CHARTER OF THE RISK COMMITTEE
OF THE BOARD OF DIRECTORS OF GREEN DOT CORPORATION
Adopted as of October 19, 2017
The purpose of the Risk Committee (the “Committee”) of the Board of Directors (the “Board”) of Green Dot Corporation (the “Company”) is to provide oversight of the Company’s enterprise-wide risk management framework and Corporate Risk function, including the strategies, policies, procedures, processes, and systems established by management to identify, assess, measure, monitor, and manage the major risks facing the Company. The Committee shall assist the Board and its other committees that oversee specific risk-related issues and serve as a resource to management by overseeing risk across the entire Company and across all risk types, and by enhancing management’s and the Board’s understanding of the Company’s overall risk appetite and enterprise-wide risk management activities and effectiveness.
While the Committee has the authority and responsibilities set forth in this Charter, management is responsible for designing, implementing and maintaining an effective risk management framework.
The Committee will consist of two or more members of the Board, with the exact number being determined by the Board. All members of the Committee will be appointed by, and will serve at the discretion of, the Board. All members of the Committee will be independent directors under the applicable rules, regulations and listing requirements of the New York Stock Exchange, as amended from time to time (the “Exchange Rules”), except as may otherwise be permitted by such Exchange Rules. All members of the Committee shall also meet any expertise and experience requirements imposed by any applicable regulatory authority.
III. RESPONSIBILITIES AND DUTIES
The principal responsibilities and duties of the Committee in serving the purposes outlined in Section I of this Charter are set forth below. These duties are set forth as a guide, with the understanding that the Committee will carry them out in a manner that is appropriate given the Company’s needs and circumstances. The Committee may supplement them as appropriate and may establish policies and procedures from time to time that it deems necessary or advisable in fulfilling its responsibilities.
A. Risk Management Framework. The Committee shall approve and periodically review the Company’s risk management framework, which outlines the Company’s overarching approach to risk management and the policies, practices, and governance structures used by management to execute its risk management program and Corporate Risk strategy. The Committee retains the right to request updates or changes to any such framework and oversight policies, or other risk policies reviewed and approved by the Board’s other committees, based on the Committee’s assessment of enterprise-wide risk exposures and other matters it deems appropriate. The Committee shall approve any other policies or activities it deems appropriate or are required to be approved by the Committee by applicable law or regulation.
B. Oversight of Corporate Risk Function. The Committee shall oversee and receive reports on the operation of the Company’s enterprise-wide risk management framework
and Corporate Risk function. This oversight shall include reviewing agendas and minutes of management risk committee meetings. The Chief Risk and Compliance Officer shall report jointly to the Company’s Chief Banking Officer (or similar executive) and the Committee, and the Committee will review any process of appointment and/or replacement, including dismissal, of the Chief Risk and Compliance Officer.
C. Risk Profile. The Committee shall review and discuss the key risk types facing the Company, including financial crimes risk (including Bank Secrecy Act/anti-money laundering risk), information security risk (including cyber defense management), model risk, operational risk, credit risk, regulatory compliance risk, reputation risk, strategic risk, and technology risk, and the most significant cross-functional risk areas that cut across multiple risk types and/or require significant coordination across multiple risk oversight functions (including counterparty credit risk). The Committee also shall review and discuss management’s assessment of the Company’s aggregate enterprise-wide risk profile, as well as the alignment of the risk profile with the Company’s strategic plan, goals, objectives, and risk appetite.
Acquisitions and Strategic Initiatives. The Committee shall receive reports prepared by Company management pursuant to the Company’s Mergers and Acquisitions Policy, or any similar policy adopted by the Board from time to time, and shall discuss and make such inquiry of management regarding risks that may be associated with the Company’s acquisition activities or significant new business or strategic initiatives as it may deem appropriate.
Emerging Risks and Other Risk Issues. The Committee shall receive regular reports from the Chief Risk and Compliance Officer and other members of management regarding emerging risks and other selected risk topics and/or enterprise-wide risk issues, including model risk. The Committee may request that the Board and/or another committee of the Board review, discuss and assume oversight responsibility for any newly-identified risk issues.
D. Risk Appetite. The Committee shall annually review and recommend to the Board the articulation and establishment of the Company’s risk appetite. The Committee shall receive reports from management and, if appropriate, other Board committees, regarding the Company’s adherence to risk limits and its established risk appetite.
E. Assessment of Risk Program. The Committee shall review and receive regular reports from the Chief Risk and Compliance Officer and other members of management regarding management’s assessment of the effectiveness of the Company’s enterprise-wide risk program, including corrective actions taken by management to address risk issues and the implementation of risk management enhancements.
F. Other Duties and Responsibilities.
Chief Information Security Officer Oversight. The Company’s Chief Information Security Officer (“CISO”) shall report directly to the Chair of the Committee, and on a “dotted line” basis to the Company’s Chief Operating Officer. The Committee will review any process of appointment and/or replacement, including dismissal, of the CISO.
Review of Composition and Performance. The Committee will evaluate the Committee’s composition and performance on an annual basis and submit a report to the Board.
Review of this Charter. The Committee will review and reassess the adequacy of this Charter annually, and recommend to the Board any changes the Committee determines are appropriate.
Other Actions. The Committee will perform any other activities required by applicable law, rules or regulations, and take such other actions and perform and carry out any other responsibilities and duties delegated to it by the Board or as the Committee deems necessary or appropriate consistent with its purpose.
IV. STUDIES AND ADVISERS
The Committee, in discharging its responsibilities, may conduct or authorize studies of, or investigations into, any matter that the Committee deems appropriate, with full access to all books, records, facilities and personnel of the Company. The Committee has the sole authority and right, at the expense of the Company, to retain legal counsel, consultants, accountants, experts and advisers of its choice to assist the Committee in connection with its functions, including any studies or investigations. The Committee will have the sole authority to approve the fees and other retention terms of such advisers.
The Board may appoint a member of the Committee to serve as the chairperson of the Committee (the “Chair”); if the Board does not appoint a Chair, the Committee members may designate a Chair by its majority vote. Meetings of the Committee will be held at least four times per year (including at least once per quarter) or more frequently, as determined appropriate by the Committee. The Chair, in consultation with the other member(s) of the Committee, will set the dates, times and places of such meetings. The Chair or any other member of the Committee may call meetings of the Committee by notice and the Committee may act by unanimous written consent in accordance with the Company’s Bylaws. A majority of the members of the Committee will constitute a quorum for the transaction of business. Subject to the requirements of this Charter and applicable law, the Committee and the Chair may invite any director, executive or employee of the Company, or such other person, as it deems appropriate in order to carry out its responsibilities, to attend and participate (in a non-voting capacity) in all or a portion of any Committee meeting.
The Committee shall meet periodically in separate executive sessions with the Chief Risk Officer and other members of management as it determines appropriate. The Chief Risk Officer is expected to communicate with the Chair on any significant risk issues that arise between Committee meetings, including issues raised by management’s Enterprise Risk Management Committee. In addition, each of the members of the Board’s other committees is expected to bring to the attention of his or her committee Chair, or the Chief Risk Officer, any risk issues that such committee member believes should be discussed by the Committee. The Committee may exclude from all or a portion of its meetings any person it deems appropriate in order to carry out its responsibilities.
The Chair will designate a secretary for each meeting, who need not be a member of the Committee. The Company shall provide the Committee staff support as it may require.
VI. MINUTES AND REPORTS
The Committee will maintain written minutes of its meetings and copies of its actions by written consent, and will cause such minutes and copies of written consents to be filed with the minutes of the meetings of the Board. The Committee will report to the Board from time to time with respect to its activities, including on significant matters related to the Committee’s responsibilities and the Committee’s deliberations and actions.
VII. DELEGATION OF AUTHORITY
The Committee may form and delegate authority to subcommittees from time to time, as it deems appropriate and to the extent permitted under applicable law and the Company’s Certificate of Incorporation and Bylaws.
* * *
The Board has formed the Committee to assist the Board in directing the Company’s affairs and this Charter has been adopted in furtherance of this purpose. While this Charter should be interpreted in the context of all applicable laws and regulations, as well as in the context of the Company’s Certificate of Incorporation and Bylaws, it is not intended to establish by its own force any legally binding obligations.