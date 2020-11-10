PacWest Bancorp : Charter of the Risk Committees of the Boards of Directors
PACWEST BANCORP/PACIFIC WESTERN BANK
CHARTER OF THE RISK COMMITTEES
OF THE BOARDS OF DIRECTORS
NOVEMBER 10, 2020
Purpose of the Committees
Each of the respective boards of directors (individually a "Board," and collectively, the "Boards") of PacWest Bancorp ("PacWest") and its wholly owned subsidiary, Pacific Western Bank (the "Bank," and collectively with PacWest, the "Company") have established a Risk Committee (individually a "Committee," and collectively, the "Committees") to approve and periodically review the Company's risk management policies and to oversee the implementation of the Company's enterprise-wide risk management framework. The enterprise-wide risk management framework includes the strategies, policies, procedures, assessments and systems established and maintained by management to identify, assess, measure and manage the Company's material risks. Each Committee shall assist its Board and its other committees that oversee specific risk-related issues and serve as a resource to management, including management's Enterprise Risk Management Steering Committee ("ERMSC"), by overseeing risk across the entire Company and by enhancing its Board's understanding of the Company's overall risk tolerance and enterprise-wide risk management activities and their effectiveness. The Committees will coordinate with the Audit Committees of the Boards for review of the Company's financial and operational risks, corporate-wide compliance and other areas of Audit Committee responsibility or with the Compensation, Nominating and Governance Committees of the Boards for review of compensation-related risks. Each Committee shall report to its Board on a regular basis.
Committee Membership
Each Committee shall be comprised of at least three directors. With respect to the PacWest Committee, one of whom is "independent" as to PacWest as defined under rule 5605(a)(2) of The Nasdaq Stock Market LLC and is not a member of the "immediate family" (as defined in 12 C.F.R. 225.41(b)(3) of Regulation Y) of any person who is or has been in the last three years an "executive officer" (as defined in 12 C.F.R. 215.2(e)(1) of Regulation O). At least one member of each Committee shall have experience in identifying, assessing, and managing risk exposures of large, complex firms (risk management experience in nonbanking or nonfinancial firms may fulfill this requirement). Members of each Committee shall be appointed by its Board based on nominations recommended by its Compensation, Nominating and Governance Committee, and shall serve at the pleasure of the Board and for such term or terms as the Board may determine.
To facilitate open communication between the other committees of its Board, the chair of each Committee shall receive the materials for each meeting of the other committees of its Board.
The Committees shall keep written minutes of all meetings, which minutes shall be maintained with the books and records of PacWest or the Bank, as applicable.
At all meetings of the Committees, a majority of the total number of Committee members shall constitute a quorum. All meetings will be subject to and in accordance with the applicable provisions of Delaware and California law and the Bylaws of PacWest and the Bank, including notice, quorum, voting and approval requirements thereof.
Committee Structure and Operations
Each Board shall designate one member of its Committee as its chairperson. The PacWest Committee's chairperson must be "independent" as defined under "Committee Membership." Each Committee shall meet at least quarterly, or more frequently as they deem necessary or appropriate to properly discharge its responsibilities, in conjunction with regularly scheduled meetings of its Board at regularly scheduled times and places determined by the Committee chairperson, with further meetings to occur, or actions to be taken by unanimous written consent, when deemed necessary or desirable by the Committee or its chairperson. Members of the Committee may participate in a meeting of the Committee by means of a conference call or other similar means of communication in which all persons participating in the meeting can hear one another.
The Committees shall meet, as deemed necessary and appropriate, with the Company's Chief Risk Officer, management and other employees of the Company, in separate executive sessions. Each Committee may invite such members of management to its meetings as they may deem desirable or appropriate, consistent with the execution of their functions. Each Committee may also request any other director, officer or employee of the Company, any consultant of the Company or the Company's outside counsel or independent auditors to attend a meeting of the Committee or to meet with any members of, or consultants to, the Committee.
Committee Duties and Responsibilities
To carry out its purposes, the Committees shall have the following duties and responsibilities:
General Risk Oversight
Receive presentations and other information to understand the significant risks to which the Company is exposed.
Consider and provide advice to its Board, when appropriate, on the risk impact of any strategic decision that the Board may be contemplating, including considering whether any strategic decision is within the risk tolerance established for the Company and its individual business units.
At least annually, approve any risk management policies the Committees deem appropriate or are required to be approved by applicable law or regulation.
Oversee management's implementation of a risk management framework that is commensurate with the Company's structure, risk profile, complexity, activities and size, including the development and implementation of effective policies, processes and procedures designed to ensure that risks are properly controlled,
quantified and within the Company's risk appetite and associated risk tolerances. Risk categories within this framework shall include, but not necessarily be limited to: credit (loans and securities), interest rate/price, liquidity, operational, information technology, regulatory compliance, reputational, strategic, human resources and capital.
At least annually, review and recommend to its Board for approval the
Company's Risk Appetite Statement.
On a quarterly basis, review and approve the Company's Risk Dashboard, including the limits and tolerance ranges within it.
Receive reports from management, including the Chief Risk Officer (at least quarterly), the Chief Credit Officer, and the Chief Financial Officer, and, if appropriate, other Board committees, regarding matters relating to risk management and/or the Company's risk and compliance organization, including relevant emerging risks and other selected risk topics and/or risk issues.
Review the examination reports of the Board of Governors of the Federal Reserve (in the case of the PacWest Committee) and of the Federal Deposit Insurance Corporation and California Department of Business Oversight (in the case of the Bank Committee), the Consumer Financial Protection Bureau and/or any other applicable federal or state banking regulatory agency or authority relating to risk- management activities and the responses prepared by management to material findings and/or recommendations made in the examination reports.
At least annually, review insurance coverages, renewals and trends, and approve the Company's corporate insurance program, which includes the financial bond, management and professional liability, property and casualty, and cyber insurance.
Review significant pronouncements and changes to key regulatory requirements relating to the risk-management area to the extent they apply to the Company.
Approve the appointment and, when and if appropriate, replacement of the Chief Risk Officer, who shall report directly to the Committees as well as to the Chief Executive Officer.
Credit Review
Oversee the Company's credit review function.
Annually review and approve the credit review plan, including proposed scopes, engagement letters, statements of work, and applicable credit review policies.
Oversee the independence of the credit review function from management.
15. Review and approve credit review reports.
Credit Management/Administration
At least annually, review and approve any credit policies the Committees deem appropriate or are required to be approved by applicable law or regulation.
Review the Company's credit quality trends, including the trends of nonaccrual loans, classified loans, loan charge offs and recoveries, and foreclosed assets.
Review loan portfolio composition trends and related loan portfolio concentrations against concentration limits established by the Company's credit policies.
Review the current and recent historical trend of exceptions to underwriting guideline specific risk acceptance criteria for newly originated loans.
Compliance and Bank Secrecy Act ("BSA")
Review reports of periodic compliance reviews performed by the Company's compliance department and/or outsourced compliance review providers regarding compliance with applicable lending, deposit, BSA and Title III of the USA PATRIOT Act regulations.
Review updates on the filing of any Suspicious Activity Reports.
Capital Plan and Stress Testing
Review and recommend to the Board for approval capital actions, as applicable, including but not limited to, dividend distributions on common and preferred stock and issuance of new capital instruments.
Review and approve the Company's annual stress testing process.
Review with management and approve reports, conclusions and output contained in the Company annual capital stress test results.
Operations and Systems Risk
Review reports from the EVP, Chief Operating Officer regarding the Company's IT and operations risk including, among other things, systems performance overview and risk profile, system integration plans, business continuity planning, information security (including risks to customer information and policies, procedures and training to manage such risks), technology strategy and significant technology projects, and third-party outsourcing arrangements.
Review the Company's Cyber/Information Security Report, which includes but is not limited to an assessment of the Company's current security updates and cyber
