(1) General. A covered savings and loan holding subject to this subpart must
maintain a risk committee that approves and periodically reviews the
risk-management policies of the covered savings and loan holding company’s
global operations and oversees the operation of the covered savings
and loan holding company’s global risk-management framework. The risk
committee’s responsibilities include liquidity risk-management as
set forth in section 238.123(b).
(2) Risk-management
framework. The covered savings and loan holding company’s global
risk-management framework must be commensurate with its structure,
risk profile, complexity, activities, and size and must include:
(i) Policies and procedures establishing risk-management governance,
risk-management procedures, and risk-control infrastructure for its
global operations; and
(ii) Processes and systems for implementing and monitoring compliance
with such policies and procedures, including:
(A) Processes
and systems for identifying and reporting risks and risk-management
deficiencies, including regarding emerging risks, and ensuring effective
and timely implementation of actions to address emerging risks and
risk-management deficiencies for its global operations;
(B) Processes and systems for
establishing managerial and employee responsibility for risk management;
(C) Processes and systems
for ensuring the independence of the risk-management function; and
(D) Processes and systems
to integrate risk management and associated controls with management
goals and its compensation structure for its global operations.
(3) Corporate
governance requirements. The risk committee must:
(i) Have
a formal, written charter that is approved by the covered savings
and loan holding company’s board of directors;
(ii) Be an independent committee of
the board of directors that has, as its sole and exclusive function,
responsibility for the risk-management policies of the covered savings
and loan holding company’s global operations and oversight of the
operation of the covered savings and loan holding company’s global
risk-management framework;
(iii) Report directly to the covered
savings and loan holding company’s board of directors;
(iv) Receive and review
regular reports on not less than a quarterly basis from the covered
savings and loan holding company’s chief risk officer provided pursuant
to paragraph (b)(3)(ii) of this section; and
(v) Meet at least quarterly, or more
frequently as needed, and fully document and maintain records of its
proceedings, including risk-management decisions.
(4) Minimum member requirements. The risk committee must:
(i) Include
at least one member having experience in identifying, assessing, and
managing risk exposures of large, complex financial firms; and
(ii) Be chaired by
a director who:
(A) Is not an officer or employee of the covered
savings and loan holding company and has not been an officer or employee
of the covered savings and loan holding company during the previous
three years;
(B) Is not
a member of the immediate family, as defined in section 238.31(b)(3),
of a person who is, or has been within the last three years, an executive
officer of the covered savings and loan holding company, as defined
in section 215.2(e)(1) of this chapter; and
(C)(1) Is an independent
director under Item 407 of the Securities and Exchange Commission’s
Regulation S-K (17 CFR 229.407(a)), if the covered savings and loan
holding company has an outstanding class of securities traded on an
exchange registered with the U.S. Securities and Exchange Commission
as a national securities exchange under section 6 of the Securities
Exchange Act of 1934 (15 U.S.C. 78f) (national securities exchange);
or
(2) Would qualify as an independent director under the listing
standards of a national securities exchange, as demonstrated to the
satisfaction of the Board, if the covered savings and loan holding
company does not have an outstanding class of securities traded on
a national securities exchange.
(1) General. A covered savings and loan holding company subject to this subpart
must appoint a chief risk officer with experience in identifying,
assessing, and managing risk exposures of large, complex financial
firms.
(2) Responsibilities.
(i) The
chief risk officer is responsible for overseeing:
(A) The establishment
of risk limits on an enterprise-wide basis and the monitoring of compliance
with such limits;
(B) The
implementation of and ongoing compliance with the policies and procedures
set forth in paragraph (a)(2)(i) of this section and the development
and implementation of the processes and systems set forth in paragraph
(a)(2)(ii) of this section; and
(C) The management of risks and risk controls
within the parameters of the company’s risk control framework, and
monitoring and testing of the company’s risk controls.
(ii) The chief risk
officer is responsible for reporting risk-management deficiencies
and emerging risks to the risk committee and resolving risk-management
deficiencies in a timely manner.
(3) Corporate governance requirements.
(i) The covered savings
and loan holding company must ensure that the compensation and other
incentives provided to the chief risk officer are consistent with
providing an objective assessment of the risks taken by the covered
savings and loan holding company; and
(ii) The chief risk officer must report
directly to both the risk committee and chief executive officer of
the company.
