Charter of the Enterprise Risk Management Committee of the Board of Directors

 Download a PDF of this document

Purpose of the ERM Committee

The primary purpose of the Enterprise Risk Management Committee (the "Committee") of the Board of Directors (the "Board") of Ullico Inc. (the "Company") is to assist the Board in providing oversight of the enterprise risk management activities of the Company and its subsidiaries and to advise the Board with respect to the effectiveness of the enterprise risk management framework of the Company.

Because the Audit Committee of the Board is responsible for reviewing and discussing with management and the independent auditors the major financial risk exposures, the Committee will coordinate discussions with the Audit Committee, as necessary, in the discretion of the Committee chairs. The Committee members will not provide any expert advice as to the Company's risk management systems or programs.

The Committee is charged with facilitating the Company's ability to identify, assess, monitor, and manage risk with focus primarily on the implementation of an effective enterprise risk management framework. The Committee's function is solely oversight of the Company's assessment, monitoring, management, and control of such risks. Each member of the Committee shall be entitled to rely on the integrity and competency of those persons and organizations within and outside the Company that provide information to the Committee and on the accuracy and completeness of the information provided to the Committee by such persons or organizations, absent actual knowledge to the contrary.

The Committee shall provide oversight of the Company's enterprise risk management process, including oversight of the development and implementation of standardized monitoring and reporting formats in order to permit management to identify, assess, respond to, and report the most significant risks identified in the assessment process.

Composition

The Committee shall be comprised of not less than three members of the Board, each of whom shall be free from the influence of management or corporate relationships that could improperly influence his or her judgment as a committee member. At least one member of the Committee shall also be a member of the Audit Committee of the Board.

The members of the Committee shall be appointed annually by the process set forth in the bylaws. The Chairman of the Board of Directors shall designate a Chairperson of the Committee, subject to the approval of the Board of Directors, provided however, that if the Board does not so designate a Chairperson, the members of the Committee, by a majority vote, may designate a Chairperson.

Except as approved by the Board, no member of the Committee shall receive, directly or indirectly, any compensation from the Company other than fees paid to Board members for service on the Board or a committee thereof.

The Committee shall have the resources and authority appropriate to discharge its responsibilities and may rely on the assistance of outside advisors, experts and consultants if the Committee determines that these resources are not available through management, or if available, are not appropriate for use by the Committee in a given circumstance. The Committee shall have the authority to select, retain and terminate such outside consultants and the authority to approve the consultant's fees and other retention terms, subject only to review by the Board of Directors, before the Committee finalizes the retention, of the terms and scope of the retention.

Committee Operations

The Committee shall meet with such frequency and at such intervals as it shall determine is necessary to carry out its duties and responsibilities, but in any case, not less than four times annually. However, the Chairperson of the Committee may, in consultation with the members of the Committee, determine that the Committee shall meet more or less frequently to take into account new and significant risks. The Committee may also meet periodically in separate executive sessions as needed.

The Committee shall receive quarterly risk exposure and policy compliance reports from the Vice President, Enterprise Risk Management, in a format to be approved by the Committee. The Committee may meet with the Company's management, outside counsel or independent auditors to discuss any matters that the Committee or any of the meeting participants believe should be discussed privately or warrant Committee attention. Members of the Committee may participate in Committee meetings telephonically.

The Committee may hold joint meetings with the Audit Committee from time to time to review and discuss correspondence with, or action taken by, state and federal regulators; or to deliberate on matters relating to compliance with legal and regulatory requirements or the overall effectiveness of the risk management programs of the Company.

The Committee shall maintain minutes of each meeting of the Committee, and each written consent action taken without a meeting, reflecting the actions so authorized or taken by the Committee. The minutes of each meeting and all consents shall be placed in the Company's minute book.

The Committee, in discharging its oversight role, is empowered to study or investigate any matter of interest or concern relating to risk management that the Committee deems appropriate.

Committee Responsibilities and Authority

The Committee will work with management to establish and maintain a standardized comprehensive risk management reporting framework to be prepared and maintained by management for identifying, assessing and managing significant and key risks exposures.

In this regard, the specific responsibilities of the Committee include:

1. Oversight of the various identified risks faced by Company and its subsidiaries and the proper assessment, monitoring, mitigation and management of such risks.
   
   
2. Reviewing standardized, periodic reports from the Company's management detailing significant and identified key risks presented by the Company's operations and the underlying business systems and processes implemented to identify, assess, monitor and manage such risks, and, as necessary, discussing the same with management.
   
   
3. Annually review and evaluate the Company's ERM reporting framework regarding the identification, assessment, mitigation and management of risks, including risks identified by the other committees of the Board. The standardized reporting by management to the ERM committee shall include the evaluation and management of the following core types of risks and sub-risks types:
1. Strategic
1. Capital
2. Current Strategy
3. Strategic Initiatives
4. Growth
5. Earnings
6. Corporate Governance
7. Human Capital and Compensation
8. Reputation
2. Market
1. Liquidity
3. Underwriting
1. Concentration
4. Credit
5. Operational
1. Technology
2. Information Security
3. Third Party
4. Operational - Other
5. Compliance
   
   
4. Provide oversight of management's implementation of the following internal processes:
1. Ensure, by way of implementation of standardized reporting formats, that business unit management understands and accepts their responsibility for identifying, assessing, monitoring, reporting and managing risks and are strategically focused on enterprise-wide risk management.
2. Establish the formalized and standardized format for business unit management to identify, assess, monitor, report and manage risks, including transaction and control risks.
3. Provide business units ERM framework processes and procedures to facilitate achievement of their risk management responsibilities related to risk identification, assessment and prioritization.
4. Establish within business units ownership roles, responsibilities and accountabilities and reporting requirements related to risk management.
5. Business unit risk identifications and assessments are performed periodically and reported to senior management.
   
   
5. Recommend for the Board review and consideration a general Risk Appetite Statement that includes key risk tolerances and Risk Management Policy that provides a framework for administering the risk management process and decision-making. Such Statement and Policy criteria will be in alignment with the strategic plans and objectives of the Company.
   
   
6. Review, assess and discuss with the Company's General Counsel, Chief Financial Officer and the Independent Auditor any significant risks or exposures, management's risk assessments, the steps management has taken or would consider taking to minimize such risks or exposures, and the Company's underlying policies with respect to risk assessment and risk management.
   
   
7. Periodically review the appointment and performance of the Vice President of Enterprise Risk Management and confer with management on their conclusions.
   
   
8. Periodically review and assess the adequacy of this Charter and recommend any proposed changes to the Board for approval.
   
   
9. Carry out any other responsibilities and duties delegated to the Committee by the Board from time to time related to the responsibilities outlined above.
   
   
10. Report to the Board on a regular basis and make such recommendations with respect to any of the above-referenced matters as the Committee deems necessary or appropriate.
    
    
11. Evaluate its own performance biennially and report such findings and recommendations to the Board.
    
    

Approved by the ERM Committee
Date: November 13, 2014

Approved by the Board
Date: February 18, 2015