The Committee has the authority to meet as often as circumstances require, but not less frequently than quarterly. A majority of the current members of the Committee shall constitute a quorum for the transaction of business, and action at a meeting by the Committee shall be upon the vote of a majority of those present at any meeting at which a quorum is present.
The Committee shall meet at least once per year with the Bank's external auditor and the Bank's General Counsel. To foster open communication, the Committee shall meet periodically with the Chief Risk Officer, the Chief Compliance Officer, the General Auditor, the President and First Vice President, and the external auditor in separate executive sessions. The Committee may request any officer or employee of the Bank or the Bank's outside counsel or external auditor to attend a meeting of the Committee or to meet with any members of, or consultants to, the Committee.
The Corporate Secretary, in consultation with, and subject to the oversight of, the General Auditor and the Committee Chair, will prepare meeting agendas and distribution of agendas and other briefing materials to Committee members in advance of meetings. The General Auditor will ensure that meeting minutes are prepared.
The Committee shall make regular reports to the Board and ensure that all audit recommendations and concerns receive proper attention by Bank management.
The Committee shall review and reassess the adequacy of this Charter annually, confirm that all responsibilities outlined therein have been carried out, and recommend any proposed changes to the Board for approval.
The Committee shall receive reports from the General Counsel or the Corporate Secretary regarding risk events involving the Board of Directors, an individual Director, and/or the General Auditor, including but not limited to a waiver of any applicable policy. The Committee shall be responsible for ensuring that risks involving the full Board, a Director, or the General Auditor are being properly managed by the person or entity responsible, including, where applicable, the full Board, a Board committee, an individual Board member, and/or senior Bank management.
Annually, the Committee shall discuss with the full Board the Committee's view of the Bank's methods for identifying, managing, and reporting risks and risk management deficiencies.
The Committee shall perform an annual self-evaluation of the committee's performance of its responsibilities as stated in the Bank's bylaws and this charter and determine whether obtaining an assessment by the General Auditor or other outside party would provide a useful additional perspective.
A. Financial Statement and Disclosure Matters
The Committee has the responsibility to assist the Board of Directors in assessing the adequacy and effectiveness of the controls over financial reporting. In this regard, the Committee shall:
- Ensure that the internal audit function has appropriate access to the documents and individuals needed to accomplish their assigned responsibilities.
- Review with management and the external auditor the annual audited financial statements in both draft and final form and discuss any issues arising with respect to accuracy, fraud, or other irregularities.
- Discuss with management and the external auditor significant financial reporting issues and judgments made in connection with the preparation of the Bank's financial statements, including any significant changes in the Bank's selection or application of accounting principles, any major issues as to the adequacy of the Bank's internal controls and any special steps adopted in light of material control deficiencies.
- Discuss with management and the external auditor any correspondence with any governmental agencies and any published reports that raise material issues regarding the Bank's financial statements or accounting policies.
- Discuss with the Bank's General Counsel legal matters that may have a material impact on the financial statements.
- Review and discuss reports from the external auditors on:
- All critical accounting policies and practices to be used.
- All alternative treatments of financial information within generally accepted accounting principles that have been discussed with management, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the external auditor.
- Other material written communications between the external auditor and management, such as any management letter or schedule of unadjusted differences.
- Discuss with management and the external auditor any off-balance sheet structures on the Bank's financial statements.
- Discuss with the external auditor any difficulties encountered in the course of the audit work, any restrictions on the scope of activities or access to requested information, and any significant disagreements with management.
- Review disclosures made to the Committee by the Bank's President, First Vice President and the Bank's Executive Vice President having responsibilities similar to those of a chief financial officer during their certification process about any significant deficiencies in the design or operation of internal controls in financial reporting or material weaknesses therein and any fraud involving management or other employees who have a significant role in the Bank's internal controls with respect to financial reporting.
B. Oversight of Bank's Relationship with the External Auditor
- Review and approve any significant deviations from financial accounting practices.
The Committee has the responsibility to assist the Board of Directors in assessing the external auditor's qualifications and independence. In this regard, the Committee shall:
- Consult with the Board of Governors with regard to the selection, compensation and performance of the external auditor, and shall do so at least annually. The Committee shall recommend, if necessary, the termination of the external auditor. The Committee shall be responsible for the oversight of the work of the external auditor (including resolution of disagreements between management and the external auditor regarding financial reporting) for the purpose of preparing or issuing an audit report or related work. The external auditor shall report directly to the Committee.
- Pre-approve all services, auditing and non-auditing (including the fees and terms thereof), to be performed for the Bank by its external auditor that fall outside the scope of its engagement as the Bank's external auditor, subject to de minimus exceptions which are approved by the Committee prior to the completion of the audit.
- Have the authority, to the extent it deems necessary or appropriate, to retain independent legal, accounting or other advisors, with sufficient funding provided by the Bank to retain any such advisors.
- Review and evaluate the lead partner of the external auditor team.
- Obtain and critically evaluate a report from the external auditor at least annually regarding
- the external auditor's internal quality-control procedures,
- any material issues raised by the most recent internal quality-control review, or peer review, of the firm, or by any inquiry or investigation by governmental or professional authorities within the preceding five years respecting one or more external audits carried out by the firm,
- any steps taken to deal with any such issues, and
- all relationships between the external auditor and the Bank. Evaluate the qualifications, performance and independence of the external auditor, including considering whether the auditor's quality controls are adequate. The Committee shall present its conclusions with respect to the external auditor to the Board.
- Ensure the rotation of the lead (or coordinating) audit partner having primary responsibility for the audit and the audit partner responsible for reviewing the audit at least once every five years and in a manner otherwise consistent with the requirements of the laws applicable to public companies.
- Discuss with the national office of the external auditor issues on which they were consulted by the Bank's audit team and matters of audit quality and consistency.
C. Oversight of the Bank's Risk Management Practices
The Committee has the responsibility to assist the Board of Directors in assessing the adequacy and effectiveness of risk management practices and the Bank's compliance with legal and regulatory requirements. In this regard, the Committee shall:
- Ensure that the Chief Risk Officer has sufficient authority and seniority within the organization and is independent from individual business units within the Bank and is not dependent on any Bank Officer other than the President for the security of his or her respective position and has access to the Board and the Committee on a confidential basis.
- Ensure that the Chief Compliance Officer has sufficient authority and seniority and is sufficiently independent from individual business units within the Bank.
- Obtain reports from senior management, including the Chief Risk Officer, General Counsel, Chief Compliance Officer, and the General Auditor that the Bank is in conformity with:
- risk management policies,
- applicable legal requirements
- the Bank's Code of Conduct
- Personal Trading Compliance Policy
- Obtain from the Chief Compliance Officer an assessment of the potential for or actual occurrences of fraud within the organization. Such reports should include, among other things, the Bank's process for communicating the risk management policies and the Code of Conduct to employees and officers and compliance therewith, and the Bank's investigation and follow-up regarding instances of non-compliance and/or fraud.
- Discuss with management the Bank's major financial risk exposures and the steps management has taken to monitor and control such exposures, including the Bank's risk assessment and risk management policies and control and governance processes.
- Periodically, monitor risks and risk management capabilities within the organization, including communication about escalating risk, and crisis preparedness and recovery plans.
- Discuss with the Chief Risk Officer and the General Auditor, the Bank's major risk exposures, excluding legal risk, and review the steps management has taken to monitor and control such exposures, including the Bank's risk assessment and risk management policies, and the effectiveness of internal controls over identified risks.
- Discuss with the General Counsel the Bank's major legal risk exposures, and review the steps management has taken to monitor and control such exposures.
- Understand how the Bank's internal audit work plan is aligned with the risks that have been identified in the Bank's risk profile.
- Obtain from the General Auditor an independent and objective assessment of (1) adequacy and effectiveness of the risk management policy, (2) the adequacy and effectiveness of risk management practices, and (3) the adequacy and effectiveness of the Bank's compliance with risk management policy and compliance with legal and regulatory requirements and those solely to the Bank's responsibilities over the execution of operational activities relating to monetary policy.
- Authorize investigations into any matters within the Committee's scope of responsibility.
- Answer external auditors' questions, including those about risks (including fraud) and whether Committee members have knowledge of risk (or fraud or suspect fraud) affecting the Bank.
- Review procedures and receive reports for the receipt, retention and treatment of complaints and issues raised through the Ethics Hotline and employee complaints protected under the Bank's whistleblower policies.
D. Oversight of Internal Audit
- Discuss with the Bank's General Counsel legal matters that may have a material impact on the Bank's compliance with applicable laws and its own policies, as well as any legal matters that may impact the reputation of the Bank.
The Committee has the responsibility to assist the Board of Directors in assessing the performance of the Bank's Internal Audit function and external auditors. In this regard, the Committee shall:
- Recommend to the Board the appointment and termination (including separation payments) of the General Auditor, and to concur with any reassignment of the General Auditor to another position in the Bank.
- Formally evaluate the performance of the General Auditor, following the guidelines set forth by the Bank for evaluating the performance of other officers.
- Recommend to the Board, or a designated subset of the Board, all actions affecting the salary or classification of the General Auditor.
- Approve all actions affecting the salary or classification of other officers assigned to the Internal Audit Function.
- Ensure that the General Auditor is not dependent on any Bank Officer for the security of his or her position and has access to the Board on a confidential basis.
- Ensure that Internal Audit is independent of Bank management, both by intent and actual practice.
- Review the independence and effectiveness of Internal Audit to ensure that it operates in accordance with applicable and appropriate professional standards, including those endorsed by the Institute of Internal Auditors.
- Review and approve the General Auditor's Annual Audit Plan and any material changes to that Plan.
- Review the reports to management prepared by Internal Audit for matters deemed significant by the General Auditor and management's response to such reports.
- Review Internal Audit's assessment of the Bank's operational risk management framework and execution of same.
- Discuss with the external auditor and management, the Internal Audit responsibilities, budget and staffing and any recommended changes in the planned scope of the internal audit.
- Annually, the Chair of the Audit and Risk Committee shall consult with the Chair of the Management and Budget Committee regarding the adequacy of the budget for the Internal Audit Function.