- Authority and Purpose
The Audit and Risk Committee (“Committee”) of the Board of Directors (“Board”) of the Federal Reserve Bank of New York (“Bank”) operates under the bylaws of the Bank and consistent with the applicable policies of the Board of Governors of the Federal Reserve System (“Board of Governors”).
The Committee is appointed by the Board for the purpose of assisting it in assessing (1) adequacy and effectiveness of the controls over financial reporting, (2) the Bank’s external auditor’s qualifications, independence and performance, (3) the adequacy and effectiveness of risk management practices, (4) the adequacy and effectiveness of the Bank’s compliance with legal and regulatory requirements solely to the Bank’s responsibilities over the execution of operational activities as related to monetary policy, and (5) the effectiveness, independence and overall performance of the Bank’s internal audit function.
- Committee Membership
The Committee shall consist of no fewer than three members and no more than five members. In no event may the Class A Directors constitute a majority of the Committee’s membership. The members of the Committee shall meet the independence and experience requirements of Section 4 of the Federal Reserve Act and, to the extent not inconsistent therewith, (a) System Letter 2622 (December 20, 2004), as the same may be amended, supplemented, superseded or otherwise modified, (b) the Rules of the New York Stock Exchange, (c) Section 10A(m)(3) of the Securities Exchange Act of 1934 (the “Exchange Act”) and the rules and regulations of the Securities and Exchange Commission (the “Commission”), including but not limited to Subpart C, Canons of Ethics. At least one member of the Committee shall be a financial expert as defined by the Commission. Additionally, members of the Committee are expected to possess an adequate familiarity with and knowledge of effective risk management practices. Committee members shall not simultaneously serve on the audit committees of more than two public companies. The members of the Committee shall be appointed by the Board on the recommendation of the Nominating and Corporate Governance Committee. Committee members may be replaced by the Board.
- Meetings and Responsibilities
The Committee has the authority to meet as often as circumstances require, but not less frequently than quarterly. A majority of the current members of the Committee shall constitute a quorum for the transaction of business, and action at a meeting by the Committee shall be upon the vote of a majority of those present at any meeting at which a quorum is present.
The Committee shall meet at least once per year with the Bank’s external auditor and the Bank’s General Counsel. To foster open communication, the Committee shall meet periodically with the Chief Risk Officer, the Chief Compliance Officer, the General Auditor, the President and First Vice President, and the external auditor in separate executive sessions. The Committee may request any officer or employee of the Bank or the Bank’s outside counsel or external auditor to attend a meeting of the Committee or to meet with any members of, or consultants to, the Committee.
The Corporate Secretary, in consultation with, and subject to the oversight of, the General Auditor, the Chief Risk Officer, and the Committee Chair, will prepare meeting agendas and distribution of agendas and other briefing materials to Committee members in advance of meetings. The General Auditor will ensure that meeting minutes are prepared.
- Notational Voting
The Committee may transact business through notational voting subject to the following restrictions:
- the decision to allow notational voting on any particular matter shall be subject to the approval of the Chair of the Committee;
- only actual votes shall be counted – silence shall not be interpreted as consent; and
- action by the Committee pursuant to notational voting shall be upon a vote of a majority of the Committee members.
- Committee Responsibilities
The Committee shall make regular reports to the Board and ensure that all audit recommendations and concerns receive proper attention by Bank management.
The Committee shall review and reassess the adequacy of this Charter annually, confirm that all responsibilities outlined therein have been carried out, and recommend any proposed changes to the Board for approval.
The Committee shall receive reports from the General Counsel or the Corporate Secretary regarding risk events involving the Board of Directors, an individual Director, and/or the General Auditor, including but not limited to a waiver of any applicable policy. The Committee shall be responsible for ensuring that risks involving the full Board, a Director, or the General Auditor are being properly managed by the person or entity responsible, including, where applicable, the full Board, a Board committee, an individual Board member, and/or senior Bank management.
Annually, the Committee shall discuss with the full Board the Committee’s view of the Bank’s methods for identifying, managing, and reporting risks and risk management deficiencies.
The Committee shall perform an annual self-evaluation of the Committee’s performance of its responsibilities as stated in the Bank’s bylaws and this charter and determine whether obtaining an assessment by the General Auditor or other outside party would provide a useful additional perspective.
- Financial Statement and Disclosure Matters
The Committee has the responsibility to assist the Board of Directors in assessing the adequacy and effectiveness of the controls over financial reporting. In this regard, the Committee shall:
- Ensure that the internal audit function has appropriate access to the documents and individuals needed to accomplish their assigned responsibilities.
- Review with management, including the Principal Financial Officer, and the external auditor the annual audited financial statements in both draft and final form and discuss any issues arising with respect to accuracy, fraud, or other irregularities.
- Discuss with management and the external auditor significant financial reporting issues and judgments made in connection with the preparation of the Bank’s financial statements, including any significant changes in the Bank’s selection or application of accounting principles, any major issues as to the adequacy of the Bank’s internal controls and any special steps adopted in light of material control deficiencies.
- Discuss with management and the external auditor any correspondence with any governmental agencies and any published reports that raise material issues regarding the Bank’s financial statements or accounting policies.
- Discuss with the Bank’s General Counsel legal matters that may have a material impact on the financial statements.
- Review and discuss reports from the external auditors on:
- All critical accounting policies and practices to be used.
- All alternative treatments of financial information within generally accepted accounting principles that have been discussed with management, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the external auditor.
- Other material written communications between the external auditor and management, such as any management letter or schedule of unadjusted differences.
- Discuss with management and the external auditor any off-balance sheet structures on the Bank’s financial statements.
- Discuss with the external auditor any difficulties encountered in the course of the audit work, any restrictions on the scope of activities or access to requested information, and any significant disagreements with management.
- Review disclosures made to the Committee by the Bank’s President, First Vice President and the Bank’s Principal Financial Officer during their certification process about any significant deficiencies in the design or operation of internal controls in financial reporting or material weaknesses therein and any fraud involving management or other employees who have a significant role in the Bank’s internal controls with respect to financial reporting.
- Review and approve any significant deviations from financial accounting practices.
- Oversight of Bank’s Relationship with the External Auditor
The Committee has the responsibility to assist the Board of Directors in assessing the external auditor’s qualifications and independence. In this regard, the Committee shall:
- Consult with the Board of Governors with regard to the selection, compensation and performance of the external auditor, and shall do so at least annually. The Committee shall recommend, if necessary, the termination of the external auditor. The Committee shall be responsible for the oversight of the work of the external auditor (including resolution of disagreements between management and the external auditor regarding financial reporting) for the purpose of preparing or issuing an audit report or related work. The external auditor shall report directly to the Committee.
- Pre-approve all services, auditing and non-auditing (including the fees and terms thereof), to be performed for the Bank by its external auditor that fall outside the scope of its engagement as the Bank’s external auditor, subject to de minimis exceptions which are approved by the Committee prior to the completion of the audit.
- Have the authority, to the extent it deems necessary or appropriate, to retain independent legal, accounting or other advisors, with sufficient funding provided by the Bank to retain any such advisors.
- Review and evaluate the lead partner of the external auditor team.
- Obtain and critically evaluate a report from the external auditor at least annually regarding
- the external auditor’s internal quality-control procedures,
- any material issues raised by the most recent internal quality-control review, or peer review, of the firm, or by any inquiry or investigation by governmental or professional authorities within the preceding five years respecting one or more external audits carried out by the firm,
- any steps taken to deal with any such issues, and
- all relationships between the external auditor and the Bank. Evaluate the qualifications, performance and independence of the external auditor, including considering whether the auditor’s quality controls are adequate. The Committee shall present its conclusions with respect to the external auditor to the Board.
- Ensure the rotation of the lead (or coordinating) audit partner having primary responsibility for the audit and the audit partner responsible for reviewing the audit at least once every five years and in a manner otherwise consistent with the requirements of the laws applicable to public companies.
- Discuss with the national office of the external auditor issues on which they were consulted by the Bank’s audit team and matters of audit quality and consistency.
- Oversight of the Bank’s Risk Management Practices
The Committee has the responsibility to assist the Board of Directors in assessing the adequacy and effectiveness of the Bank’s risk management practices and the Bank’s compliance with legal and regulatory requirements. In this regard, the Committee shall:
- Ensure that the Chief Risk Officer has sufficient authority, seniority, and resources within the organization and is independent from individual business units within the Bank and is not dependent on any Bank Officer other than the President for the security of his or her respective position and has access to the Board and the Committee on a confidential basis.
- Ensure that the Chief Compliance Officer has sufficient authority, seniority, and resources and is sufficiently independent from individual business units within the Bank.
- Provide oversight, guidance and feedback to Bank management regarding material risks related to the performance of the strategic and material activities of the Bank.
- In coordination with the Management and Budget Committee of the Board of Directors, approve on behalf of the Board of Directors management recommendations relating to the Bank’s material and strategic activities and businesses, and the risks related thereto.
- Consistent with the Principles for Financial Market Infrastructures, provide oversight, guidance and feedback regarding the Wholesale Product Office (“WPO”), and its compliance with the applicable provisions of the Principles for Financial Market Infrastructures, including:
- Establishing, upon a recommendation from Bank management, a clear, documented risk-management framework that includes a risk-tolerance policy applicable to the WPO, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies; and
- In coordination with other governance bodies in the Federal Reserve System, ensuring that the WPO’s design, rules, overall strategy, and major decisions reflect appropriately the legitimate interests of its direct and indirect participants and other relevant stakeholders.
- Receiving periodic reports on WPO strategic priorities and risk management issues from the WPO Product Director and other senior management.
- Receive reports and briefings from Bank senior management, including the Chief Risk Officer, General Counsel, Chief Compliance Officer, the General Auditor, and other senior management of other significant business activities, regarding the Bank’s compliance with:
- risk management policies,
- applicable legal requirements
- the Bank’s Code of Conduct
- Personal Trading Compliance Policy
- Obtain reports from senior management regarding the alignment of the Bank’s strategic objectives and annual budget with its risk profile and risk management policies.
- Obtain from the Chief Compliance Officer an assessment of the potential for or actual occurrences of fraud within the organization. Such reports should include, among other things, the Bank’s process for communicating the risk management policies and the Code of Conduct to employees and officers and compliance therewith, and the Bank’s investigation and follow-up regarding instances of non-compliance and/or fraud.
- Discuss with management the Bank’s major financial risk exposures and the steps management has taken to monitor and control such exposures, including the Bank’s risk assessment and risk management policies and control and governance processes.
- Periodically, monitor risks and risk management capabilities within the organization, including communication about escalating risk, and crisis preparedness and recovery plans.
- Discuss with the Chief Risk Officer and the General Auditor the Bank’s major risk exposures, excluding legal risk, and review the steps management has taken to monitor and control such exposures, including the Bank’s risk assessment and risk management policies, and the effectiveness of internal controls over identified risks.
- Discuss with the General Counsel the Bank’s major legal risk exposures, and review the steps management has taken to monitor and control such exposures.
- Understand how the Bank’s internal audit work plan is aligned with the risks that have been identified in the Bank’s risk profile.
- Obtain from the General Auditor an independent and objective assessment of (1) adequacy and effectiveness of the risk management policies, (2) the adequacy and effectiveness of risk management practices, and (3) the adequacy and effectiveness of the Bank’s compliance with risk management policies and compliance with legal and regulatory requirements and those relating to the Bank’s responsibilities for the execution of operational activities relating to monetary policy.
- Authorize investigations into any matters within the Committee’s scope of responsibility.
- Answer external auditors’ questions, including those about risks (including fraud) and whether Committee members have knowledge of risk (or fraud or suspect fraud) affecting the Bank.
- Review procedures and receive reports for the receipt, retention and treatment of complaints and issues raised through the Ethics Hotline and employee complaints protected under the Bank’s whistleblower policies.
- Obtain reports from senior management, including the Chief Risk Officer and the Chief Compliance Officer, regarding the policies, procedures, controls and risks related to the Bank’s procurement activities and vendor management.
- Discuss with the Bank’s General Counsel legal matters that may have a material impact on the Bank’s compliance with applicable laws and its own policies, as well as any legal matters that may impact the reputation of the Bank.
- Oversight of Internal Audit
The Committee has the responsibility to assist the Board of Directors in assessing the performance of the Bank’s Internal Audit function and external auditors. In this regard, the Committee shall:
- Recommend to the Board the appointment and termination (including separation payments) of the General Auditor, and to concur with any reassignment of the General Auditor to another position in the Bank.
- Formally evaluate the performance of the General Auditor, following the guidelines set forth by the Bank for evaluating the performance of other officers.
- Recommend to the Board, or a designated subset of the Board, all actions affecting the salary or classification of the General Auditor.
- Approve all actions affecting the salary or classification of other officers assigned to the Internal Audit Function.
- Ensure that the General Auditor is not dependent on any Bank Officer for the security of his or her position and has access to the Board on a confidential basis.
- Ensure that Internal Audit is independent of Bank management, both by intent and actual practice.
- Review the independence and effectiveness of Internal Audit to ensure that it operates in accordance with applicable and appropriate professional standards, including those endorsed by the Institute of Internal Auditors.
- Review and approve the General Auditor’s Annual Audit Plan and any material changes to that Plan.
- Review the reports to management prepared by Internal Audit for matters deemed significant by the General Auditor and management’s response to such reports.
- Review Internal Audit’s assessment of the Bank’s operational risk management framework and execution of same.
- Discuss with the external auditor and management, the Internal Audit responsibilities, budget and staffing and any recommended changes in the planned scope of the internal audit.
- Annually, the Chair of the Audit and Risk Committee shall consult with the Chair of the Management and Budget Committee regarding the adequacy of the budget for the Internal Audit Function.
- Financial Statement and Disclosure Matters
- Limitation of Audit and Risk Committee’s Role
While the Committee has the responsibilities and powers set forth in this Charter, it is not the duty of the Committee to plan or conduct audits or to determine that the Bank’s financial statements and disclosures are complete and accurate and are in accordance with generally accepted accounting principles and applicable rules and regulations. These are the responsibilities of management and the external auditor.
Effective as of January 1, 2016