This guidance note proposes outline terms of reference for the risk committee of a company seeking to comply fully with the requirements of the UK Corporate Governance Code published in July 2018 (the Code) and reflects the FRC Guidance on Risk Management, Internal Controls and Related Financial and Business Reporting (FRC Guidance) published in September 2014. It is particularly relevant to significant banks and insurance firms that are required to have a separate board risk committee under the rules of the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA). It is also of relevance to other financial institutions and companies in other industry sectors where the board considers that a risk committee, separate from the audit committee, is considered necessary or desirable. This is a matter for each company and its board to determine.
This guidance note draws on the experience of company secretaries and is based on good practice as carried out in some of the UK’s largest listed companies. The Code and FRC Guidance are available at www.frc.org.uk.
The outline terms of reference are intended as a guide for companies to adapt to their needs where the board decides it is necessary or desirable to have a separate risk committee. The risks associated with the operational activities of each company will be specific to the organisation. It is therefore essential that the duties of the risk committee are tailored to the needs of the company using a variety of reference sources and specific regulation. The duties need to be agreed in close collaboration with the senior management team, in particular the Chief Risk Officer (CRO) if the company has one.
- Companies with additional primary listing(s) may need to amend the terms of reference in light of additional requirements in the relevant country, in particular the US Sarbanes-Oxley Act 2002.
- Some responsibilities that are relevant to certain companies or sectors only are shown in square brackets.
The guidance notes on terms of reference for all board committees should be read together when allocating responsibilities to the committees. It is important to recognise the links and overlap between the responsibilities of board committees and consequently the need for each board committee to have full knowledge of the deliberations of other committees through reports to the board and, if possible, by appointing at least one member of a committee to each of the other committees.
Some or all of the duties undertaken by a risk committee could be undertaken by either the audit committee or by the board itself. It is important to ensure that duties are not allocated to more than one committee and that there are no gaps. The precise allocation of responsibilities should be detailed in the terms of reference for the risk committee and the audit committee, and should be agreed by the board.