Banc of California : Joint Enterprise Risk Committee Charter

CHARTER OF THE JOINT ENTERPRISE RISK COMMITTEE

OF THE BOARDS OF DIRECTORS OF

BANC OF CALIFORNIA, INC. AND BANC OF CALIFORNIA

(Most Recently Adopted May 9, 2024)

The Boards of Directors of Banc of California, Inc. and Banc of California have established a Joint Enterprise Risk Committee (the "Committee") with the authority, responsibility and specific duties as described in this Charter. Where applicable, references herein to the "Company" are Banc of California, Inc. and Banc of California, as applicable, and references herein to the "Board" are the Boards of Directors of Banc of California, Inc. and Banc of California, as applicable. The "Bank" means Banc of California.

PURPOSE.

The Committee is appointed to assist the Board in its oversight of risk management activities, including the establishment of the Company's enterprise risk management framework and associated policies and practices. The Committee is also appointed to assist the Board of Directors of the Bank in fulfilling its responsibilities for supervising the fiduciary activities of the Bank to ensure the proper exercise of the Bank's fiduciary powers. In addition, the Committee is appointed to assist the Board in its oversight of the credit processes and asset quality of the Company and compliance with applicable regulatory requirements with respect thereto. The Committee will coordinate with (1) the Joint Audit Committee for review of the Company's financial and operational risks, corporate-wide compliance, and other areas of the Joint Audit Committee's responsibility; (2) the Joint Compensation, Nominating, and Corporate Governance Committee for review of compensation-related risks and environmental social, and governance matters; and (3) the Finance Committee for review of asset, liability, liquidity, and capital management risks. While the Committee has the authority and responsibilities set forth in this charter, management is responsible for designing, implementing, and maintaining effective risk management processes which enable management to effectively identify, measure, monitor, control, and report risk exposures consistent with the Board-established risk appetite.

COMPOSITION.

The Committee shall be comprised of three or more directors, including a Chair, as determined by the Board, considering the recommendations of the Joint Compensation, Nominating, and Corporate Governance Committee of the Board and subject to any committee composition requirements under any applicable law, rule, or regulation.

The Chair of the Committee shall be a director who (i) is not an officer or employee of the Company and has not been an officer or employee of the Company during the previous three years; (ii) is not a member of the immediate family of a person who is, or has been within the last three years, an executive officer of the Company; and (iii) is an independent director the regulations of the Securities and Exchange Commission (17 CFR 229.407(a)).

The Board may replace committee members at any time, with or without cause. The Chair of the Committee will chair all regular sessions of the Committee and is responsible for setting the agendas of Committee meetings. In the absence of the Chair of the Committee, the Committee shall select another member to preside.

RESPONSIBILITIES AND AUTHORITY.

The Committee's responsibilities and authority include the following:

1. Oversee management's design and implementation of an appropriate enterprise-wide process to identify, prioritize, measure, monitor, and report alignment of the Bank's practices with its defined risk appetite; including, without limitation, operational, fraud, third-party relationships involving critical activities and/or risks, technology, information security, anti-money laundering, compliance, model, legal, reputational, strategic, credit, interest rate, and liquidity risks.

1. Oversee the design and implementation of the Company's enterprise-wide risk management framework, including review and approval of risk-related policies; adequacy of resources, systems, and processes to support risk management and management's mitigation efforts, as relevant.
2. Oversee and provide strategic direction to management for developing and maintaining risk appetite guidelines by risk type, and annually approve such guidelines. Require and review reports from management personnel on the Bank's adherence to the defined risk appetite guidelines.
3. Oversee the Company's compliance management programs and compliance with legal and regulatory requirements and ensure management creates a culture that places a high priority on compliance. In this regard, the Committee will obtain quarterly reports from management, including as appropriate, in the areas of human resources, risk management, internal audit, legal, and compliance, with regard to whether the Company is in conformity with applicable legal and regulatory requirements and industry practice. These reports will include management's periodic evaluation of the effectiveness of the Company's compliance programs and will include a review of significant pronouncements and changes to regulatory and legal requirements.
4. Oversee the Company's information security and technology management programs and review risks related to information security and cybersecurity as well as the steps taken by management to control for such risks.
5. Review and approve disaster recovery and business continuity plans at least annually. Oversee management's maintenance of the business continuity program to reflect the current operating environment and management's testing of the plan to confirm its viability.

2

1. Evaluate the following with respect to the fiduciary activities of the Bank: (i) proper exercise of fiduciary powers; (ii) adequacy of management, staffing, systems, and facilities; (iii) strategic plans, policies, and control procedures; (iv) adequacy of risk management and compliance programs; and (v) regulatory examination and internal and external audit results.
2. Ensure appropriate policies and procedures are in place for adherence to the self- dealing and conflicts of interest provisions under 12 C.F.R. Section 9.12 as applicable to the Bank (Cal. Fin. Code § 1562).
3. Within the scope of its authority, conduct reviews or investigations as it deems necessary or appropriate to carry out its duties, and in this regard, the Committee will have full access to all books, records, facilities, and personnel of the Company and its subsidiaries, and the power to retain independent legal, accounting, or other advisors or experts, as it deems necessary or appropriate to carry out its duties.
4. Review significant reports from regulatory agencies and internal/external reviews relating to risk management and compliance issues, and management's responses.
5. Oversee the Company's stress testing policy and framework.

12. Review the Bank's compliance with the Community Reinvestment Act (the "CRA") and the rules and regulations thereunder, including:

1. Review the reports of examination of the Bank by regulatory authorities concerning CRA compliance, consider the responses of management with respect thereto and render a report to the Board with respect thereto.
2. Review the Bank and Company's Annual Community Development/CRA Plan and as appropriate, review CRA-related community relationships and special initiatives in the communities in which the Bank operates.

13. Oversee the Company's credit processes and credit culture, including:

1. Review reports from the Company's credit review function (internal or external) regarding the rating of the Company's loans, the adequacy of the documentation in the Company's credit files, and the adherence of the Company to its credit policies, including any other significant reports to management and management's responses thereto.
2. Approve annually the engagement of any third party consultants hired to perform credit review services.
3. Review credit intensive, new products or businesses areas.
4. Review the loan portfolio composition, concentrations of credit, and trends.

3

1. 1. Approve related Board-level credit and concentration risk limit exceptions and review management-level credit and concentration risk limits exceptions, as appropriate.
   2. Review the Company's monitoring and management of past due, nonperforming loans, and foreclosed assets.
   3. Review and approve credit policies and programs.
   4. Review the established monitoring and reporting systems that focus on the measurement of current and future exposure to credit losses.
   5. Review the Company's Allowance for Credit Losses (ACL) policy, at least annually.
   6. Review the methodology and assumptions used by management, in accordance with the Current Expected Credit Loss (CECL) methodology, regulatory/supervisory guidance, and generally accepted accounting principles (GAAP), to estimate the ACL.
   7. Review management's assessment and justification for the ACL and the processes behind the quarterly provision for credit losses and the adequacy of the ACL at each quarter's end.
   8. Require management to periodically validate and, when appropriate, revise the ACL assumptions, methodologies, and models.
2. Perform any other activities consistent with this Charter as the Committee deems necessary or appropriate and perform any other duties or responsibilities delegated to the Committee by the Board from time to time or assigned to the Committee by applicable law, rule or regulation.
3. Review and reassess the adequacy of this Charter at least annually and recommend changes to the Board when necessary or appropriate.
4. Annually evaluate its own performance, comparing its performance with the requirements of this Charter, and review such evaluation with the Board.

Management of interest rate and liquidity risk shall primarily be overseen by the Joint Finance Committee of the Board.

COMMITTEE STRUCTURE AND OPERATIONS.

A majority of the members of the Committee in office from time to time shall constitute a quorum for the transaction of business and the act of a majority of those present at any meeting at which there is a quorum shall be the act of the Committee. In the event of a tie

4

vote on any issue, the Chair's vote shall decide the issue.

The Committee shall meet at least quarterly. Meetings of the Committee may be called by the Chair or any member of the Committee. The Committee shall keep records of all of its proceedings and activities (including risk-management decisions), which shall be filed with the books and records of the Company. The Committee shall, report the results of its activities directly to the Board of Directors on a regular basis and will provide the Board with any recommendations and additional reports as are appropriate or requested by the Board.

The Committee should meet separately periodically with management to discuss any matters that the Committee or management believe should be discussed privately. The Committee may request any officer or employee of the Company or the Company's outside advisors to attend a meeting of the Committee or to meet with any members of, or consultants to, the Committee. Without limiting the generality of the foregoing, the Committee shall receive and review regular reports on at least a quarterly basis from the Company's chief risk officer.

Members of the Committee may participate in a meeting of the Committee by means of conference call or similar communications equipment by means of which all persons participating in the meeting can hear each other.

The Company must provide for appropriate funding, as determined by the Committee, for payment of reasonable compensation to any consultant, legal counsel, or other advisor retained by the Committee.

AUTHORITY TO DELEGATE TO SUBCOMMITTEES.

The Committee may, in its discretion, delegate all or a portion of its duties and

responsibilities to a subcommittee of the Committee composed of one or more of its members for any purpose that the Committee deems appropriate and may delegate such power and authority held by the Committee under the Charter as the Committee deems appropriate.

5