The Board Risk Committee (BRC) is a sub-committee of the Board. A summary of each meeting will be made available to the Board at the next Board meeting following the Board Risk Committee. There is a Conduct & Operational Risk Committee (CORC), Asset & Liability Committee (ALCO) and Credit Committee, which report and make recommendations for approval to the Board Risk Committee in line with their Terms of References.

The Board Risk Committee Terms of Reference shall be reviewed at least annually.

2.1. Three nominated independent non-executive directors are members of the Committee.
2.2. The Committee is chaired by one of the Board’s independent non-executive directors, who is expected to have a working knowledge of, in particular, liquidity, capital and risk management issues and stress testing.
2.3. The holder of SMF four Chief Risk Officer, SMF 16 Compliance Oversight Function and Head of Underwriting are expected to attend meetings.
2.4. Other members of the Executive team and external advisors (such as internal and external audit) may also attend meetings as appropriate.
2.5. The quorum necessary for the transaction of business shall be two members. If the Chair of the Committee is absent or is delayed by more than 15 minutes the remaining members shall elect one of their number to chair the meeting. A duly convened meeting of the Committee at which a quorum is present shall be competent to exercise all or any of the authorities, powers and discretions vested in or exercisable by the Committee.
2.6. Any other non-member non-executive Directors may attend BRC.
2.7. The Company Secretary & Governance Manager will act as secretary to the BRC. Minutes of each meeting will be taken and circulated to each member prior to the next meeting.

3. Meetings

The Committee will meet at least four times per year and more frequently if considered necessary by a member of the Committee. Meetings will normally be held prior to the Board meeting and a timetable of meetings and standing agenda items for the coming 12 months will be included as a standing item within the papers published to the Committee for each meeting.

To support the safeguarding of GRC/CRO independence the Committee will hold at least one meeting per year (or part thereof) where the CRO attends without Executive Management present.

4. Responsibilities

The Committee is tasked with overseeing the principle risks as defined by the Risk Management Framework which face the Society and determining their importance given their potential impact and likelihood of occurrence. The Committee will also ensure that the Society’s response to all identified key risks is appropriate.

More specifically, the Committee will:

i) Review and approve the Risk Management Framework (RMF). This document includes the Society’s Risk Appetite Statements. The Committee will ensure that the statements adequately identify all the key risks faced by the Society (including risk to members) and that for those risks it also identifies appropriate management responses. These documents will be reviewed at least annually and more frequently if dictated by market conditions.

ii) Review the Society’s risk strategy including ensuring that adequate resources are allocated to the management of all material risks, and that the Risk function itself has the required level of skills, experience and capabilities that it needs to support the Society in the achievement of its risk strategy and objectives. This will be reviewed annually or more frequently if dictated by market conditions.

i) Review and discuss the independent Chief Risk Officer Report provided to the Committee.

ii) Ensure that it is satisfied that the principal risks are adequately reported on, including strategic, credit, treasury, liquidity, funding, operational, conduct, financial crime and the financial impact of environmental risks. The Committee is to ensure that either the Society is remaining within its risk appetite and risk limits in the various aspects of its business, or that management is taking appropriate mitigating actions where the risk appetite or risk limits have been, or are at risk of being, breached.

iii) Review, challenge and approve the top risks of the Society based on the risk register.

iv) Ensure that there is a risk culture of open discussion, which is forward looking, and which fosters the prompt identification of crystallised, horizon and emerging risks and their effective management.

v) Risk culture metrics to be presented at each meeting and an annual review of the trends, issues and review of metrics in use.

The following documents will be reviewed and approved at least annually or more frequently if required. Once approved by the Committee they are recommended to Board for ratification.

i) Internal Capital Adequacy Assessment Process (ICAAP), ensuring the principal risks identified by the RMF are adequately considered.

ii) Internal Liquidity Adequacy Assessment Process (ILAAP), which includes a review of documents approved at ALCO including the Financial Risk Management Policy and Liquidity Contingency Plan.

iii) Capital Requirements Directive Pillar 3 disclosures and Pillar 3 Policy document.

iv) Reverse Stress Test Framework prepared in accordance with the requirements of SYSC 20.

v) The Operational Risk policy.

vi) The Recovery Plan and Resolution Pack.

vii) The Society’s Responsible Lending Policy.

viii) Policy on Change Management.

ix) Conduct Risk Policy.

x) Cyber Risk Policy and Cyber Response Plan.

xi) Model Risk Management Policy.

xii) Financial Crime Risk Assessment.

i) Ensure the principal risks identified by the RMF are adequately considered within the Society’s Integrated Assurance programme.

ii) Approve the Terms of Reference and be the reporting body for ALCO, Credit Committee and Conduct & Operational Risk Committee. A summary paper from each Committee’s Chair will outline key discussions and decisions made. The minutes are to be published to all Board Risk Committee Members.

iii) Through the review of ALCO minutes, review whether prices of liabilities and assets offered to customers take fully into account the firm’s business model and risk strategy (SYSC 7.1.18 R (3)).

iv) Review the day-to-day risk management and oversight arrangements of the Executive team. (SYSC 21.1.5G (d)).

v) Examine, without prejudice to the tasks of the Remuneration Committee, whether incentives provided by the remuneration system take into consideration risk, capital, liquidity, and the likelihood and timing of earnings (SYSC 7.1.20R).

vi) Provide advice to the Remuneration Committee on risk weightings to be applied to performance objectives incorporated into the incentive structure for the executive (SYSC 21.1.5G (f)).

vii) Consider and give due regard to any relevant advice from the Audit & Compliance Committee or Internal Audit function concerning the effectiveness of the Society’s current control framework (SYSC 21.1.6G).

viii) Remain alert to the possible need for external expert advice and support on any risk issue, taking action to ensure that they receive such advice and support as may be necessary to meet their responsibilities effectively (SYSC 21.1.6G).

The Committee will review its effectiveness on an annual basis.

Last reviewed: October 2021