(b) Risk committee. The board of each regulated entity shall establish and maintain a risk committee of the board of directors that assists the board in carrying out its duties to oversee the enterprise-wide risk management program at the regulated entity.
(1) Committee structure. The risk committee shall:
- (i) Be chaired by a director not serving in a management capacity of the regulated entity;
- (ii) Have at least one member with risk management experience that is commensurate with the regulated entity's capital structure, risk appetite, complexity, activities, size, and other appropriate risk-related factors;
- (iii) Have committee members that have, or that will acquire within a reasonable time after being elected to the committee, a practical understanding of risk management principles and practices relevant to the regulated entity;
- (iv) Fully document and maintain records of its meetings, including its risk management decisions and recommendations; and
- (v) Report directly to the board and not as part of, or combined with, another committee.
(2) Committee responsibilities. The risk committee shall:
- (i) Periodically review and recommend for board approval an appropriate enterprise-wide risk management program that is commensurate with the regulated entity's capital structure, risk appetite, complexity, activities, size, and other appropriate risk-related factors;
- (ii) Receive and review regular reports from the regulated entity's chief risk officer, as required under paragraph (c)(5) of this section ; and
- (iii) Periodically review the capabilities for, and adequacy of resources allocated to, enterprise-wide risk management.