Associated Banc : Enterprise Risk Committee Charter (Enterprise Risk Committee Charter eff 4 28 26 5af61c)

ASSOCIATED BANC-CORP ASSOCIATED BANK, NATIONAL ASSOCIATION ASSOCIATED TRUST COMPANY, NATIONAL ASSOCIATION BOARD OF DIRECTORS ENTERPRISE RISK COMMITTEE CHARTER Purpose

The purpose of the Enterprise Risk Committee (the "Committee") is to provide oversight of the enterprise-wide risk management framework of Associated Banc-Corp and its subsidiaries (collectively, the "Company"), including the strategies, policies, and practices established by management to identify, assess, measure, and manage significant risks. The Committee shall delegate authority to the Enterprise Risk Management Committee to conduct activities in accordance with its respective Charter including but not limited to oversight of the following risk management committees: ALCO Committee, Credit Risk Management Committee, the Community Oversight Committee and the Operational Risk Committee. The Committee shall assist the Board of Directors (the "Board") and its other committees that oversee specific risk-related issues and serve as a resource to management.

Committee Membership

The Committee shall consist of no fewer than three members, each of whom shall be an "independent" director as defined by applicable law, including the rules and regulations of the Securities and Exchange Commission and the rules of The New York Stock Exchange.

Meetings

The Committee shall meet as often as it determines necessary, but not less frequently than quarterly. The Committee shall also meet separately with the Chief Risk Officer, the Chief Credit Officer, the Treasurer and the General Counsel as often as it determines necessary. The Committee may request any officer or employee of the Company or any other person to attend a meeting of the Committee or to meet with any members of the Committee. For a portion or all of each of its meetings, the Committee may meet in executive session without any employees of the Company present.

The Committee may conduct its business and affairs at any time or location it deems appropriate. Attendance and participation in a meeting may take place by conference telephone or similar communications equipment by means of which all persons participating in the meeting can hear each other. Any action to be taken at any meeting of the Committee may be taken without a meeting, if all members of the Committee consent thereto in writing and such writing or writings are filed with the minutes of the Committee. All decisions of the Committee shall be determined by an affirmative vote of the majority of members in attendance. A quorum of the Committee shall be established when a majority of the members of the Committee are present.

Authority and Responsibilities

In exercising its oversight role, the Committee is entitled to rely on management to assume the primary risk management function, including the responsibility to establish appropriate policies, practices, and procedures. The Committee will also rely on the periodic reports from management in addressing these risk issues.

1. With respect to its credit risk oversight function, the Committee will:

   1. Review and approve significant lending and credit policies including:

      • Lending Policy

      • Loan Review Policy

   2. Review and approve the Loan Review Annual Plan.

   3. Review and discuss management's assessment of the credit risk associated with loan growth.

   4. Review and discuss management's assessment of asset quality and asset quality trends, credit quality administration and underwriting standards, and the effectiveness of portfolio credit risk management systems and processes to enable management to monitor and control credit risk.

   5. Review and discuss the quarterly Loan Review results, including progress against the plan and the status of management's actions to address significant recommendations.

   6. Review and discuss the regulatory exam results relating to credit risk and the status of management's response to any noted issues.

   7. Oversee management's handling of credit risk to ensure compliance with Board decisions regarding the bank's lending strategy and credit risk appetite and limits of Associated Bank, National Association (the "Bank").

      Note: Board approval of loans or other extensions of credit to Insiders in accordance with Regulation O will take place in full Board sessions.

2. With respect to its capital, liquidity, interest rate, and price risks oversight function, the Committee will:

   1. Review and approve significant capital, liquidity and market policies including the following:

      • Capital Management Policy and Plan

      • Corporate Asset and Liability Management Policy

   2. Review and make recommendations to the Board with respect to the issuance or repurchase of equity and debt securities and other significant financial transactions and equity investments.

   3. Review and discuss capital, interest rate sensitivity, liquidity, derivatives activity and investment portfolio position reports for compliance with approved policies.

   4. Review and discuss market risk management policies and risk limits.

   5. Monitor the Bank's performance and overall interest rate risk profile and liquidity position, ensuring that asset-liability strategies are prudent and are supported by adequate capital and liquidity.

3. With respect to its operational, information security and compliance risk oversight function, the Committee will:

   1. Review and approve Operational Risk related Policies including but not limited to the following:

      • ACH Policy

      • BSA/AML/OFAC/CIP/FCPA/Anti-Boycott Compliance Policy and Program

      • Business Resumption Policy

      • Compliance Policy

      • Corporate Security Policy

      • Default Services Policy

      • Issues Management Policy

      • Model Risk Management Policy

      • Operational Risk Management Policy

      • Privacy and Information Safeguarding Policy

      • Unfair Deceptive or Abusive Acts or Practices Policy (UDAAP)

      • Wire Transfer Policy

   2. Review and discuss the Company's Business Resumption Program annually.

   3. Review and discuss significant regulatory compliance risks, compliance audits and the status of management's response to any reported issues.

   4. Oversee the Bank's Compliance Management programs.

   5. Review and discuss significant operational risks including, but not limited to Model Risks, Financial Crimes, and Third-Party Risks.

   6. Review Corporate Security Reports, on a quarterly basis, or more frequently if deemed necessary.

   7. Approve the initial appointment of the Chief Compliance Officer and BSA Officer and

      any subsequent changes to the positions.

   8. Review and oversee the Bank's Talent Management Program.

4. With respect to its community oversight function, the Committee will:

   1. Review and approve the Fair Lending Policy, as well as the Bank's Fair Lending Annual Plan.

   2. Review and approve the Community Reinvestment Act Policy

   3. Review and discuss emerging and material community oversight risks, including fair lending.

   4. Review and discuss activities related to the Community Reinvestment Act, Fair Lending, and the Community Commitment Plan.

   5. Approve the initial appointment of the Fair Lending Officer and CRA Officer and any subsequent changes to the positions.

   6. Review and approve ERC related components of Community oversight programs which may include risk assessment, data privacy, fair lending, community development and CRA-related risk management, social lending policies, charitable giving, and consumer practices.

5. With respect to its enterprise risk oversight function, the Committee will:

   1. Review and approve the Risk Governance Framework and the Enterprise Risk Management Policy.

   2. Review and approve the Enterprise Risk Management Committee Charter.

   3. Review and approve at least annually the Risk Appetite Metrics (RAMs) and risk appetites in relation to the risk the Bank is willing to accept in relation to the strategic plan.

   4. Review and discuss breaches to the established thresholds of the Risk Appetite Metrics and the status of management's response to any identified breaches.

   5. Review and discuss the Bank's emerging and material risks in aggregate and by risk type.

   6. Review and discuss strategic and reputational risks, including macroeconomic risks.

   7. Review and approve the Strategic Planning Policy.

   8. Work with management to establish processes for identifying and reporting risks.

   9. Set the tone around risk awareness and convey its expectations to all colleagues that the Bank does not support excessive risk taking and that all colleagues are responsible for ensuring the Bank operates within the established risk appetite and limits.

   10. Review and discuss management's identification of and responses to circumstances that potentially pose significant strategic and reputational risks to the Company.

6. Other

   1. Review and approve the following:

      • Advisory Board Indemnification Policy

      • Anti-Tying Policy

      • Program Statement for Retail Sales of Non-deposit Investment Products

   2. The Committee shall perform such other duties and responsibilities as may be directed by the Board or required by applicable laws, rules or regulations.

   3. In performing its responsibilities, the Committee is authorized to obtain advice and assistance from internal or external, legal or other advisors at the Company's expense without prior permission of the Board or management.

   4. The Committee shall make regular reports to the Board summarizing the action taken at each Committee meeting.

   5. The Committee shall annually review its own performance and assess the adequacy of this Charter. The Committee may recommend amendments to this Charter at any time and submit amendments for approval to the Board.

Limitation of the Enterprise Risk Committee's Role

The Board's role in the governance of the Bank is clearly distinct from management's role. The Board is responsible for the overall direction and oversight of the Bank-but is not responsible for managing the Bank day-to-day. The Board should oversee and hold management accountable for meeting strategic objectives within the Bank's risk appetite. Both the board and management should ensure the Bank is operating in a safe and sound manner and complying with laws and regulations. It is not the Committee's responsibility to approve loans, conduct investigations or to assure that the Company complies with specific legal or regulatory requirements. Each member of the Committee will be entitled to rely, to the fullest extent permitted by law, upon the integrity of those persons within and outside the Company from whom it receives information.

12595380.1