Risk Committee Charter. Bank of Queensland

Transcription

1 Risk Committee Charter Bank of Queensland Issue Date: 28 June 2018

2 1 Purpose The Bank of Queensland Limited (BOQ) Risk Committee (Committee) has been established by the BOQ Board (the Board) to: (a) assist the Board and the relevant BOQ subsidiary Boards (BOQ Group Boards) to effectively discharge their responsibilities to oversee the risk profile and the risk management framework of BOQ and its subsidiaries (BOQ Group); and (b) To identify, manage, monitor and measure risk for the BOQ Group on a regular basis, commensurate with the objective of ensuring that there is an acceptable balance between risk and return in the decisions made by the BOQ Group. The Committee has power to deal with and, where applicable, resolve, determine and recommend all matters falling within the scope of its purpose and duties as set out in this Charter, and other matters that may be delegated by the Board to the Committee from time to time. For the avoidance of doubt, the Committee discharges the above responsibilities in relation to the Company and, as applicable, the entities it controls (the Group). The St Andrew s Group has its own Risk Committee. The charter of the St Andrew s Group Risk Committee provides that oversight by the Committee will be satisfied by way of the receipt of regular reports and updates from the Chair of the St Andrew s Group Risk Committee. 1.1 Role of the Committee The Committee provides assistance and makes considered recommendations to the Board in relation to the following: (a) The risk profile and risk appetite of the BOQ Group, for approval by the Board; (b) Receipt of reports from management concerning breaches or material deviation from the risk management framework, the BOQ Group s risk management strategies, regulatory compliance and internal controls; (c) Ensuring appropriate principles, strategies, policies and processes for managing risk so as to ensure those adopted are of sufficient quality and of a high standard when benchmarked against industry practice; (d) Ensuring that the BOQ Group complies with applicable legislation, rules and regulations; (e) Ensuring the development and promotion of a risk based culture and the achievement of a balance between risk and reward for risks accepted across the BOQ Group; (f) Overseeing the process developed by management to identify risks, evaluating their potential impact, and implementing appropriate strategies to manage those risks; (g) Receipt of reports from management and the Chair of the St Andrew s Group Risk Committee regarding the resolution of significant risk exposures and risk events; (h) Reviewing and monitoring the risk implications of new and emerging risks to ensure that they are appropriately and proactively identified, managed and controlled at an early stage. (i) Reviewing and monitoring the risk implications of organisational change, regulatory change and major initiatives; (j) Reviewing the policies governing the adequacy of the BOQ Group s provisioning (including the adequacy of specific, collective and general provisions and reserves); (k) Providing a formal forum for communication on risk and compliance matters between the Board and senior management; 2

3 (l) Improving the efficiency of the Board by taking responsibility for tasks delegated to the Committee, where such tasks should be discussed in sufficient depth; (m) Reviewing and recommending to the Board for adoption, the BOQ Group s insurance cover arrangements and the BOQ Group Corporate Insurance renewal; (n) Overseeing and maintaining risk based controls to mitigate the risks associated with money laundering and terrorism financing; and (o) Receipt of internal and/or externally annual review reports and 3-yearly independent reviews of the risk management framework. 2 The Committee 2.1 Composition (a) The Committee must comprise of a minimum of three independent non-executive members of the Board of Directors. (b) The Managing Director & CEO (MD & CEO), Chief Financial Officer, Chief Risk Officer (CRO), Head of BOQ Group Assurance, the external auditor and representatives of management may be invited to attend part or all of any meetings of the Committee, as required. (c) Membership of the Committee will be considered by the Board on an annual basis. (d) Each member of the Committee must dedicate the necessary time and attention to Committee meetings. (e) The duties and responsibilities of a member of the Committee are in addition to those set out for a member of the Board. (f) BOQ s Company Secretary or his/her designated representative will be appointed Secretary to the Committee. (g) Members will be given the opportunity to attend technical or professional development courses to assist them in keeping up to date with legislative, regulatory or other relevant issues. Members will be given the opportunity to attend risk management training associated with BOQ s risk management programs. 2.2 Chair of the Committee The Chair of the Committee will be an independent non-executive Director of BOQ and be appointed by the Board. The Chair of the Board of Directors or the Audit Committee should not be the Chair of the Committee. The Chair of the Committee is involved in: (a) the selection process for the appointment of the CRO for BOQ, and recommending to the Board the chosen candidate for the position; (b) liaising with the MD & CEO regarding any plans for dismissal of the incumbent CRO; and (c) approving and signing off on the risk management declaration. The Committee Chair will chair Committee meetings. In the absence of the Committee Chair (or his or her properly appointed delegate), the members will elect one of their number as Chair of that meeting. 3

4 3 The Committee 3.1 Quorum A quorum will consist of at least 2 independent non-executive directors. 3.2 Agenda (a) The agenda for Committee meetings will be prepared by the Company Secretary and approved by the Committee Chair. (b) The agenda will include those items required by the Committee Charter and such other items as are requested by Committee members or management and approved by the Committee Chair. (c) The agenda and supporting papers are to be delivered to Committee members by the Company Secretary at least seven (7) days in advance of each meeting. Late papers may be accepted only with the consent of the Committee Chair. 3.3 Scheduling and Notice (a) The Committee will meet as often as required to undertake its role effectively, but no less than four meetings per year. The Chair of the Committee or the Chair of the Board may call a meeting of the Committee at any time, or if so requested by any member of the Committee. (b) The Company Secretary will provide adequate notice to all members of the Committee of all meetings. 3.4 Voting (a) Meetings are governed by the provisions of the Company s constitution regulating directors meetings. (b) Wherever possible, the Committee should seek determine matters before the Committee by consensus. If the Committee is unable to reach a consensus on a matter, this will be recorded in the Committee minutes and the Committee Chair will advise the Board of the range of views held by members of the Committee on the issue. (c) Any person with a material personal interest in a matter being considered by the Committee must not be present when that matter is considered by the Committee. (d) For the avoidance of doubt, decisions of the Committee may be made at a duly called and constituted meeting or otherwise agreed by Committee members in accordance with those provisions of the Company constitution governing written resolutions. 3.5 Additional Attendees (a) Members of the Board who are not Committee members are entitled to attend Committee meetings but cannot vote on any matters being considered by the Committee. For the avoidance of doubt, all Committee papers are available to all members of the Board subject to the Company s rules in relation to conflicts of interests, as amended from time to time. (b) The Committee may, if it deems appropriate, invite to the Committee meeting, or hold private meetings with such advisers or management personnel as the Committee may require. 3.6 Minutes (a) Minutes are to be prepared for each Committee meeting. (b) The draft minutes of each meeting are to be reviewed by the Committee Chairman and circulated to all Committee members by the Company Secretary as soon as practicable but no later than the distribution date for the papers for the next Committee meeting. 4

5 (c) The Committee must confirm the minutes of each Committee meeting at its next meeting. (d) A copy of the minutes, once they have been approved by the Committee, must be signed by the Committee Chairman and made available to the Company s Board. 3.7 Expert Advice The Committee has the right to seek independent professional advice in connection with carrying out its duties at the Company s expense. Prior written approval from the Chairman of the Board is required prior to seeking such professional advice. 4 Reporting The Committee will report to the Board about Committee activities and make recommendations to the Board on matters relevant to the Committee s purpose. The Committee will prepare any reports required by law, the ASX Listing Rules or otherwise requested by the Board. 5 Responsibilities 5.1 Responsibilities Three Lines of Defence The Committee supports BOQ s adoption of the Three Lines of Defence (LOD) model and approach, which clearly articulates roles and responsibilities across the Group. These are summarised as follows and are further articulated and defined within the relevant policies and procedures across the Group. 1st LOD: Group Executives and Management and Staff who own and manage the risk within the business are responsible for the identification and assessment of risks and the embedding of effective actions that address the risks, taking into account changing business conditions, market practices and regulatory requirements. 2nd LOD: Group Risk (across the areas of Credit, Market and Operational Risk) who is an independent function that monitor, assess and report on risks across the Group. 3rd LOD: Group Assurance, is an independent and objective assurance function reporting to the Audit Committee. Activities include examination and evaluation of the internal control framework of the BOQ Group, including assignment of responsibility and accountability within the BOQ Group and appropriate processes to follow up on audit findings and agreed management actions Risk Management Strategy The Committee will recommend to the Board the parameters of BOQ s risk management strategy. (a) Risk Appetite As part of this process, the Committee will monitor the BOQ Group s risk profile with regard to risk appetite and oversee the drafting and refining of BOQ s Risk Appetite Statement. The Committee will make recommendations to the Board in relation to the risk appetite for the BOQ Group. (b) Risk Culture The Committee will monitor the BOQ Group s risk culture and the extent to which the culture supports the ability of the BOQ Group to operate consistently within its risk appetite, identify and desirable changes to the risk culture and ensure the BOQ Group takes steps to address those changes. The Committee will report to the Board on the risk culture of the BOQ Group to assist the Board in forming a view on risk culture. 5

6 (c) Internal Capital Adequacy Process (ICAAP) The Committee will recommend, for approval by the Board, BOQ s ICAAP Policy to be implemented by management, and oversee risks inherent in the BOQ Group s operations. Such oversight will include (but is not limited to) the following categories of risk and matters as applicable to the business operations and risk management framework of each company. These matters are not exhaustive and may change from time to time Treasury Risk (a) Market Risk Market Risk includes the risk of loss due to changes in the general level of market prices, positions in interest rates, equity prices, foreign exchange rates and commodities, or other factors specific to the Bank. The responsibilities of the Committee include: 1) Reviewing and making recommendations to the Board in relation to: i. The policies which form the BOQ Group s Market Risk Management Framework; and ii. Key policies and limits supporting market risk, in light of the BOQ Group s risk appetite. 2) Monitoring and making recommendations to the Board in relation to: i. The BOQ Group s market risk performance and exposure against limits; and ii. Interest rate and foreign exchange performance and exposure. (b) Liquidity Risk Liquidity Risk is the risk that the Bank, although balance sheet solvent, cannot meet or generate sufficient cash resources to meet its payment obligations in full as they fall due, or can only do so at materially disadvantageous terms. The responsibilities of the Committee include: 1) Reviewing and making recommendations to the Board in relation to: i. The policies which form BOQ s Liquidity Risk Management Framework; ii. Development of appropriate liquidity risk policies; and iii. Funding plan for the Bank. 2) Monitoring and making recommendations to the Board in relation to: i. BOQ s liquidity position and requirements; and ii. BOQ s funding plan and funding requirements (including compliance with APRA s regulatory requirements). (c) Balance Sheet Risk Balance Sheet Risk refers to the variability in value of interest rate products held by the Bank as a result of changes in interest rates. Liquidity, capital positioning, securitisation, asset and liability composition all influence Balance Sheet Risk. The responsibilities of the Committee include reviewing and making recommendations to the Board in relation to: 1) BOQ s position in relation to management of interest rate risk; 2) BOQ s position in relation to management and structure of balance sheet; 3) BOQ s position in relation to management of capital adequacy; 4) The effectiveness of systems and policies that are in place to manage structural interest rate risk; and 5) The balance sheet management policies Credit Risk Credit Risk means the risk that borrowers and transactional counterparties will default on their obligations, and includes the risk of loss of value of assets due to deterioration in credit quality. The responsibilities of the Committee include reviewing and making recommendations (as applicable) to the Board in relation to: 6

7 (a) The policies which form the BOQ Group s Credit Risk Management Framework; (b) The credit risk profile, risk appetite, performance and management of BOQ s credit portfolio; (c) Key credit risk policies, credit strategies and credit scorecards supporting the Credit Risk Management Framework; (d) Credit limits, risk ratings, exposure limits, stress tests, concentration ratios, large exposures and conditions; and (e) Assessment of macro-economic trends for BOQ s portfolio, including scenario and stress testing Operational Risk Operational Risk means the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. The responsibilities of the Committee include: (a) Monitoring the performance of operational risk management and controls. (b) Reviewing and making recommendations to the Board in relation to: 1) The BOQ Group s Operational Risk Management Framework; 2) Development and ongoing appropriateness of operational risk policies; 3) Conduct risk issues relating to the fair and equitable treatment of BOQ s customers and other stakeholders 4) Occupational health and safety issues; 5) Environmental sustainability; 6) Enterprise Continuity Management (comprising business continuity management, crisis management and disaster recovery, and technology/system risk); 7) Reports from management concerning the BOQ Group s annual insurance strategy, including the adequacy of coverage and limits of insurance policies, and associated costs; and 8) All aspects of the BOQ Group s insurance program, including the performance of the corporate broker, making recommendations to the Board regarding the insurance broker, and provision of reports on any material matters arising out of the insurance program during the year, including all major insurance claims made by the BOQ Group Compliance Risk Compliance Risk means the risk of legal or regulatory sanctions, material financial loss, or loss to reputation an entity may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organisational standards, and codes of conduct applicable to its banking activities. The responsibilities of the Committee include: (a) Overseeing the establishment and maintenance of risk based controls to mitigate the risks associated with money laundering and terrorism financing. (b) Reviewing and making recommendations to the Board in relation to: 1) The adequacy and effectiveness of the program of compliance established within the BOQ Group; 2) The compliance risk processes that are in place to anticipate and effectively manage the impact of legal and regulatory change on the BOQ Group s operations; 3) The scope and depth of compliance review activities and the resulting impact any review findings have on the risk profile of the BOQ Group; and 4) The nature and effectiveness of action plans implemented to address identified compliance weaknesses. 5.2 Other Responsibilities (a) Review any changes anticipated for the economic and business environment, including consideration of emerging trends (including strategic risks) and other factors relevant to BOQ s risk profile; (b) Review the adequacy of the Committee Charter and relevant risk management charters on an annual basis; (c) Oversee APRA statutory reporting requirements pertaining to risk matters, and deal promptly with 7

8 APRA reviews; (d) Oversee adequacy of internal risk monitoring and reporting requirements; (e) Review and recommend annual approval of internal risk charters (such as Executive Credit Committee); (f) Oversee the BOQ Group s Stress Test and scenario testing framework; (g) Review and recommend annual approval of the Asset & Liability Committee Charter including responsibilities, segregation of duty and reporting requirements; (h) Receive reports in line with an approved Committee Agenda, and review annually the appropriateness and frequency of the reports; (i) Review and recommend the risk management key performance indicators included in the performance plans for BOQ Group Executives and senior management; (j) Review reports from the Information Technology Committee on the appropriateness of the IT and Cyber Security Risk Appetite; (k) Review periodic deep dives on Cyber Security (joint responsibility with the Information Technology Committee); and (l) Regularly discuss and receive reports from the Chair of BOQ s Audit Committee and the Chair of the St Andrew s Group Risk Committee on relevant audit, and/or risk, matters that should come to the attention of the Committee. The Committee will refer to the Audit Committee or Information Technology Committee any matters that have come to the attention of the Committee that are relevant for noting or consideration, or which should be dealt with by, the Audit Committee or Information Technology Committee. For clarity, the Committee will remain responsible for second line of defence reports and reviewing first and third line of defence reports on technology risk, security and cyber security as part of the enterprise risk profile and in reviewing the enterprise risk management framework. 6 Annual Review 6.1 Committee Performance The Committee will undertake an annual review of its performance against the requirements of this Charter and provide that information to the Board along with any recommendations resulting from the review. 6.2 Committee Charter Review This Charter supersedes any charter or terms or reference previously in force. Any modifications to or replacements of this Charter must be approved by the Board. The Committee will review this Charter at least once per annum. The next scheduled review is June Definitions and Interpretation 7.1 Definitions ASX means ASX Limited ACN and the exchange operated by it. Board means the board of directors of Bank of Queensland Limited. Company means the Bank of Queensland Limited, ABN Corporations Act means the Corporations Act 2001 (Cth) as amended from time to time. Director means a director of the Company or its subsidiaries. Listing Rules means the listing rules of the ASX. Technology means information technology and includes, without limitation, digital and innovation technologies. 8

9 7.2 Interpretation Concepts not defined in this document which have a meaning in the Corporations Act or the Listing Rules have that same meaning in this document. 9