1 Joint Charter of the Risk Assessment Committees
of the Boards of Directors of New York Community Bancorp, Inc.,
New York Community Bank and New York Commercial Bank
The following states the Joint Charter of the Risk Assessment Committees of the Boards of Directors of New York Community Bancorp, Inc. (the “Holding Company,” or “NYCB”), New York Community Bank (the “Community Bank”), and New York Commercial Bank (the
“Commercial Bank,” and, together with the Community Bank, the “Banks”). All three committees are referred to as the “Committees.”
Unless otherwise indicated herein, the responsibilities, authority and functions of the Committees shall apply to the Company and Banks, respectively, and to each of their respective subsidiaries, as the same may exist from time to time. The subsidiaries are referred to
individually herein as “NYCB Entity”, collectively “NYCB Affiliates”, and collectively with the Holding Company and the Banks as the “Company”.
Mission/Purpose:
The Risk Assessment Committees have been appointed by the Company’s Board of Directors (“Board”) to assist the Board in fulfilling its responsibilities with respect to oversight of the Company’s risk management framework, including as it relates to the risk appetite of the Company and the policies and procedures used to manage various risks and enable an effective risk governance framework.
The Risk Assessment Committees’ role is one of oversight, recognizing that management is responsible for designing, implementing, and maintaining an effective risk program. Business Process Owners (BPOs) are the first line of defense for managing risk in the areas for which they are responsible. As the second line of defense, the Company’s Chief Risk Officer provides overall leadership for the Company’s enterprise risk management framework, including risk identification, risk measurement, risk monitoring, risk response, and risk reporting.
Committee Responsibilities:
The Committees’ responsibilities include overseeing the Company’s risk management infrastructure and programs to be assured that management appropriately assigns
responsibility for risk ownership, including identifying, measuring, monitoring, and reporting on specific risks to the business units and functions operating within the Company. The
Committees’ approaches to the fulfillment of its objectives should remain flexible in order to react to changing circumstances and conditions. To fulfill its responsibilities and duties, the Committees should undertake the following:
2 A. Review and approve the following policies and programs annually:
I. Enterprise Risk Management (“ERM”) Policy and ERM Program;
II. Model Risk Governance Policy;
III. Internal Loan Review Policy and Internal Loan Review Risk Assessment Scope;
IV. BSA / AML / OFAC Policies;
V. Information Security Policies; and
VI. Vendor and Contract Risk Management Policy.
B. Delegate authority to the Chief Risk Officer for implementation of the following risk programs of the Company:
I. ERM;
II. Model Risk Management;
III. Internal Loan Review;
IV. BSA / AML / OFAC;
V. Information Security; and VI. Vendor Risk Management.
C. Obtain appropriate assurances from the Executive Oversight Group (“EOG”) Committee, Chief Risk Officer, and the Director of Enterprise Risk Management (“DERM”) that the Company’s risk management framework:
I. is commensurate to its size, structure, complexity, risk profile, and activities;
II. has policies and procedures in place for an effective control environment and risk governance framework;
III. has processes in place such as information systems to identify and report risk, so that appropriate action may be considered to remediate and/or address risk;
IV. has processes in place to establish responsibilities for risk management and to ensure independence of the risk management function; and
V. has processes in place to ensure integration of risk management and its control environment to the strategic plan.
D. Review any proposed updates to the Company’s Risk Appetite Statement and make recommendations to the Board of Directors that considers how much risk the Company or applicable NYCB entity is prepared to take to pursue its Strategic Plan objectives, what kinds of risks are most relevant on an enterprise-wide basis, and how it should define its risk appetite tolerances. Risk appetite is defined as the amount of risk a company is willing to accept in pursuit of its strategic objectives.
E. Perform oversight of Commercial Real Estate & Multi Family (“CRE”) concentrations.
This includes the review of reports, stress testing results, and that CRE concentrations are within the accepted tolerances as described within the Risk Appetite Statement.
3 F. Present monthly to the respective Boards of the applicable NYCB Entity regarding the
Committees work, including with respect to the quality or integrity of the Company’s enterprise risk management function, compliance with related legal or regulatory requirements and regulatory enforcements, whether formal or informal (if applicable), and the performance of the risk management functions described herein.
G. Review regulatory communications received from the Supervisory Bodies of the Company such as reports and/or enforcement actions, whether formal or informal, if applicable. Determine areas requiring heightened attention in light of those
communications and ensure that management is appropriately addressing those areas.
H. Review verbal reports from the EOG Committee members regarding risk oversight functioning.
I. Review the Company’s actual risk profile against the Risk Appetite Statement quarterly.
The risk profile includes information on the categories of risk the Company faces (e.g., credit, interest rate, liquidity, market, operational, legal/compliance, reputational, strategic, and loss share compliance risk). Furthermore, review exceptions, if any, to risk limits and key risks indicators (KRIs) that can serve as signals that the entity’s exposure to a particular risk may be changing.
J. Review monthly reports and updates from the Chief Risk Officer and DERM regarding key risk developments internal and external to the Company. This includes regulatory updates and announcements, ERM Program observations, project plans, regulatory remediation, audit remediation, progress reports, validation of regulatory internal audit issues, Executive Oversight Group (EOG) observations, and other risk matters.
K. Review the proposals and approve the engagement of any third party loan review consultant.
L. Review quarterly reports from the presiding officer of Internal Loan Review.
M. Review quarterly reports from the BSA/AML/OFAC Officer.
N. Review periodic reports from the Chief Information Security Officer.
O. Review periodic reports from the Director of Vendor Risk Management.
P. Review periodic reports from Model Risk Management.
Q. Review and evaluate the performance of the Chief Risk Officer of the annually.
4 R. Annual Charter Review and Performance Evaluation
The Committees periodically should re-evaluate its objectives, taking into account changing strategic, regulatory and other plans and requirements; evaluate this Charter annually and recommend changes to the Company’s Board of Directors when necessary.
The Committees shall conduct and report to the Company’s Board of Directors the results of an annual performance evaluation of the Committees.
Other:
The Committees, upon consultation with the Chief Risk Officer and such other resources as it deems to be necessary or appropriate, periodically should determine whether the forgoing scope of responsibilities should be modified to address any changes in the Committees’ risk management objectives as established by the respective Boards from time to time or changes in the business of the Company or Banks.
Neither the Boards nor their respective Risk Assessment Committees should be involved in actual day-to-day risk management. Directors should instead, through their risk oversight role, satisfy themselves that the risk management processes designed and implemented by management are adapted to the respective Board’s corporate strategies and are functioning as directed, and that necessary steps are taken to foster a culture of risk awareness in its decision- making throughout the organizations.
Committee Composition:
The Committees each shall be comprised of four (4) or more Directors as determined by the respective Boards of the Holding Company and Banks. Each Committee member shall satisfy applicable legal requirements, including the requirement that at least one member of the Committee be a "risk management expert" within the meaning of rules promulgated by the SEC under the Dodd-Frank Act of 2010.
Committee members shall be appointed to serve until their successors shall be duly elected and qualified in accordance with the by-laws and policies of the Holding Company or the Banks, as applicable, established by their respective Boards from time to time. Committee members may be replaced by the Board. Unless a Chairman is elected by the Board, the members of the Committee may designate a Chairman by majority vote of the Committee membership. A majority of the members of the Committee shall constitute a quorum.
It is desired that Committee members have or obtain experience, training and
knowledge of the business necessary for making a meaningful assessment of the risks that the Company or Banks face.
5 Meetings:
The Committees shall have monthly meetings, and such other meetings, regular or special, as the Chairman or a majority of the Committee members may determine from time to time. Committee meetings may be held telephonically if so permitted by law and the
Company's by-laws.
The Committees should meet separately with Executive Management or any of such persons or firms the members believe to be appropriate for such sessions in accordance with the purpose and scope of the Committees’ responsibilities.
The Committees may request any officer or employee of the Company or the Company’s outside counsel to attend a Committee meeting or to meet with any members of, or
consultants to, the Committees. Members of the Committees may participate in Committee meetings by means of conference call or similar communications equipment by means of which all persons participating in the meeting can hear each other.
Resources and Authority of the Committee:
The Committees, and each member of the Committees in his or her capacity as such, shall be entitled to rely, in good faith, on information, opinions, reports or statements, or other information prepared or presented to them by,
i. officers and other employees of the Company whom such member believes to be reliable and competent in the matters presented, or
ii. counsel, public accountants, or other persons as to matters which the member believes to be within the professional competence of such person.
In discharging its oversight role, the Committees each are empowered to investigate, under the supervision of its Chairman, those matters appropriate to fulfilling its responsibilities, with unrestricted access to all books, records, facilities, and personnel of the Company, the Boards or their other Committees. The Committees shall be authorized to retain outside
counsel or other experts or advisors, as it deems necessary for this purpose. The Company shall provide funding, as determined by the Committees, for payment of compensation to any
external advisors employed by the Committees.
This Charter may be amended by vote of a majority of the members of the Committees.
Any amendment to this Charter is subject to ratification by the applicable Board of Directors of the Holding Company or Banks.
This Charter was last revised on December 14, 2015 and approved by the Committees on that date and approved by the full Board of each of the Holding Company and the Banks on December 15, 2015.
Adopted by the Committees: December 14, 2015 Ratified by the Boards: December 15, 2015