(a) Risk committee. A bank holding company with any class of stock that is publicly traded and total consolidated assets of $10 billion or more must maintain a risk committee that approves and periodically reviews the risk-management policies of its global operations and oversees the operation of its global risk-management framework.
(b) Risk-management framework. The bank holding company's global risk-management framework must be commensurate with its structure, risk profile, complexity, activities, and size and must include:
(1) Policies and procedures establishing risk-management governance, risk-management procedures, and risk-control infrastructure for its global operations; and
(2) Processes and systems for implementing and monitoring compliance with such policies and procedures, including:
(i) Processes and systems for identifying and reporting risks and risk-management deficiencies, including regarding emerging risks, and ensuring effective and timely implementation of actions to address emerging risks and risk-management deficiencies for its global operations;
(ii) Processes and systems for establishing managerial and employee responsibility for risk management;
(iii) Processes and systems for ensuring the independence of the risk-management function; and
(iv) Processes and systems to integrate risk management and associated controls with management goals and its compensation structure for its global operations.
(c) Corporate governance requirements. The risk committee must:
(1) Have a formal, written charter that is approved by the bank holding company's board of directors.
(2) Meet at least quarterly, and otherwise as needed, and fully document and maintain records of its proceedings, including risk-management decisions.
(d) Minimum member requirements. The risk committee must:
(1) Include at least one member having experience in identifying, assessing, and managing risk exposures of large, complex firms; and
(2) Be chaired by a director who:
(i) Is not an officer or employee of the bank holding company and has not been an officer or employee of the bank holding company during the previous three years;
(ii) Is not a member of the immediate family, as defined in section 225.41(b)(3) of the Board's Regulation Y (12 CFR 225.41(b)(3)), of a person who is, or has been within the last three years, an executive officer of the bank holding company, as defined in section 215.2(e)(1) of the Board's Regulation O (12 CFR 215.2(e)(1)); and
(iii)(A) Is an independent director under Item 407 of the Securities and Exchange Commission's Regulation S-K (17 CFR 229.407(a)), if the bank holding company has an outstanding class of securities traded on an exchange registered with the U.S. Securities and Exchange Commission as a national securities exchange under section 6 of the Securities Exchange Act of 1934 (15 U.S.C. 78f) (national securities exchange); or
(A) Is an independent director under Item 407 of the Securities and Exchange Commission's Regulation S-K (17 CFR 229.407(a)), if the bank holding company has an outstanding class of securities traded on an exchange registered with the U.S. Securities and Exchange Commission as a national securities exchange under section 6 of the Securities Exchange Act of 1934 (15 U.S.C. 78f) (national securities exchange); or
(B) Would qualify as an independent director under the listing standards of a national securities exchange, as demonstrated to the satisfaction of the Board, if the bank holding company does not have an outstanding class of securities traded on a national securities exchange. Subpart D_Enhanced Prudential Standards for Bank Holding Companies With
Total Consolidated Assets of $50 Billion or More
Source: Reg. YY, 79 FR 17317, Mar. 27, 2014, unless otherwise noted.