy applicable independence standards, as the Committee’s chair (the “Chair”).

  2. A majority of the Committee members shall have no material relationship with the Company and shall otherwise satisfy the independence requirements of the Company and the New York Stock Exchange.

Operations

  1. The Committee shall hold regular meetings at least four times per year and report to the Board on a regular basis.  Meetings shall include any participants the Committee deems appropriate and shall be of sufficient duration and scheduled at such times as the Committee deems appropriate to discharge properly its responsibilities.  The Chairman and Chief Executive Officer, Chief Risk Officer, Chief Financial Officer, Chief Legal Officer, Chief Compliance Officer and head of the Internal Audit department (the “Global Audit Director”) shall generally attend all regularly scheduled quarterly meetings of the Committee.

  2. The Committee shall meet, as deemed necessary and appropriate, with management, including the Chief Risk Officer and Chief Financial Officer, in separate executive sessions.

  3. The Committee shall receive information and participate in informal meetings and briefings with management, including the Chief Risk Officer, Chief Financial Officer, Chief Legal Officer, Chief Compliance Officer and Global Audit Director, as necessary and appropriate between formal meetings of the Committee.  Such briefings and informal meetings may be through the Committee Chair or individual Committee members, as appropriate.

  4. The Committee, or the Chair or other individual committee members, may meet with regulators as requested or when determined appropriate, regarding matters applicable to the mandate of the Committee.

  5. The Committee may form and delegate to one or more subcommittees all or any portion of the Committee’s authority, duties and responsibilities, and may establish such rules as it determines necessary or appropriate to conduct the Committee’s business.

  6. The Committee shall have direct access to, and complete and open communication with, the Company’s management, including the Chief Risk Officer and other employees of the Risk Department, and may obtain advice and assistance from internal legal, risk or other advisors. The Committee may retain independent legal, risk or other advisors.

  7. The Company shall provide for appropriate funding, as determined by the Committee, for the payment of (i) ordinary administrative expenses of the Committee that are necessary or appropriate in carrying out its duties and responsibilities and (ii) compensation to independent legal, risk and other advisors retained by the Committee.

  8. The Committee shall review and assess annually its performance and report the results to the Board.

  9. The Committee shall review and assess annually the adequacy of this charter and, if appropriate, recommend changes to the charter to the Board.

Authority, Duties and Responsibilities

The Committee shall: 

Oversight of Capital, Liquidity and Funding Planning 

  1. Receive reports, as necessary and appropriate, from management, including the Company’s management level enterprise risk management committees, regarding the Company’s capital adequacy, Comprehensive Capital Analysis and Review and Dodd-Frank Act Stress Testing. 

  2. Review and approve annually, unless reviewed and approved by the Board as a whole, the effectiveness of the Company’s Basel III advanced systems and the Company’s Comprehensive Capital Analysis and Review and Dodd-Frank Act Stress Testing submissions. 

  3. Review at least quarterly the Company’s capital, liquidity and funding strategy and planning and steps management has taken to manage capital, liquidity and funding against established risk methodologies, including the liquidity risk tolerance. 

  4. Review and approve annually (and when material changes are proposed) the Company’s significant capital, liquidity and funding guidelines and policies. 

  5. Review and approve annually (and when material changes are proposed) the contingency funding plan. 

Oversight of Resolution and Recovery Planning

  1. Receive reports, as necessary and appropriate, from management, including the Company’s management level enterprise risk management committees, regarding the Company’s Title I Resolution Plan and Recovery Plan. 

  2. Review and approve annually, unless reviewed and approved by the Board as a whole, the Company’s Title I Resolution Plan. 

Oversight of Risk Management

  1. Oversee the Company’s global enterprise risk management framework and Risk Appetite Statement, including the ongoing alignment of the Risk Appetite Statement with the Company’s strategy and capital plans. 

  2. Review at least quarterly the major risk exposures of the Company and its business units, including market, credit, operational, liquidity, model and reputational risk, against established risk measurement methodologies and the steps management has taken to monitor and control such exposures. 

  3. Oversee the Company’s risk identification framework.

  4. Receive reports from the Chief Risk Officer and the Risk Department and the Chief Financial Officer and the Corporate Treasury Department at least quarterly (and other internal departments as necessary to fulfill the Committee’s duties and responsibilities). 

  5. Receive reports, as necessary and appropriate, from the Global Audit Director regarding the results of reviews and assessments of the risk management, liquidity and capital functions. 

  6. Receive reports, as necessary and appropriate, regarding significant new product risk, emerging risks and regulatory matters related to the Committee’s authority, duties and responsibilities as set forth in this charter. 

  7. Review and recommend for the Board’s approval annually (and when material changes are proposed) the Company’s Global Risk Management Principles, including the Risk Appetite Statement, and the Company’s other significant risk management and risk assessment guidelines and policies, as appropriate. 

  8. Receive reports, as necessary and appropriate, from management, including the Company’s management level enterprise risk management committees, regarding strategic transactions and investments reviewed.

  9. Receive reports, as necessary and appropriate, on risk data controls and governance, including material limitations in risk data aggregation and reporting capabilities.

  10. The Chief Risk Officer, Chief Compliance Officer and Global Audit Director each shall have access to communicate with the Committee on any matter relevant to risk and compliance. 

Oversight of Risk Tolerance 

  1. Receive, as and when appropriate, reports and recommendations from management and the Company’s internal Firm Risk Committee on risk tolerance. 

  2. Oversee the Company’s process and significant policies for determining risk tolerance and review management’s measurement and comparison of overall risk tolerance to established limits. 

  3. As appropriate, confirm risk tolerance levels and capital targets and limits as set forth in the Risk Appetite Statement. 

Oversight of Regulatory Requirements

  1. Review significant risk management regulatory reports and findings of regulators, as applicable to the mandate of the Committee, including management’s remediation plans and progress against such plans. 

Oversight of the Chief Risk Officer and Risk Management Function 

  1. Approve the appointment and, when and if appropriate, replacement of the Chief Risk Officer, who shall report directly to the Committee as well as to the Chief Executive Officer and who shall have qualifications commensurate with applicable legal and regulatory guidance relating to risk management expertise. 

  2. Review and evaluate annually the qualifications, performance and compensation of the Chief Risk Officer.

  3. Review with the Chief Risk Officer the adequacy of staffing and resources of the risk management function. 

Coordination with Management and Other Board Committees

  1. Coordinate with management, including the Chief Risk Officer, and the Audit Committee and Operations and Technology Committee (which coordination may be through the Committee Chair), to help ensure that the committees have received the information necessary to permit them to fulfill their duties and responsibilities with respect to oversight of risk management and risk assessment guidelines and policies. 

  2. Coordinate with the Compensation, Management Development and Succession Committee (which coordination may be through the Committee Chair) in relation to that committee’s role with respect to risk matters related to compensation. 

  3. Coordinate with the Chief Executive Officer and the Compensation, Management Development and Succession Committee (which coordination may be through the Committee Chair) in relation to the compensation of the Chief Risk Officer and consideration of risk assessment and risk management matters as they relate to compensation, including ensuring compensation practices are consistent with the safety and soundness of the Company and do not encourage excessive risk taking. 

Other Authority 

  1. Make such recommendations with respect to any of the above and other matters as the Committee deems necessary or appropriate. 

  2. Have such other authority, duties and responsibilities as may be delegated to the Committee by the Board.