HERITAGE FINANCIAL CORPORATION HERITAGE FINANCIAL CORPORATION
RISK AND TECHNOLOGY COMMITTEE CHARTER
Effective February 26, 2024
- Purpose of the Committee
The purpose of the Risk Committee ("Committee") is to assist the Board of Directors ("Board") of Heritage Financial Corporation ("Company") in (a) discharging its oversight duties with respect to the risks inherent in the businesses of the Company and its subsidiaries (collectively, "Heritage") in the following categories: credit risk, market and liquidity risk, operational risk, environmental, social and governance risk, and the regulatory component of compliance risk; (b) providing oversight on the management of risks associated with technology, including those associated with the development of technology platforms and future technology strategies; and (c) promoting a culture that encourages ethical conduct and compliance with applicable rules and standards. Attached to this Risk Committee Charter ("Charter") are the definitions of risk categories used in the management of risk for Heritage.
- Committee Membership
The Committee shall consist of at least four directors with a majority of the committee members to be non-employees of Heritage. The Committee's membership shall be such that, in the judgment of the Board, it shall have the experience, expertise and judgment necessary to evaluate the information presented to the Committee by management and others with respect to the risk categories within the Committee's mandate as set forth in this Charter.
The Board shall appoint the Committee members and the Chair of the Committee annually based on the recommendations of Heritage's Governance and Nominating Committee. The Board may fill vacancies on the Committee and may remove a member from Committee membership at any time with or without cause.
- Committee Structure and Operations A. Meetings
The Committee shall meet in person or by telephone conference, videoconference or other means of communication permitted under Washington law at least quarterly. Additional meetings may be held, or actions may be taken by unanimous written consent, as deemed necessary or appropriate by the Committee Chair or by any other member of the Committee. The presence of a majority of the members of the Committee shall constitute a quorum for the transaction of business. Minutes of each meeting shall be prepared by the Secretary of the Company or such other person designated by the Committee Chair as Acting Secretary of the Committee and, when approved, shall be distributed to all Board members.
The Committee may meet with Heritage's Chief Executive Officer, Chief Financial Officer, Chief Risk Officer, and Regulatory and BSA/AML Compliance Officer(s), other members of management of Heritage, consultants or advisors as it may deem necessary or appropriate.
The Committee may hold joint and concurrent meetings with the Audit Committee from time to time for the purpose of (but not limited to) (i) reviewing and discussing correspondence with, or other action taken by, state and federal regulators, or (ii) deliberating on matters relating to compliance with legal and regulatory requirements or the overall effectiveness of the risk management program.
B. Resources
The Committee shall have the resources and authority appropriate to discharge its duties and responsibilities. In particular, the Committee shall have direct and unrestricted access to Heritage's management and non-management personnel and all corporate records; it shall have authority to select, retain and terminate the engagement of any consultant in connection with the performance of its duties and to approve the terms of the engagement including the fees to be paid to the consultant; and it shall have the authority to obtain advice and assistance from legal, accounting or other advisors.
IV. Duties and Responsibilities of the Committee
The Committee's responsibility is one of oversight. The responsibility for regulatory compliance and for the management of other risks in Heritage's businesses rests with the management of Heritage. In fulfilling their responsibilities hereunder, it is recognized that members of the Committee are not and do not represent themselves to be, risk management or compliance professionals. Each member of the Committee shall be entitled to rely in good faith on (i) the integrity of those persons and organizations within and outside Heritage from which he or she receives information, and (ii) the accuracy of the information provided to the Committee by such persons or organizations absent actual knowledge to the contrary (which shall be promptly reported to the Board).
The Committee shall perform the following oversight functions for Heritage and such other duties and responsibilities as are delegated to it by the Board:
- Review and discuss with management reports with respect to the risk exposures of Heritage, and management's procedures for identifying, assessing, monitoring, controlling measuring and reporting such risk exposures.
- Review and discuss with management reports with respect to the Company's technology risks, including technology strategies and development, and their remediation.
- Review and recommend for approval to the Board, proposed policies and proposed changes in policies with respect to management of the risks within
2
the Committee's mandate including, where appropriate, limits or guidelines reflecting Heritage's risk tolerance in particular areas.
- Review and discuss with management significant issues raised by both state and federal regulatory agencies relating to risk management activities for which the Committee has oversight responsibility, and management's response to issues identified in the examination and other regulatory reports and findings. Discuss with the Audit Committee matters reviewed or discussed by the Committee that also bear on the risks within the mandate of the Audit Committee, recognizing that the Audit Committee has primary responsibility for reviewing and discussing matters relating to the financial reporting and legal compliance components of compliance risk.
- Make regular reports to the Board.
- Review and reassess the adequacy of this Committee Charter on an annual basis and submit any recommended changes to the Board for approval.
3
Attachment to the | |
Heritage Financial Corporation | |
Risk Committee Charter | |
Risk Categories and Definitions | |
Risks | Definitions |
Strategic | The risk to current or projected financial condition, reputation, or |
resilience arising from adverse business decisions, improper | |
implementation of decisions, inadequate risk management | |
infrastructure, or ineffective responsiveness to emerging industry | |
changes or unforeseen events. | |
Credit | The risk to current or projected financial condition, reputation or |
resilience arising from a borrower, counter-party, issuer, or other | |
obligor's failure to repay a loan or otherwise meet a contractual | |
obligation. | |
Compliance | The risk to current or projected financial condition, reputation or |
resilience arising from violations of or non-conformance with laws | |
rules, and regulations. | |
BSA/AML/OFAC | The risk to current or projected financial condition, reputation or |
resilience arising from violations of or non-conformance with the | |
Bank Secrecy Act, and its implementing regulations, Anti-Money | |
Laundering regulations, and Office of Foreign Assets Control | |
(OFAC) laws and regulations. | |
Operational | The risk to current or projected financial condition, reputation or |
resilience arising from missing, inadequate or failed internal | |
processes, and people. Also included are adverse events, such as | |
business disruptions and fraud. |
Information The risk to current or projected financial condition, Technology and reputation or resilience arising from missing, inadequate or
Security failed technology. Information technology and data are owned across the organization. The use of information technology and data contributes to the success and efficiency of all Bank operational and risk management processes. Any failure to efficiently and effectively, deliver, utilize, and manage or control needed technology can increase cost and risk across the organization. The primary elements are:
- Failure to effectively manage technology
- Failure to maintain the integrity of data
4
• Failure to maintain the confidentiality of Bank and customer | |
information | |
• Failure to maintain the availability of information, including | |
timely and accurate technology and data disaster recovery | |
practices. | |
Reputation | The risk to current or projected financial condition, reputation or |
resilience arising from negative public opinion. Stakeholders | |
include primarily customers, counterparties, correspondents, | |
investors, regulators, employees, and the community. | |
Interest Rate | The risk to current or projected financial condition, reputation or |
resilience arising from adverse movements in interest rates. | |
Liquidity | The risk to current or projected financial condition, reputation or |
resilience arising from an inability to meet obligations when they | |
come due, including the potential loss of liquidity attributed to | |
declining credit quality in the investment portfolio. | |
Environmental, | The risk to current or projected financial condition, reputation or |
Social, and | resilience arising from environmental or social factors and failure |
Governance (ESG) | to govern the Company accordingly. |
5
Attachments
- Original Link
- Original Document
- Permalink
Disclaimer
Heritage Financial Corporation published this content on 15 April 2024 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 13 May 2024 15:34:06 UTC.
