The Board has established a committee to be known as the Board Risk Committee (BRC) to assist it in fulfilling its oversight responsibilities for risk management across the Society. The BRC has the delegated authority of the Board in respect of the functions and powers set out in these terms of reference and is authorised by the Board to obtain, at the Society’s expense, outside legal or other professional advice on any matters within its terms of reference.
The role of the BRC is to:
- Provide oversight and advice to the Board in relation to current and potential future risk exposures of the Society and future risk strategy, including determination of risk appetite and tolerance and the effectiveness of the Society’s framework for managing risk.
- Promote a risk culture that puts Members First within the Society and oversee implementation and maintenance of the Enterprise Risk Management Framework (ERMF).
- Review key risk policies and frameworks including risk appetite statements.
3. Meetings and membership
The BRC will be chaired by a Non-Executive Director (other than the Chair of Board) as appointed from time to time by the Board.
The BRC will comprise the BRC Chair, the Chair of the Audit Committee and two other Non-Executive Directors. The Committee may operate with a vacancy. Members of the Committee shall be appointed by the Board, on the recommendation of the Nominations & Governance Committee.
The Chief Executive, Chief Financial Officer, Chief Risk Officer and the Chief Operating Officer will attend meetings of the Committee. Any other employee of the Society may be asked to attend meetings as required. Directors (both Executive and Non-Executive) who are not members or regular attendees of the Committee may also attend meetings if they so wish.
The BRC will meet eight times a year as a minimum and otherwise as required. The Chair of the Committee may convene meetings of the Committee at any time to consider any matters falling within these terms of reference.
Meetings of the BRC will be quorate if at least three BRC members are present. If the Chair of the Committee is absent the remaining members shall elect one of their number to chair the meeting. A duly convened meeting of the Committee at which a quorum is present shall be competent to exercise all or any of the authorities, powers and discretions vested in or exercisable by the Committee.
The General Counsel & Secretary or their nominee will be secretary to the BRC.
The Secretary shall draft the agenda for each meeting and provide this to the Chair of the Committee for approval in advance of the meeting. The Secretary shall collate and circulate the papers to members and attendees at least six calendar days prior to the meeting.
Formal minutes of the meetings of the BRC will be taken and circulated to members and other regular attendees for the relevant meeting. A summary of each meeting will be made available to the Board of Directors in the month following the meeting. The Committee Chair will be available at the Society’s AGM to answer questions from members falling within the Committee’s remit.
The Committe shall have the following responsibilities:
4.1. Risk Appitite
4.1.1. Consider annually and recommend for approval by the Board proposals in respect of the Society’s risk appetite and limits for risk categories. The appetite should be aligned with the Strategic Plan, capital and risk stress testing framework and the principal risks that the Society faces.
4.1.2. Review the Society’s credit risk appetite statement semi-annually and if thought fit recommend changes to the Board in line with relevant regulatory guidance.
4.2. Enterprise Risk Management Framework (ERMF)
4.2.1. Consider and recommend for approval by the Board the ERMF.
4.2.2. Consider and approve an assessment of which risk categories should be deemed Principal Risks as defined in the ERMF.
4.2.3. Seek assurance that the ERMF is implemented with appropriate reporting regimes for each of the Society’s Principal Risks including management’s response to breaches of risk appetite as detailed in the ERMF.
4.3. Risk Control Policies
4.3.1. Consider and approve the following risk policies:
• Treasury and Prudential Policy Statement;*
• Reverse Stress Testing Framework;
• Funds Transfer Pricing methodology, once agreed by ALCO;
• Operational Risk Policy;
• Lending Policy Statement*;
• Conduct Risk Framework;
• Financial Crime Risk Management Policy;
• Anti-Money Laundering Risk Management Policy;
• Cyber Security Strategy;
• Model Risk Framework
The items marked * are subsequently recommended for approval by the Board after review by the Committee.
4.4. Capital and Liquidity
4.4.1. Review scenario assumptions for inclusion in business planning, receive the results of stress and scenario analysis, and assess whether the proposed mitigation measures are sufficient to manage the risk exposure within the Board’s risk appetite;
4.4.2. Review and recommend for approval to the Board the Society’s Internal Capital Adequacy Assessment Process; Individual Liquidity Adequacy Assessment Process and the Recovery Plan.
4.5. Risk Monitoring
4.5.1. Review reports from the Chief Risk Officer and management, including reports on any material breaches of risk appetite, and consider the adequacy of proposed actions arising from such breaches.
4.5.2. Challenge and approve progress of the plans to mitigate each of the principal current and emerging risk exposures, ensuring that management are exercising appropriate control to reduce the likelihood of risk crystallisation resulting in financial loss, reputational damage or regulatory concern or adverse outcomes for the Society’s members.
4.5.3. Identify and assess emerging risks, including risks raised by regulatory change.
4.5.4. Receive reports on the risk position in relation to the Society’s major change programmes.
4.5.5. Receive the result of assessments concerning material outsourcing arrangements and oversight of such arrangements.
4.5.6. Receive reports on Material Risk Events including lessons learned from such Material Risk Events.
4.5.7. Review the Society’s operational resilience strategy and its delivery.
4.6. Risk Function
4.6.1. The Chief Risk Officer’s formal reporting line is to the Chief Executive. However, the Chief Risk Officer also has a reporting line to the Chair of the Committee through the Committee Chair in respect of matters referenced in these terms of reference.
4.6.2. The Committee will assess the effectiveness of the Society’s risk management and internal control systems and, at least annually, carry out a review of their effectiveness and report on that review in the annual report. The monitoring and review should cover all material controls, including financial, operational and compliance controls.
4.6.3. Receive reports on the performance and independence of (i) the compliance function (ii) the risk function to ensure such functions can discharge their responsibilities effectively.
4.6.4. The Committee will satisfy itself that the Risk function is adequately resourced, has appropriate access to information and is independent from management or other restrictions so as to be able to perform its function effectively.
4.7.1. Provide advice to the Remuneration Committee such that performance objectives do not drive excessive risk taking and that reward decisions take account of risk management performance.
4.8. Regulatory Oversight
4.8.1. Review, on behalf of the Board, if requested, key risk-related FCA and PRA correspondence and ensure that management’s responses to such communications are appropriate, consistent with the Society’s risk appetite.
4.8.2. Review a report from the Society’s Money Laundering Reporting Officer.
4.9. Reporting and Disclosures
4.9.1. The Committee shall compile a report detailing how it discharged its responsibilities for inclusion in the Society’s Annual Report & Accounts, including a description of the significant issues dealt with by the Committee and other matters required to be disclosed under the Corporate Code.
4.10. Performance Review
4.10.1. To arrange annual assessments of Committee effectiveness and report the output of this activity to the Board.
4.10.2. To review periodically these Terms of Reference and recommend any changes to the Board for approval.
These terms of reference were approved by the Committee at its meeting on 18 December 2018 and by the Board at its meeting on 23 January 2019.