The Board has established a committee to be known as the Board Risk Committee (BRC) to assist it in fulfilling its oversight responsibilities for risk management across the Society.
The BRC is authorised by the Board to:
• Investigate any matter within its Terms of Reference.
• seek any information it requires from any employee. All employees are directed to co-operate with any reasonable request made by the Committee.
• Obtain, at the Society's expense, outside advice and support on any risk issue and to arrange for the attendance of other persons with relevant experience and expertise if it considers this necessary.
The BRC shall have regard to any relevant advice from the Board Audit Committee or the internal audit function concerning the effectiveness of the Society’s current risk management and internal control arrangements including the Enterprise Risk Management Framework (ERMF).
The BRC will:
- review and approve the Society’s risk strategy, culture and principles, challenging as appropriate to ensure a risk culture that puts Members First and ensures the Society's maintains adequate capital and liquidity levels throughout the economic cycle.
- approve and oversee implementation and maintenance of the ERMF.
- review key risk policies and frameworks including risk appetite statements.
- assure itself and the Board that current and potential risk exposures are being managed appropriately.
Meetings and membership
The BRC will be chaired by a Non-Executive Director (other than the Board Chairman) as appointed from time to time by the Board.
The BRC will comprise the BRC Chairman, the Chairman of the Audit Committee and two other Non-Executive Directors. The Committee may operate with a vacancy.
The Chief Executive, Finance Director, Chief Risk Officer and the Chief Operating Officer will attend meetings of the Committee. Any other employee of the Society may be asked to attend meetings as required. Board Directors (both Executive and Non-Executive) who are not members of the Committee may also attend meetings if they so wish.
The BRC will meet as a minimum on an alternate monthly basis.
Meetings of the BRC will be quorate if there are present at least three BRC members. If the Chairman is absent the other members present will choose one of their number to chair the meeting.
The General Counsel & Secretary or their nominee will be secretary to the BRC.
Formal minutes of the meetings of the BRC will be taken and circulated to members and other regular attendees for the relevant meeting.
A summary of each meeting will be submitted to the Board in the following month. In addition, the Chairman of the BRC will verbally report to the Board after each meeting of the BRC.
The Chairman of the Committee or another of its members will be available at the Society’s AGM to answer questions on matters falling within the Committee’s remit.
The Chief Risk Officer has a functional reporting line to the Chairman of the BRC.
Duties of the Committee
The Committee shall have the following responsibilities:
1. Risk Appetite
1.1 Consider annually and recommend for approval by the Board the Society’s risk appetite and supporting metrics. The appetite should be aligned with the Strategic Plan, capital and risk stress testing framework and the principal risks that the Society faces.
1.2 Review the Society’s credit risk appetite statement quarterly with regard to its continued applicability and recommend changes to the Board in line with relevant regulatory guidance.
2. Risk Control Framework and Policies
2.1 Review the ERMF annually with specific reference to the risk strategy, risk culture and risk governance principles and determine whether the ERMF should be recommended to the Board.
2.2 Review the risk categories annually to determine which should be deemed Principal Risks as defined in the ERMF.
2.3 Review the Society’s key risk policies, strategies and risk appetite statements annually including the:
- Treasury and Prudential Policy Statement *;
- Recovery and Resolution Plan *;
- Reverse Stress Testing Framework;
- Individual Capital Adequacy Assessment Process (ICAAP) *;
- Individual Liquidity Adequacy Assessment Process (ILAAP) *; and
- Annual Review of Treasury Credit Limits *;
- Funds Transfer Pricing methodology, once agreed by ALCO;
- Operational Risk Management Policy;
- Lending Policy Statement *;
- Conduct Risk Framework;
- Financial Crime Risk Management Policy
- Cyber Security Strategy*
- Model Risk Framework
The items marked * are subsequently recommended for approval by the Board after review by the Committee.
2.4 Delegation to ALCO of the review of models, including their independent validation, where such models are required for the provision of valuations under the European Markets Infrastructure Regulation (EMIR).
3. Risk Monitoring
3.1 Seek assurance that the ERMF is implemented with appropriate reporting regimes for each of the Society’s Principal Risks.
3.2 Review scenario assumptions for inclusion in business planning, receive the results of stress and scenario analysis, and assess whether the proposed mitigation measures are sufficient to manage the risk exposure within the Board’s risk appetite.
3.3 Review reports from the Chief Risk Officer and management, including reports on any material breaches of risk appetite, and consider the adequacy of proposed actions arising from such breaches.
3.4 Receive reports on the performance and independence of (i) the compliance function (ii) the risk function to ensure such functions can discharge their responsibilities effectively.
3.5 Challenge and approve progress of the plans to mitigate each of the principal current and emerging risk exposures, ensuring that management are exercising appropriate control to reduce the likelihood of risk crystallisation resulting in financial loss, reputational damage or regulatory concern.
3.6 Review six-monthly reports from the Head of Payments & Financial Crime in his/her capacity as the Society’s Money Laundering Reporting Officer.
3.7 Provide advice to the Remuneration Committee such that performance objectives do not drive excessive risk taking and that reward takes account of risk management performance.
3.8 Meet the Chief Risk Officer and the heads of the principal risk functions at least once a year without other management being present to discuss their remit and any issues arising from the risk oversight activity they undertake.
3.9 Review, on behalf of the Board, key risk related FCA and PRA correspondence and ensure that management’s responses to such communications are appropriate, consistent with the Society’s risk appetite.
3.10 Ensure that the Board Audit Committee and/or the Board itself is made aware of significant issues matters considered by the Committee.
3.11 Undertake an annual assessment of the Committee’s effectiveness.
3.12 Consider other topics, as defined by the Board and/or any of its Committees.
The BRC Terms of Reference are reviewed at least annually by the Committee. Any changes are approved by the Board and the up-to-date Terms of Reference are included in the Board Governance Manual.
These Terms of Reference were approved by the Committee at its meeting on 22 November 2016 and by the Board at its meeting on 25 January 2017.