The Risk and Compliance Committee (the "Committee") is appointed by the Board of Directors (the "Board") of Arthur J. Gallagher & Co. (the "Company") to assist the Board in its oversight and monitoring of: (i) the risk assessment and risk management programs and practices of the Company; and (ii) compliance with the laws, regulations and policies applicable to the Company.
MembershipThe Committee shall be comprised of three or more directors as determined and appointed by the Board. Determinations as to whether a particular director satisfies the requirements for membership on the Committee shall be made by the Board. The members of the Committee shall be designated by the Board on the recommendation of the Nominating/Governance Committee and shall serve for such terms as the Board may determine, or until their earlier resignation, death, or removal by the Board. A chairperson of the Committee shall be designated by the Board.
The Audit, Compensation and Nominating/Governance Committees exercise direct oversight over certain aspects of the Company's risk management program that fall within their areas of responsibility. The Committee shall coordinate and communicate with these other committees as appropriate. To facilitate such coordination and communication, the Committee membership shall include at least one member of each of the Audit Committee, Compensation Committee and Nominating/Governance Committee.
OperationsThe Committee shall meet with such frequency and at such intervals as it shall determine is necessary to carry out its duties and responsibilities. The Committee will meet at such times as determined by its chairperson or as requested by any two of its members. Notice of all meetings shall be given, and waiver thereof determined, pursuant to the provisions contained in the Company's Bylaws. The chairperson will preside, when present, at all meetings of the Committee. The Committee may meet by telephone, video conference or Internet conference and may take action by written consent.
The Committee shall meet separately, and periodically, with management and shall invite such individuals to its meetings as it deems appropriate, to assist in carrying out its duties and responsibilities. However, the Committee shall meet regularly without such individuals present.
The Committee may form and delegate to one or more subcommittees all or any portion of the Committee's authority, duties and responsibilities, and may establish such rules as it determines necessary or appropriate to conduct its business.
Each member of the Committee shall have one vote. A majority of the members shall constitute a quorum and the Committee shall be authorized to take any permitted action only by the affirmative vote of a majority of the Committee members present at any meeting at which a quorum is present, or by the unanimous written consent of all of the Committee members, subject to the provisions of the preceding paragraph.
The Committee shall maintain copies of minutes of each meeting of the Committee, and each written consent to action taken without a meeting, reflecting the actions so authorized or taken by the Committee.
The Committee shall have the authority to obtain advice and assistance from outside advisors, experts or consultants as the Committee determines necessary to carry out its duties. The Company shall provide for appropriate funding, as determined by the Committee, for the payment of compensation to any such advisor, expert or consultant and for the payment of ordinary administrative expenses that are necessary or appropriate in carrying out the Committee's duties. The Committee shall also have authority to obtain advice and assistance from any officer or employee of the Company and to have any such officer or employee make presentations to the Committee or respond to questions posed by the Committee.
Authority, Duties and ResponsibilitiesThe Committee shall have the following principal responsibilities:
Review with management the Company's enterprise risk management program, including risk identification, risk appetite, risk assessment and risk mitigation.
Review management's approach to identify and prioritize the Company's most significant risk exposures and discuss with management the steps that have been taken to mitigate and monitor such exposures.
Review the Company's management of risks related to cyber security and information security, including artificial intelligence and data privacy risks, and receive regular reports from the Company's Global Chief Information Officer and/or Global Chief Information Security Officer regarding the overall status of the Company's cyber security and information security programs.
Review the Company's business continuity and crisis management framework, including the Company's incident response plans.
Review and discuss the Company's risk appetite statements.
Review reports of complaints received by the Company from internal and external sources, including the Gallagher Ethics and Compliance Helpline regarding any ethics or compliance matters.
Review the Company's ethics and compliance program, including the Company's Global Standards of Business Conduct, significant legal and regulatory compliance matters and material inquiries or investigations from government or regulatory entities.
Receive reports and presentations as appropriate from outside advisors, such as the independent auditors, compensation consultant or legal counsel, regarding risks facing the Company and the Company's risk management and ethics and compliance programs.
Review and make recommendations to the Board regarding the adequacy of the Company's resources to perform its risk management and compliance responsibilities.
Review and reassess the adequacy of this Charter as needed and recommend any proposed changes to the Board for approval.
Conduct an annual performance evaluation of the Committee.
Provide the Board with regular reports of the activities of the Committee.
Last amended: December 22, 2025
Attachments
- Original document
- Permalink
Disclaimer
Arthur J.Gallagher & Co. published this content on January 16, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on January 16, 2026 at 19:20 UTC.
