For those of you who have a Risk Management Committee, can you please share with me how your committee is structured? Specifically, I am interested in the following:

[*]Who makes up the membership of the committee?
[*]How many members do you have on the committee?
[*]Who chairs the committee?
[*]Who does the committee report to?

We are a ISB and are thinking of forming such a committee. Thank you for any suggestions you might have for this type of committee.

For me, this would be a joint effort between senior management and the board. I would assume senior management would want some direction from the board. It appears you are starting one from scratch, I would work on a Committee Charter first. This should would help answer the majority of your questions. Is this going to be an internal or external committee.

-Who makes up the membership of the committee - this would depend on the mission and responsibilities of the committee.
-How many do you have on the committee - this could depend on risk complexity of the bank and where those responsibilities lie.
-Normally, the committee members vote at the first meeting to elect a chair, unless senior management wants to designate someone.
-Who does the committee report to - would be outlined in your charter.

Committee Members: President, Chief Credit Officer, Chief Administrative Officer, Chief Information Officer, Retail Executive, Commercial Banking Executive, Loan Operations Manager, and Risk Officer.
Technically, the President is the chair, but as the de facto Risk Officer I plan and lead each meeting. The minutes and any reports go to the Board's Audit and Risk Committee.

We're a little under $1B and this committee had previously been more of a formality (met once a quarter to approve policies and review third parties). We're now meeting monthly and a lot more items are handled by this Committee. There's a lot more risk assessments, monitoring, tracking, and reporting. We developed a dashboard report summarizing all our risk areas based on Key Risk Indicators which goes to the board quarterly. So far so good.

I agree that you want representation from all areas of the bank. One of the best things to come out of RMC meetings is learning about what is happening in another silo that might affect yours.

In my past experience, the CEO chaired the committee, but another individual (me in a few cases) was the co-chairperson responsible for setting the agenda and gathering all the materials for the package. At one bank we met monthly. At another we met quarterly. This is something that will need to be decided.

Each representative reported on what was happening in their silo and the status of risk (stable/increasing/decreasing) with an explanation. We discussed risk assessments and other information that we determined to be important for managing risk. This developed over time.

When I was in charge of the agenda and minutes at one bank, I found that assembling the package and keeping the minutes was a lot of work on top of everything else I was doing. In order to make things more manageable, I created cover pages for each risk area (credit, transaction, compliance, reputation, etc.) and required each risk manager to submit their materials with the cover page on top in Adobe format. Once I received everyone's packages, I wrapped them into one pdf and distributed for the meeting. I also required each risk manager to write their own section of the minutes after each meeting. I cut and pasted the information into my version and edited when necessary. Once everyone was accustomed to the system, preparing for the meetings became very easy. As was preparing the minutes. (Who doesn't hate doing minutes? Ugh!)