Vice President, Chief Credit Officer and Executive Vice President, Chief Risk Officer both report directly to the Risk Committee.
The Audit Committee of our Board is responsible for overseeing risks associated with financial matters (particularly financial reporting,
accounting practices and policies, disclosure controls and procedures, and internal control over financial reporting), reviewing and discussing generally the identification, assessment, management and control of our risk exposures on an
enterprise-wide basis and engaging as appropriate with our Risk Committee to assess our enterprise-wide risk framework. The head of the Companys Internal Audit function reports directly to the Audit Committee. The Compensation Committee has
primary responsibility for risks and exposures associated with our compensation policies, plans and practices regarding both executive and general employee compensation. In particular, our Compensation Committee, in conjunction with our Chief
Executive Officer and other members of our management as appropriate, reviews our incentive compensation arrangements to ensure these programs are consistent with applicable laws and regulations, including safety and soundness requirements, and do
not encourage imprudent or excessive risk-taking by our employees. The Nominating and Corporate Governance Committee oversees risks associated with the independence of our Board and potential conflicts of interest facing our directors.
Our senior management is responsible for implementing and reporting to our Board regarding our risk management processes, including by
assessing and managing the strategic, operational, regulatory, investment and execution risks we face on a day-to-day basis. Our senior management is also responsible
for creating and recommending to our Board for approval appropriate risk appetite metrics reflecting the aggregate levels and types of risk we are willing to accept in connection with the operation of our business and pursuit of our business
objectives. One area in which management has responsibility is data security, including conducting periodic assessments and coordinating third-party assessments of the required processes that management would follow in the event of a data security
breach. Management presents an annual information security report to the Board in accordance with the Companys Information Security Program and Policy, which program addresses standards for developing and implementing administrative,
technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information regardless of the method used to access, collect, store, use, transmit, protect, or dispose of data.
The role of our Board in our risk oversight is consistent with our leadership structure, with our Chief Executive Officer and the other
members of senior management having responsibility for assessing and managing our risk exposure, and our Board and its committees providing oversight in connection with those efforts. We believe this division of risk management responsibilities
presents a consistent, systemic and effective approach for identifying, managing and mitigating risks throughout our operations.
Actions in Response to the COVID-19 Pandemic
In March 2020, the World Health Organization
declared the novel coronavirus (COVID-19) outbreak a global pandemic, and throughout 2020 the Companys management and Board responded with purposeful steps to help keep our people safe and our customers
served. We quickly initiated our business continuity plan in March, including daily communication among executive leadership, near daily meetings among senior leadership, weekly bank-wide calls with our employees, and weekly meetings with our
banking regulators. Our management provided weekly updates to the Board through May regarding the impact of the pandemic on the Companys employees, operations and clients. This correspondence sought to keep the Board updated on
managements efforts with respect to credit, liquidity, regulatory, operations, human resources and internal communications issues.
Our management prioritized the health and safety of the Companys employees, including implementing healthy workplace guidelines and
permitting all employees whose jobs allowed them to work from home to do so. Our human resources team developed and obtained executive approval of the Companys new remote working policy to include partial remote, local remote and out-of-footprint remote employees. Our technology team implemented its established business continuity plan, which already had the technical framework, infrastructure
-21-