The Executive Committee  is responsible for the following:

• Exercise the authority of the Board of Directors as delegated by the Board and as may be allowed by law during intervals between meetings of the Board of Directors.
• Provides oversight of the financial management of the Group, including strategic and financial planning, the budget, capital planning and compliance with regulatory limits with respect to capital, liquidity ratios and other measures as may be required by the relevant regulatory agencies.
• With the support of the Risk Oversight Committee, provides financial strategic direction to achieve the objective regarding investments, derivative activities, balance sheet management, interest rate and foreign risk management.
• Provides strategic direction with regard to liquidity position, including issuance of short and long-term debt, generation of short and long-term financial assets.
• Approves the sale of ROPOA as recommended by the Asset Disposal Committee
• Approves and Endorses the Major Expenditures based on Major Expenditures Policy (MEP).
• Reviews Investor Relations
• Reviews and monitors the company’s debt ratings, dialogue with the credit agencies and bank credit

Composition from May 7, 2024 – April 28, 2025

Chairman: Daniel S. Dy

Vice Chairperson: Maria Cristina A. Tingson

Members:

Diana P. Aguilar

Cirilo P. Noel

Sanjiv Vohra

Enrico S. Cruz (Independent) – non-voting

Esther Wileen S. Go (Independent) – non-voting

*Finance Committee was dissolved in April 2023 and the Committee responsibilities were assumed by the Executive Committee.

**Appointed as member of the Executive Committee effective June 27, 2023

Number of meetings in 2023: 11

The 2023 Committee accomplishments include the following:

• Reviewed and endorsed to the Board the strategic initiatives, financial performance, and budget
• Approved sale of ROPA and NROPA as recommended by the Asset Disposal
• Assessed impact and proposed mitigation to address various market, competitive, legislative developments on the Bank’s financials.
• Approved and endorsed to the Board the dividend policy for the Bank’s common and preferred
• Reviewed monthly and quarterly performance of the Bank and business
• Assessed, approved, and endorsed the major expenditures of the Bank on both the strategic and major initiatives.
• Conducted annual review of the Committee Charter and provided oversight to management level committees for effective management of relevant risk (i.e.,Asset Disposal Committee, Asset and Liability Committee, and Product Committee)

The Audit Committee, reviews internal control and risk management systems, processes for financial control, internal and external audits, and compliance with laws and regulations.

Composition from May 7, 2024 – April 28, 2025

Chairman: Gerard H. Brimo (Independent)

Vice Chairman: Cirilo P. Noel

Member: Napoleon L. Nazareno (Independent)

The 2023 Committee accomplishments include the following:

• Reviewed the effectiveness of internal controls including financial, operational and compliance controls and risk management.
• Evaluated the integrity of the Bank’s financial statements and the effectiveness of internal controls over financial reporting.
• Review and approve the annual internal audit risk assessment and plan to ensure its conformity with the objectives of the Bank.
• Reviewed the performance of the Head of internal Audit and the External
• Monitored outstanding internal and external audit issues including whistleblowing
• Reviewed and approved Internal Audit’s annual plan, including any changes ensuring appropriate coverage of risk and compliance with regulatory requirements.
• Approved the appointment/retention of the External Auditor and remuneration of the Head of Internal Audit and key Internal Auditors.
• Approved and endorsed to the Board the results of Audit, Special Reviews and Self-Assessment in compliance with regulatory directives.
• Reviewed the adequacy of the Committee Charter and the Internal Audit
• Recommends the appointment of the new Chief Audit
• Approved the selected party to conduct the external quality assurance

The Risk Oversight Committee, is responsible for the following:

• Development, approval, and oversight of the risk management framework and program of the Bank and its Subsidiaries, including its implementation by management.
• Defines the SBC Group risk appetite. In setting the risk appetite, the Committee considers the business environment, regulatory landscape, and the group’s long- term interests and ability to manage risk.
• Approves and oversees adherence to the risk appetite statement (RAS), risk policy and risk
• Oversees the development of, approves, and oversees the implementation of policies and procedures relating to the management of risks throughout the group.
• Defines organizational responsibilities of the risk management function following the three lines of defense framework. The business line functions will represent the first line of defense; the risk management and compliance functions, the second line of defense; and the internal audit function, the third line of defense.

Composition from May 7, 2024 – April 28, 2025

Chairman: Enrico S. Cruz (Independent)

Vice Chairperson: Esther Wileen S. Go (Independent)

Members:

Napoleon L. Nazareno (Independent)

Jikyeong Kang (Independent)

Cirilo P. Noel

Maria Cristina A. Tingson

Juichi Umeno

*Appointed in the Committee effective April 25, 2023 (vice Director Takeuchi)

Number of meetings in 2023: 14

The 2023 Committee accomplishments include the following:

• Strengthened risk management by enhancing the existing credit, market, liquidity, and operational risk policies
• Reviewed and approved all trading activities and its exceptions, business risk review relating to business units and high-risk industries
• Approved various credit, market, liquidity, and operational risk policies to strengthen risk management practices and align with regulatory changes, such as:
  • Market Risk policies relating to current trading and brokering programs and monitoring of business model execution
  • Credit Risk policies for wholesale and retail lending, Approving Authorities and Credit Limits, Credit Classifications, Impairment Assessment, Environmental & Social Risk Management Framework, Insurance Coverage, write-off of accounts and documentary requirements for corporate and retail loans
  • Operational Risk policies relating to Risk and Control Self-Assessment (RCSA), Risk and Control Assessment (RCA), Fraud Risk Management Framework, Business Continuity Management Framework, Crisis Management Policy, Environmental and Social Risk Management Framework, Information Technology Risk Management Policy, Social Media Framework (Expanded); notation of the Outsourcing Committees’ third-party service provider evaluation and accreditation.
  • Model development and recalibration of ECL models across all credit risk taking businesses and model risk management of all risk and business models
  • Updates on market, credit and operational risks of the Bank’s Trust Division and subsidiaries
• Approved and endorsed for confirmation of the Board, the Contingency Funding Plan appropriate for the Bank and Subsidiaries

The Corporate Governance Committee assists the Board in approving and overseeing the implementation of the corporate governance framework. Responsible for ensuring the Board’s effectiveness and due observance of corporate governance principles and guidelines.

Composition from May 7, 2024 – April 28, 2025

Chairperson : Jose Perpetuo M. Lotilla (Independent)

Vice Chairman : Cirilo P. Noel

Members :

Napoleon L. Nazareno (Independent)

Gerard H. Brimo (Independent)

Nobuya Kawasaki

*Appointed in the Committee effective April 25, 2023 (vice Directors Kang, Salcedo and Takeuchi) 2022

Number of meetings in 2023: 12

The 2023 Committee accomplishments include the following:

• Reviewed results of performance evaluation of Compliance Office and Chief Compliance
• Performed oversight of Compliance function, including review of the BSP Report of Examination and assessment of replies and periodic reports of the Compliance Office, monitoring of implementation of the Compliance Plan covering General Regulations and AML, evaluation of results of independent compliance testing, updates on policies and Manuals relating to Corporate Governance, Compliance Program and MLPP.
• Reviewed administrative cases and adequacy of committee
• Facilitated the completion of the annual corporate governance training for the directors of the Bank and its subsidiaries.
• Monitored and evaluated the status updates of compliance with regulatory
• Reviewed and endorsed for Board approval the Bank’s 2022 Integrated Annual Corporate Governance
• Reviewed the results of the annual performance assessment of the Board, CEO, Chairman, Corporate Secretary, Board level and Management level Committees
• Reviewed and endorsed for Board approval the update of the Manual on Corporate
• Performed oversight of bank’s progress on Sustainability Transition Plan commitments and BSP
• Approved Occupational Safety and Health

The Trust Committee, is primarily responsible in overseeing the Trust, IMA and Other Fiduciary business of the Bank through its Trust and Asset Management Group (TAMG), including the oversight of investments of funds contributed to and held by these Trust, IMA and Other Fiduciary accounts.

Composition from May 7, 2024 – April 28, 2025

Chairperson: Diana P. Aguilar

Vice Chairman: Jose Perpetuo M. Lotilla (Independent)

Members:

Sanjiv Vohra

Maria Cristina A. Tingson

Ma. Carmencita R. Lopez (Trust Officer)

*Appointed as TC Member effective April 25, 2023

Number of meetings in 2023: 5

The  2023 Committee accomplishments include the following:

• Convened five (5) TC meetings in 2023 with end goals that included:
  • Updating the TC on the performance (AUM and Profitability) of TAMG and to allow the TC to recommend processes and ways to improve its profitability and operational efficiencies.
  • To update the TC on Market Updates, views and outlook of the Investments’ Team and give its recommendation on improving return performance.
  • To review the business model from time to time, considering the product profitability and trust products to offer given the market developments (high interest rate; volatility in FI and Equity
  • To update the TC on Compliance and Risk matters arising out of TAMG investment and fiduciary
  • To update the TC with status on external, internal and regulatory audit related matters, Account Governance report on results of administrative and investments’ review of accounts managed and administered by TAMG, update the TC members on queries raised by the Committee including updates on action items committed by TAMG that were raised and discussed during the previous meeting.

• Approved the following:

• Trust Group’s 2024 Budget, AUM size, Profitability and Changes in Trust Group’s Organizational Structure including manpower count;
• Amendments and enhancements of internal policies, including amendments to the SB Funds’ Declaration of Trust and Appendix I in compliance with BSP Circular 1152, amendments to the Trust Committee Charter as recommended by the Compliance Group and amendments to TAMG’s signing Policy;
• Offering Legislated and Quasi-Judicial Corporate Trust Accounts to E-money Issuers for their compliance to BSP Circular 1166;
• Related party transactions;
• Inclusion of Principal-protected Structured Notes to TAMG’s investment universe;
• Accreditation of new Debt and Equity Issuers and revalidation of existing Debt and Equity

• Provided guidance to TAMG on the following:

• Marketing and sales initiatives, catch-up plans, new products, new regulations and market scanning to help grow the AUM at faster pace;
• Acquisition of AUM/ Portfolios/ Trust entity through Project Arrow;
• Challenges of the Trust and Asset Management business on the back of market trends, competition, market volatilities and how challenges could also be opportunistic for the business;
• Addressing customer and audit concerns and issues;
• Identified process and policy enhancements from findings on industry and market scan as reported to the Committee.

The Related Party Transactions Committee ensures that transactions with related parties across the SBC Group are handled in a sound and prudent manner, with integrity and in compliance with applicable laws and regulations to protect the interest of depositors and stakeholders.

Composition from May 7, 2024 – April 28, 2025

Chairman: Napoleon L. Nazareno (Independent)

Vice Chairman: Jose Perpetuo M. Lotilla (Independent)

Member: Diana P. Aguilar

*Appointed in the Committee effective April 25, 2023 (vice Director Kang)

Number of meetings in 2023: 12

The 2023 Committee accomplishments include the following:

• Reviewed and endorsed material RPT transactions for board approval ensuring that transactions were conducted in a manner that protected the Bank from any potential conflict of interest.
• Confirmed report of non-material RPT

The Senior Credit Committee as the highest credit decision-making body, reviews and approves proposals and transactions related to credit and works closely with the Risk Management Group in managing the overall credit risk of the Bank.

Composition from May 7, 2024 – April 28, 2025

Chairperson: Maria Cristina A. Tingson

Vice Chairman: Stephen G. Tan (Independent – new director)

Members :

Sanjiv Vohra

Cirilo P. Noel

Juichi Umeno

Enrico S. Cruz (Independent) – non-voting

* Appointed as member of SCC effective June 27, 2023

**Deceased May 2023

Number of meetings in 2023: 49

The Committee reviewed and approved credit transactions over authority limits of Credit Committee.

The Nominations and Remuneration Committee, reviews and evaluates the qualifications of all persons nominated to the Board and other appointments that require Board approval. It also assesses the effectiveness of the Board’s processes and procedures in the election and replacement of directors. Finally, it establishes a formal and transparent procedure for developing policy on remuneration of directors and officers to ensure that compensation is consistent with the Bank’s culture, strategy and the business environment in which the Bank operates.

Composition from May 7, 2024 – April 28, 2025

Chairperson: Jikyeong Kang (Independent)

Vice Chairman: Enrico S. Cruz (Independent)

Member:

Gerard H. Brimo (Independent)

Daniel S. Dy

Maria Cristina A. Tingson

*Appointed in the Committee effective April 25, 2023 (vice Director Lotilla)

**Appointed as member effective April 25, 2023

***Appointed as member effective June 27, 2023 (vice Interim Member Noel)

****Deceased May 2023

*****Interim member (vice A. Villarosa) appointed in the Committee effective April 25, 2023 (vice Directors Kang, Salcedo and Takeuchi) 2022

Number of meetings in 2023: 12

The 2023 Committee accomplishments include the following:

• Evaluated and recommended new board
• Reviewed and approved senior officer new
• Reviewed and approved various HR and employee benefits related policies as recommended by the People Empowerment Committee
• Reviewed manpower
• Reviewed adequacy of charter and organizational
• Reviewed and approved board and committee assignments, concurrent assignments within the group, executive compensation disclosures.

The Transformation and Technology Committee is overseeing the development and implementation of strategy, transformation, innovation and information technology initiatives of the Bank and its subsidiaries and affiliates, in support of the Group’s vision, mission and strategic objectives. Main duties and responsibilities include:

• Advise the Bank in all major strategy, transformation, and information technology initiatives in terms of strategy, culture, process, leadership, technology, and structure.
• Oversee the strategic transformation, and technology initiatives, including Recommending for Board approval the Bank’s Strategy and Transformation Roadmap
  • Recommending for Board approval the Bank’s Information technology Architecture and strategic
  • Reviewing proposed strategic, transformation and information technology initiatives and projects for risk, value, potential returns, and support of the Bank’s strategic plans.
  • Endorse Major Expenditure Proposals (MEP) related to strategic programs and projects to the Executive Committee (ExCom) and Board.
  • Monitoring the implementation and execution of various strategic, transformation and information technology initiatives and projects across the Bank based on goals, cost and benefits defined in the MEP and the SMART goals (Specific, Measurable, Achievable, Relevant, Time-Bound). Scope of programs governed in TTC will be deemed strategic as per classification/definition approved by TTC.
• Review and approve IT
• Ensure that a review of IT procedures and standards is performed at least on an annual
• Report to the Board on the IT performance, status of Strategic projects and associated risks, and other significant issues.
• Appoint members of the Senior Management Team, who will be part of the “Enterprise Control Board (ECB)” that will ensure alignment of the IT projects with the Bank’s Strategic The TTC shall review and approve the ECB Charter on an annual basis.

Composition from May 7, 2024 – April 28, 2025

Chairperson: Esther Wileen S. Go (Independent)

Vice Chairperson: Jikyeong Kang (Independent)

Members:

Sanjiv Vohra

Daniel S. Dy

Lucose T. Eralil (Chief Operating Officer – COO)

Eduardo M. Olbes (CFO)

*Appointed in the Committee effective April 25, 2023 (vice Director Nazareno)

Number of meetings in 2023: 13

The 2023 Committee accomplishments include the following:

• Reviewed the proposed strategic, transformation and information technology initiatives and projects for risk, value, potential returns, and support of the Bank’s strategic plans.
• Endorsed Major Expenditure Proposals (MEP) related to strategic programs and projects to the Executive Committee (ExCom) and Board.
• Monitored the implementation and execution of various strategic, transformation and information technology initiatives and projects across the Bank based on goals, cost, and benefits defined in the MEP and the SMART goals (Specific, Measurable, Achievable, Relevant, Time-Bound).
• Reviewed and approved IT policies, procedures, guidelines, and
• Reviewed and reported to board the IT performance, status of Strategic projects and associated risks, and other significant issues.
• Reviewed and approved the amendments of the ECB and TTC

The Information Security Risk Management Committee * (a sub-committee of Risk Oversight Committee) is responsible for the following:

• Oversights and maintains of the company’s operational risk management Operational risk areas include Information Technology systems and processes, together with privacy and network security, information security, and fraud and error losses.
• Provides guidance in the development of the Bank’s operational risk management policies, risk appetite and limits, ensuring that current and emerging risk exposures are consistent with the Bank’s strategic direction and over-all risk appetite.
• Receives, reviews, and provides inputs to reports of significant risk issues identified by management and ensures that said risks are promptly assessed, mitigated or corrected, and monitored.
• Periodically reviews with management the Bank’s contingency/ crisis management plans, business continuity and disaster recovery plans to ensure operational resiliency.
• Ensures that the Operational Risk Management (ORM) function has adequate staff and resources and carry out their responsibilities independently, objectively, and effectively.
• Ensures that all employees undergo operational risk awareness training appropriate to their position and maintain these skills, as required.
• Oversees the Outsourcing Committee in its role of managing and reviewing outsourcing contracts with third party providers.

*Formerly known as Operational Risk Management Committee

The 2023 Committee accomplishments include the following:

• Performed oversight of Operational Risk Management function, with a focus on IT and Information Security Risks, as well as monitoring and evaluation of Information Security updates, particularly in Patch Management, Asset Management / Inventory, and Access Management.
• Monitored and provided inputs on Risk areas concerning Fraud, Business Continuity Management, and Environmental Risk.
• Reviewed IT and Fraud Incidents with impact to the Bank’s operations, their identified root cause and the action plans formulated to address them.
• Approved the Information Security Policy
• Endorsed the revised ORMC Charter for formal approval in the
• Monitored and provided guidance for the Bank’s certification of compliance with

I. Purpose

1. The Executive Committee shall exercise the authority of the Board of Directors as delegated by the Board and as may be allowed by law during intervals between meetings of the Board of Directors.

II. Memberships

1. The Executive Committee shall be composed of five (5) directors and alternate members in accordance with the By-laws of the Bank.
2. All members including the Chairman shall be nominated and appointed by the Board from among its members for a one (1) year term and can be replaced or removed by the Board.
3. An independent director designated as a member of the Executive Committee and concurrently also a member of another board level committee with independent oversight or control such as Audit, Risk Oversight, Corporate Governance and RPT, shall have no voting right.
4. The composition and functions of the Executive Committee shall be reviewed by the Board on an annual basis.

III. Duties and Responsibilities

1. The Executive Committee may act on specific matters within the competence of the Board of Directors and as delegated to it by the Board of Directors from time to These shall include but will not be limited to the following:
   1. Approval of MEPs in excess of Php 75 million up to Php 600 million; and
   2. Approval of urgent items otherwise requiring board approval unless specifically excluded by the charter.

2. The Executive Committee may not act on the following:
   1. Approval of any action for which stockholders’ approval is also required;
   2. Filling of vacancies in the Board of Directors;
   3. Amendment or repeal of the By-Laws or the adoption of new By-Laws;
   4. Amendment or repeal of any resolution of the Board of Directors which by its express terms is not so amendable or repealable;
   5. Distribution of cash dividend (common and preferred) to the stockholders; and
   6. Other matters as may be specifically excluded or limited by the Board of Directors and/or by laws or regulations.

3. For the management-level committees that report to the Executive Committee1, oversee the performance of their responsibilities as indicated in their respective charters and evaluate/ approve policies recommended by them to ensure the effective management of relevant risks
4. The Executive Committee shall:

1. Oversee the financial management of Security Bank Corporation (“the Bank”) and its subsidiaries and affiliates (collectively referred to as “the Group”), including strategic and financial planning, the budget, capital planning, and compliance with the regulatory limits with respect to capital, liquidity ratios and other measures as may be required by the relevant regulatory agencies.
2. The Committee, with the support of the Risk Oversight Committee, shall also provide financial strategic direction to achieve the Group’s objective regarding investments, derivative activities, balance sheet management, interest rate and foreign exchange rate risk management.
3. Oversee the liquidity management of the Group by providing strategic direction with regard to the Group’s liquidity position, including issuance of short and long- term debt, as well as, generation of short and long-term financial assets.
4. Oversee the capital management of the Group by:

• 1. Providing strategic direction with respect to the Bank’s allocation of capital vis- à-vis the capital requirements of the different business segments;
  2. Assessing the Bank’s capital adequacy relative to its risk profile and
  3. understanding capital requirements as scenarios vary or become stressed;
  4. Leading discussions in Board meetings on the adequacy of capital, and recommended action plans to manage and maintain the level of capital;
  5. Providing oversight on contingency capital measures to address scenarios when additional capital will be required;
  6. Recommending changes to the dividend policy, if warranted;
  7. Ensuring that capital is raised in a timely manner; and
  8. Informing the Board of Directors of the impact of the Bank’s activities on
  9. Reviewing and approving, in collaboration with the Risk Oversight Committee, the Bank’s ICAAP, including the recovery plan and the annual internal capital target levels.

5. Approve the sale of ROPOA as recommended by the Asset Disposal Committee for amounts P20 million and above through 2 designated Executive Committee Members.
6. Review investor relations
7. Review and monitor the Company’s debt ratings, dialogue with the credit agencies and bank credit arrangements.

Asset and Liability Committee, |Asset Disposal Committee, and Product Committee

1. PURPOSE
   1. The Audit Committee (Committee) is appointed by the Board of Directors (Board) of Security Bank Corporation for the following purpose:
      1. To monitor and evaluate the adequacy, effectiveness and efficiency of the following:
         1. Integrity of the Bank’s financial statements;
         2. Bank’s internal control system including financial reporting process, information technology, governance and management of risks;
         3. The Bank’s process in monitoring compliance with applicable laws, rules and regulations, internal policies and its own code of business conduct; and
         4. Conduct of operations and safeguarding and effective use of assets.
      2. Perform oversight function over the following:
         1. Internal audit function and independence of auditors;
         2. Internal audit service provider (if any) and its independence; and
         3. External audit function and external auditor’s qualifications, independence and performance.
      3. Fulfilment of other responsibilities included in this document (Charter).
   2. The Committee is empowered by the Board to:
      1. Have resources and authority appropriate to discharge its responsibilities as defined in this Charter, including the authority to engage external auditors for special audits, reviews and other procedures and to obtain advice from special council and other experts or consultants to assist in any investigations without the need for Board approval;
      2. Have full access to members of management, employees, properties, records and relevant information of the Bank it considers necessary to discharge its duties;
      3. Receive regularly from Management on information on risk exposure and risk management activities;
      4. Resolve any disagreements between management and the internal and external auditors regarding audit issues and/or financial reporting;
      5. Delegate authority to the CAE and other sub-committees;
      6. Enter into service level agreements with the Audit Committees of the Bank’s subsidiaries and affiliates with regards to the shared services of the Internal Audit function and other dependencies on the activities of the Audit Committee of the Bank; and
      7. Commission an assessment team outside of the organization to conduct an independent quality assurance review of the internal audit function at least every five (5) years.
2. MEMBERSHIP
   1. The Committee shall be composed of at least three (3) members of the Board who are non-executive directors, two (2) of whom shall be independent directors, including the Chairman, preferably with accounting, auditing and finance expertise or experience.
   2. The Chief Executive Officer, Chief Financial Officer, and/or Treasurer, or officers holding equivalent positions shall not be appointed as members of the Committee.
   3. All members including the Chairman shall be appointed by the Board from among its members for one (1) year term and can also be replaced or removed by the Board anytime.
   4. The Chairman should not be the chairman of the Board or of any other committees.
   5. Each Committee member should have an understanding of the detailed responsibilities of committee membership.
   6. The Secretary of the Committee shall be the Chief Audit Executive or any person appointed by the Committee. The Secretary shall be responsible in managing the activities of the Committee particularly in coordinating the Committee meetings, preparing the minutes of meetings and safekeeping of records of the Committee.
3. DUTIES AND RESPONSIBILITIES
   The Committee shall have the following duties and responsibilities:

    

   1. General Procedures
      1. Escalate to the Board in a timely manner any Committee recommendations or decisions requiring ratification or approval by the Board as stated in this Charter.
      2. Submit an annual report to the Board with regards to the overall assessment of the Bank’s internal control system.
   2. Financial Statements
      1. Review and approve for endorsement the interim and annual audited financial statements and reports prior to submission to the Board, with particular focus on the following matters:
         1. Significant accounting and reporting issues;
         2. Any change/s in accounting policies and practices;
         3. Major judgemental areas;
         4. Significant adjustments resulting from the audit;
         5. Going concern assumptions;
         6. Compliance with accounting standards/financial reporting regulation;
         7. Compliance with tax, legal and regulatory requirements;
         8. Unusual or complex transactions.
      2. Discuss the external auditor’s attestation and report on management’s internal control with regards to the following:
         1. All critical accounting principles and practices;
         2. All alternative treatments of financial information within International/Philippine Financial Reporting System (IFRS/PFRS), Generally Accepted Accounting Principles (GAAP) and the Philippine Accounting Standards (PAS) that have been discussed with the management and its implications; and
         3. Other material written communications between the external auditor and management including, but not limited to, the management letter, audit adjustments and other schedules.
   3. Internal Control
      1. Review and monitor the adequacy and effectiveness of the internal control system, including information technology, security and control.
      2. Ensure that there is an annual review of the effectiveness of the Bank’s internal controls, including financial, operational and compliance controls, and risk management, through the review of reports of the external and internal audit.
      3. Through reports received from the Internal Audit function, ensure that management is taking necessary corrective actions in a timely manner to address the weaknesses, non-compliance with policies, laws and regulations including reporting of significant matters to the Board.
   4. Internal Audit and Internal Audit Service Provider
      1. Oversee the independence of Internal Audit Division by ensuring that the Chief Audit Executive functionally reports to the Committee and administratively to the President.
      2. Periodically review and approve the Internal Audit Charter.
      3. Ensure that the internal and external auditors are independent and that both auditors are given unrestricted access to all records, properties and personnel to enable them to perform their respective audit functions.
      4. Review and concur in the appointment, re-appointment, replacement, or dismissal of CAE.
      5. Report to the Board the annual performance appraisal of the CAE.
      6. Recommend for approval of the Board the annual remuneration of the CAE and key internal auditors. For purposes of this Charter, key internal auditors refer to the Department Heads.
      7. Review and approve the annual internal audit risk assessment and plan to ensure its conformity with the objectives of the Bank. The plan which is based on robust risk assessment shall include the audit scope, frequency, resources and budget necessary to implement it. Any significant change to the audit plan shall be likewise approved by the Committee.
      8. Review and ensure that budget, resources, plan and activities and organizational structure will support the internal audit function.
      9. Ensure that the internal auditors have sufficient knowledge, skills, experience and professional certifications to effectively discharge their functions
      10. Review periodically the implementation and accomplishment of the approved audit plan.
      11. Review final audit reports and ensure that management is taking necessary corrective actions in a timely manner to address the weaknesses, non-compliance with policies, laws and regulations and other issues identified by the auditors.
      12. Review discoveries of fraud and violations of laws and regulations as raised by the internal audit function.
      13. Ensure that the internal audit function maintains an open communication with executive management and key personnel, the audit committee, external auditors, and the supervisory authority;
      14. Ensure that the Internal Audit Division has a Quality Assurance and Improvement Program.
      15. Ensure that Internal Audit Division has an external quality assurance review every five years.
      16. Review the results of the internal periodic and independent external quality assurance review and monitor the implementation of the Internal Audit Division’s action plans to address any recommendations.
      17. Evaluate, review and approve outsourcing needs (if any) of the Internal Audit Division to ensure that it achieves its internal audit plan.
      18. Select and oversee the performance of the internal audit service provider.
      19. Ensure that the external audit service provider is independent, objective, and has adequate manpower resources with sufficient qualifications and skills necessary to accomplish the internal audit activities.
      20. Monitor and review the effectiveness of performance of internal audit function and internal audit service provider, if any, including its independence and reporting relationships.

1. PURPOSE
   1. The Risk Oversight Committee (ROC) shall be responsible for the development, approval and oversight of the risk management framework and program of the Bank and its Subsidiaries, including its implementation by management.
   2. The ROC shall also:
      1. Define the SBC Group risk appetite. In setting the risk appetite, it shall take into account the business environment, regulatory landscape, and the group’s long term interests and ability to manage risk.
      2. Approve and oversee adherence to the risk appetite statement (RAS), risk policy and risk limits.
      3. Oversee the development of, approve, and oversee the implementation of policies and procedures relating to the management of risks throughout the group.
      4. Define organizational responsibilities of the risk management function following the three lines of defense framework. The business line functions will represent the first line of defense; the risk management and compliance functions, the second line of defense; and the internal audit function, the third line of defense.
2. MEMBERSHIP
   1. The ROC shall be composed of at least three (3) members of the board of directors, majority of whom shall be independent directors, including the chairperson.
   2. The ROC’s chairperson shall not be the chairperson of the board of directors, or any other board-level committee.
   3. The ROC membership shall, in the determination of the Board, consist of the appropriate backgrounds and experience to discharge the oversight responsibilities of the ROC, and the ROC membership shall meet all applicable regulatory or legal requirements regarding expertise and other qualifications. At least one member shall have experience in risk management issues and practices.
   4. All members including the Chairman shall be appointed by the Board from among its members for one (1) year term and can also be replaced or removed by the Board anytime.
   5. The ROC has authority to retain advisers when it deems appropriate, including approval of fees and terms of retention, without the prior permission of the Board or management, and shall be provided the necessary resources for such purposes.
3. DUTIES AND RESPONSIBILITIES
   1. The ROC shall advise the Board of Directors on the Bank’s overall current and future risk appetite, oversee senior management’s adherence to the risk appetite statement, and report on the state of risk culture of the Bank.
   2. The ROC shall:
      1. Oversee the risk management framework.
         1. Risks covered will be credit risk, market risk, operational risk, reputational risk, and ESG risk.
         2. The ROC shall oversee the development of and approve the Bank’s primary risk management policies, risk appetite statements (RAS) and risk limits, and annually review and approve any material changes to such.
         3. It shall review reports of significant risk issues identified by management and ensure that said risks are promptly assessed, mitigated or corrected, and monitored.
         4. It shall ensure that there is periodic review of the effectiveness of the risk management systems, contingency plans and recovery plans.
      2. Oversee adherence to the risk appetite.
         1. The ROC shall receive reports on risk appetite results against defined risk appetite levels for quantitative parameters and qualitative factors. It shall ensure that corrective actions are promptly implemented to address risk management concerns.
         2. The ROC shall ensure that current and emerging risk exposures are consistent with the Bank’s strategic direction and over-all risk appetite. It shall assess the overall status of adherence to the risk appetite based on the quality of compliance with the limit structure, policies, and procedures relating to risk management and control, and performance of management, among others.
      3. Oversee the risk management function.
         1. The ROC shall ensure that the risk management function has adequate staff and resources and carry out their responsibilities independently, objectively and effectively.
         2. The Committee shall be responsible for the appointment/selection, remuneration, performance assessment, and dismissal of the Chief Risk Officer (CRO).
         3. It shall ensure that the risk management function has adequate resources and effectively oversees the risk-taking activities of the group.
   3. For Capital Management matters, the Risk Oversight Committee shall:
      1. Review and approve policies and where applicable, implementing guidelines as recommended for capital oversight purposes.
      2. Ensure the proper and consistent implementation of any Board approved Capital plan.
   4. For Outsourcing matters, the Risk Oversight Committee shall:
      1. Oversee the Outsourcing Committee in its role of managing and reviewing outsourcing contracts with third party providers.
      2. Approve policies recommended by the Outsourcing Committee to ensure effective management of risks arising from outsourced activities.
   5. For oversight of the Bank’s Fiduciary and Subsidiaries’ Risk Management:
      1. The ROC shall exercise risk management oversight of Trust and the Bank’s subsidiaries.
      2. Provided, that this shall be done in coordination with and reported to the respective board of directors of the subsidiaries.
      3. Provided, further, that the respective board of directors of the subsidiaries, shall remain ultimately responsible for the management of risk exposures.

1. PURPOSE
   1. The Corporate Governance Committee shall assist the Board of Directors in fulfilling its corporate governance responsibilities including approving and overseeing implementation of the corporate governance framework.
   2. Toward this end, the Committee shall have oversight and be responsible for ensuring the Board’s effectiveness and due observance of corporate governance principles and guidelines.
2. MEMBERSHIP
   1. The Corporate Governance Committee shall be composed of at least three (3) members of the Board of Directors who shall all be non-executive directors, majority of whom shall be independent directors, including the Chairman.
   2. All members including the Chairman shall be appointed by the Board from among its members for one (1) year term and can also be replaced or removed by the Board anytime.
3. DUTIES AND RESPONSIBILITIES The Corporate Governance Committee shall:
   1. Define appropriate governance principles, guidelines and structure and ensure the Board’s effectiveness and their due observance.
   2. Oversee the periodic performance evaluation of the Board and its Committees and present recommendations to the Board on the manner by which performance may be evaluated, with the objective performance criteria approved by the Board. Performance indicators shall address how the Board and its Committee have enhanced long-term enterprise and shareholders’ value.
   3. Oversee the management of the Bank’s compliance function to ensure that the Bank complies with all applicable laws, regulations, codes of conduct and standards of good practice, including the appointment, evaluation, remuneration and dismissal of the Chief Compliance Officer and the conduct of inquiries on Senior Management and key personnel’s performance relative to regulatory findings.
   4. Oversee and present recommendations to the Board regarding the continuing education program for directors.
   5. Ensure that directors are able to commit to effectively discharge their responsibilities and that directors with multiple board seats are able to devote sufficient time to fulfill their duties.
   6. Ensure that the board structure promotes efficiency, critical discussion of issues such as values, conduct and behaviors, and thorough review of matters. It shall regularly review the board’s structure, size and composition including board-level committees.

1. PURPOSE
   1. The Trust Committee (TrustCom) is a special committee which reports directly to the BOD and is primarily responsible for overseeing the trust, IMA and other fiduciary activities of SBC TAMG.
2. MEMBERSHIP
   1. The TrustCom shall be composed of at least five (5) members to include:
      1. The President or any Senior Officer of the Bank;
      2. The Trust Officer; and
      3. The remaining Committee members, including the Chairperson , shall be:
         1. Non-Executive Directors or Independent Directors, as defined under Subsection X141.1 and X141.2 of the BSP MORB, who are both not part of the Audit Committee; or
         2. Those considered as qualified “Independent Professionals.”
            A qualified “Independent Professional” shall refer to a person who:
            1. Is not a Director/Officer/Employee of the Bank during the last twelve (12) months counted from the date of committee membership;
            2. Is not a relative within the fourth degree of consanguinity or affinity, legitimate or common-law of any Executive Director or those involved in the day to day management of Institution’s operations of officer of the Bank;
            3. Is not engaged or does not engage in any transactions with the Bank whether by himself or with other persons or through a firm of which he is a partner, other than transactions which are conducted at arm’s length and could not materially interfere with or influence the exercise of his judgment.
   2. The TrustCom Chairman/Chairperson shall be appointed by the BOD and shall remain Chairman until such time the BOD shall appoint another Director to chair the TrustCom.
   3. The TrustCom Vice Chairperson shall also be appointed by the BOD and shall remain Vice Chairperson until such time the BOD shall appoint another Director as Vice Chairperson. In the absence of the Chairman/Chairperson, the Vice Chairperson becomes the Chairperson.
   4. Members of the TrustCom shall, in addition to meeting the qualification standards prescribed for directors, committee members and officers of financial institutions, possess the necessary technical expertise and relevant experience in trust and fiduciary business which may be indicated by any of the following:
      1. At least one (1) year of actual experience in trust, other fiduciary business, or investment management activities;
      2. At least three (3) years of professional experience in a relevant field such as banking, finance, economics, law and risk management;
      3. Completion of at least ninety (90) training hours in trust, other fiduciary business, or investment management activities acceptable to the BSP; or
      4. Completion of a relevant global or local professional certification program.
   5. A TrustCom member should be familiar with Philippine Laws, Rules and Regulations on trust business, as well as uphold at all times ethical and good governance standards.
   6. Restrictions on Membership
      1. Except for the President, a Director who is also an officer of the Bank shall not be qualified to be a member of the TrustCom.
      2. In case however, that the TrustCom shall be composed of more than five (5) members, majority shall be composed of qualified non-executive members.
      3. No member of the Bank’s Audit Committee shall be concurrently designated as a member of the TrustCom.
3. DUTIES AND RESPONSIBILITIES
   The Trust Committee shall:
   1. Ensure that fiduciary activities are conducted in accordance with applicable laws, rules and regulations, and prudent practices;
   2. Ensure that policies and procedures that translate the BOD’s objectives and risk tolerance into prudent operating standards are in place and continue to be relevant, comprehensive and effective;
   3. Oversee the implementation of the risk management framework and ensure that internal controls are in place relative to the fiduciary activities;
   4. Adopt an appropriate organizational structure/staffing pattern and operating budgets that shall enable SBC TAMG to effectively carry out its functions;
   5. Endorse the appointment, oversee and evaluate the performance of the Trust Officer;
   6. Conduct regular meetings at least once every quarter, or more frequently as necessary, depending on the size and complexity of the fiduciary business; and
   7. Report regularly to the BOD on matter arising from SBC TAMG’s activities.

1. PURPOSE
   1. The Related Party Transactions (RPT) Committee shall assist the Board of Directors in fulfilling its oversight responsibilities in ensuring that transactions with related parties are handled in a sound and prudent manner, with integrity, and in compliance with applicable laws and regulations to protect the interest of depositors, creditors and stakeholders.
   2. This shall include, among others:
      1. Adoption and proper implementation of a group-wide RPT policy, encompassing all entities within the SBC Group, which shall:
         1. Take into account their size, structure, risk profile and complexity of operations;
         2. Identify, prevent or manage potential or actual conflicts of interest, which may arise;
         3. Set materiality threshold and excluded transactions;
         4. Set internal limits for individual and aggregate exposures;
         5. Implement effective whistleblowing mechanisms as provided in the Bank’s Code of Discipline for Employees and Board;
         6. Include measures to restitute losses and other remedies for abusive RPTs
      2. Formulation and appropriate implementation of clear guidelines in ensuring that RPTs are conducted in the regular course of business and not undertaken on more favorable economic terms to such related parties than similar transactions with non- related parties under similar circumstances.
      3. Establishment of an effective system to:
         1. Determine, identify and monitor related parties and RPTs;
         2. Continuously review and evaluate existing relationships between and among businesses and counterparties;
         3. Identify, measure, monitor and control risks arising from RPTs. The system should be able to define related parties’ extent of relationship; assess situations in which a non-related party (with whom the SBC group has entered into a transaction) subsequently becomes a related party and vice versa; and generate information on the type and amount of exposures to a related party and vice versa; and generate information on the type and amount of exposures to a particular related party. The said system will facilitate submission of accurate reports to the regulators. The system as well as the overarching policies shall be subjected to periodic assessment by internal audit and compliance functions and shall be updated regularly for their sound implementation. The overarching policy and system shall be made available to the Bangko Sentral and audit functions for review. Any changes in the policies and procedure shall be made approved by the Board of Directors.
      4. Overseeing the integrity, independence and effectiveness of the policies and procedures for whistleblowing; and ensure that senior management addresses legitimate issues on RPT that are raised including the protection of the whistleblower from detrimental treatment and reprisal.
      5. Ensuring that adequate capital against risks associated with exposures to related parties is maintain. In this regard, material risk arising from RPTs shall be considered in the capital planning process. The prescribed scenario/stress tests under the capital planning process shall also capture RPTs in order to determine whether the SBC group is well-insulated from any going concern issue of related parties.
   3. The Committee shall also provide an avenue of communication between related parties, management, Compliance Office, the external and internal auditors and the Board.
2. MEMBERSHIP
   1. The RPT Committee shall be composed of at least three (3) members of the Board, two of whom shall be independent directors, including the chairperson, and one non-executive director. Each Committee member should have an understanding of the detailed responsibilities of committee membership.
   2. All members including the Chairman shall be appointed by the Board from among its members for one (1) year term and can also be replaced or removed by the Board anytime.
   3. The Compliance Officer or Internal Auditor may sit in as resource persons in the Committee.
   4. The Secretary of the Committee shall be the designated officer under the Office of the Corporate Secretary. He shall ensure that the notice and agenda of the meeting, with relevant supporting papers, are furnished to the RPT Committee members prior to each meeting.
   5. The Chief Compliance Officer shall ensure completeness and propriety of the agenda for the regular or special RPT Committee meeting.
3. DUTIES AND RESPONSIBILITIES
   The Committee shall:

    

   1. Evaluate on an on-going basis existing relations between and among businesses and counterparties to ensure that all related parties are continuously identified, RPTs are monitored and subsequent changes in relationships with counterparties (from non-related to related and vice versa) are captured. Related parties, RPTs and changes in relationships should be reflected in the relevant reports to the Board and regulators/ supervisors.
   2. Evaluate all material RPTs to ensure that these are not undertaken on more favorable economic terms (e.g., price, commissions, interest rates, fees, tenor, collateral requirement) to such related parties than similar transactions with non- related parties under similar circumstances and that no corporate or business resources of the company are misappropriated or misapplied, and to determine any potential reputational risk issues that may arise as a result of or in connection with the transactions. In evaluating RPTs, the Committee takes into account, among others, the following:
      1. The related party’s relationship to the company and interest in the transaction;
      2. The material facts of the proposed RPT, including the proposed aggregate value of such transaction;
      3. The benefits to the corporation of the proposed RPT;
      4. The availability of other sources of comparable products or services; and
      5. An assessment of whether the proposed RPT is on terms and conditions that are comparable to the terms generally available to an unrelated party under similar circumstances. The company should have an effective price discovery system in place and exercise due diligence in determining a fair price for RPTs.
         All RPTs that are considered material based on the Bank’s internal policies shall be endorsed by the RPT Committee to the Board of Directors for approval. All RPTs below the materiality threshold shall be approved by the RPT Committee, subject to Board confirmation. These shall, however, exclude DOSRI transactions which are required to be approved by the Board of Directors.
   3. Ensure that appropriate disclosure is made, and/or information is provided to regulating and supervising authorities relating to the company’s RPT exposures, and policies on conflicts of interest or potential conflicts of interest. The disclosure should include information on the approach to managing material conflicts of interest that are inconsistent with such policies, and conflicts that could arise as a result of the company’s affiliation or transactions with other related parties.
   4. Report to the Board of Directors on a regular basis, the status and aggregate exposures to each related party as well as the total amount of exposures to all related parties.
   5. Ensure that RPTs, including write-off of exposures, are subject to periodic independent review and audit process.
   6. Oversee the implementation of the RPT management system, including the periodic review of RPT policies and procedures.
   7. Perform other oversight functions as requested by the Board.

I. Purpose

1. The Senior Credit Committee is the highest credit decision-making body in the Bank after the Board of Directors.
2. As mandated by the Board, its main purpose is to review and approve proposals and facilities related to credit (except for DOSRI and material RPT accounts which are reviewed and endorsed for Board approval), approve remedial and/or recovery strategies of the Bank for identified problem loan accounts, and to work closely with the Risk Oversight Committee (ROC) in managing the overall credit risk of the Bank.

II. Memberships

1. The Senior Credit Committee shall be composed of at least five (5).
2. All members including the Chairman shall be nominated and appointed by the Board of Directors from among its members for a one (1) year term and can be replaced or removed by the Board of Directors
3. An independent director designated as a member of the Senior Credit Committee and concurrently also a member of another board level committee with independent oversight or control such as Audit, Risk Oversight, Corporate Governance and RPT, shall have no voting right.
4. The composition and functions of the Senior Credit Committee shall be reviewed by the Board of Directors on an annual basis.

III. Duties and Responsibilities

1. The Senior Credit Committee shall be responsible for approving or rejecting, recommending or ratifying credit proposals for new facilities and credit renewals beyond the approval authority of the Credit Committee, except for DOSRI and material RPT accounts which are reviewed and endorsed for Board approval.
2. The Senior Credit Committee shall confirm all approvals of remedial/recovery proposals by the President up to his authorized The Senior Credit Committee is authorized to approve up to P1 billion. Amounts greater than P1 billion shall be elevated to the Board of Directors for approval, same with proposals which under existing rules and regulations require Board approval.
3. The Senior Credit Committee shall approve remedial management recovery strategies such as but not limited to restructuring and dacion-en-pago proposals for identified problem loan accounts, within its authority as established by the Board of Directors.
4. Ensure that approved action plans represent the best interest of the
5. Perform other functions consistent with its charter as well as with the Bank’s Articles of Incorporation and By-Laws.

1. PURPOSE
   1. The Nominations and Remuneration Committee shall review, evaluate qualifications and make recommendations regarding all persons nominated to the Board, key personnel and other appointments that require Board approval.
   2. It shall assess the effectiveness of the Board’s processes and procedures in the election and replacement of directors.
   3. It shall likewise establish a formal and transparent procedure for developing policy on remuneration of directors and officers to ensure that compensation is consistent with the Bank’s culture, strategy and the business environment in which the Bank operates, including the potential of directors and officers.
2. MEMBERSHIP
   1. The Nominations and Remuneration Committee shall be composed of at least three (3) members of the Board of Directors who shall all be non-executive directors, majority of whom shall be independent directors, including the chairperson.
   2. All members including the Chairman shall be appointed by the Board from among its members for one (1) year term and can also be replaced or removed by the Board anytime.
3. DUTIES AND RESPONSIBILITIES
   The Nominations and Remuneration Committee shall:
   1. Define the general profile of the Board members that the Bank may need, ensuring that the nominees have the appropriate knowledge, competencies and expertise/experience that will complement the existing skills of the Board. Moreover, it shall endeavor that board diversity is maintained such that difference in background, age, ethnicity, gender and other qualities are part of the criteria in the selection of board members.
   2. Determine the nomination, election and replacement process for the Bank’s directors.
   3. Review and evaluate the qualifications of all persons nominated to the Board, as well as those nominated to key positions and other positions requiring appointment by the Board of Directors.
   4. Oversee the periodic performance evaluation of Board members and Executive Management, deciding whether or not a director or executive is able to and has been adequately carrying out his/her duties as director or executive based on its own assessment or the assessment of external facilitators, bearing in mind the director’s or executive’s contribution, potential and performance (e.g., competence, candor, attendance, preparedness and participation).
   5. Recommend assignment to Board committees and engage in succession planning for Board members and Executive Management. The program should include a system of identifying and developing potential successors.
   6. Recommend a formal and transparent procedure for developing a policy on remuneration of directors and officers that is consistent with the Corporation’s culture, strategy, the business environment in which it operates, and commensurate with corporate and individual performance and potential. The Committee shall monitor and review the remuneration and other incentives policy including plans, policies and outcomes at least annually. The Committee shall also work closely with the Bank’s Risk Oversight Committee in evaluating the incentives created by the remuneration system.
   7. Approve the hiring, re-appointment, dismissal, promotion, profit sharing and merit increases of all Vice Presidents and higher as a Committee or through assigned representatives of the Committee.
   8. Hold members of Executive Management accountable for their actions and enumerate the possible consequences if those actions are not aligned with the Board of Directors’ performance expectations. These expectations shall include adherence to the Bank’s values, risk appetite, risk culture and required behavior under all circumstances.
   9. Meet with Executive Management to engage in discussions, question and critically review the reports and information provided by the latter
   10. Ensure that the SBC Retirement Fund is fully funded or the corresponding liability appropriately recognized in the books of the Bank at all times, and that all transactions involving the pension fund are conducted at arm’s length terms.
   11. Oversee the management of the People Empowerment Committee.
   12. Ensure that personnel’s expertise and knowledge remain relevant by providing regular training opportunities as part of a professional development program to enhance their competencies and stay abreast of developments relevant to their areas of responsibilities.

1. PURPOSE
   1. Transformation and Technology Committee shall oversee the development and implementation of strategy, transformation, innovation and information technology initiatives of the Bank and its subsidiaries and affiliates, in support of the Group’s vision,
      mission and strategic objectives.
2. MEMBERSHIP
   1. The Committee shall be composed of at least three (3) members of the Board of Directors (including at least one Non-Executive Director), the Head of Enterprise Technology and Operations, Chief Financial Officer and the President/CEO.
   2. All members including the Chairman shall be appointed by the Board for a one-year term and may also be replaced or removed by the Board anytime.
   3. Advisory members support and inform the activities of the committee but have no voting or decision-making rights. Advisory members include:The IT Head of Planning and Governancea. The Chief Risk Officer
      b. The Chief Audit Executive
      c. The Chief Compliance Officer
      d. The Head of Human Capital Management
      e. Other Representatives from the management that are required based on the TTC agenda.
3. MEETINGS
   • The Transformation and Technology Committee shall meet at least quarterly. Additional meetings may be suggested and voted on by the members
   • The meeting can be held in person or via remote communication as may be allowed by law.
   • The Committee may invite other Directors, Board Advisers or Management to participate in meetings from time to time.
   • A quorum shall comprise a majority of the members. Members may designate official representatives to attend and vote on their behalf in case of absence.
   • An agenda shall be prepared for each meeting and shall be distributed two (2) days in advance of the meeting in accordance with best practice.
   • The Committee shall provide a summary of the actions taken at each Committee meeting, which shall be presented to the Board at the next Board meeting.
   • The Committee shall appoint a TTC Secretariat who will organize the meeting schedule and agenda, and release and keep all meeting records and minutes.
   • If the Chair is absent from a scheduled meeting, the members present shall designate an acting Chair for the meeting.
4. DUTIES AND RESPONSIBILITIES
   1. The Technology Execution Excellence Committee shall:
      1. Advise the Bank in all major strategy, transformation, and information technology initiatives in terms of strategy, culture, process, leadership, technology, and structure.
      2. Oversee the strategic transformation, and technology initiatives, including:
         1. Recommending for Board approval the Bank’s Strategy and Transformation Roadmap
         2. Recommending for Board approval the Bank’s Information technology Architecture and
            Strategic Plan
         3. Reviewing proposed strategic, transformation and information technology initiatives and projects for risk, value, potential returns, and support of the Bank’s strategic plans.
         4. Endorse Major Expenditure Proposals (MEP) related to strategic programs and projects to the Executive Committee (ExCom) and Board.
         5. Monitoring the implementation and execution of various strategic, transformation and information technology initiatives and projects across the Bank based on goals, cost and benefits defined in the MEP and the SMART goals (Specific, Measurable, Achievable, Relevant, Time-Bound). Scope of programs governed in TTC will be deemed strategic as per classification/definition approved by TTC.
      3. Review and approve IT policies.
      4. Ensure that a review of IT procedures and standards is performed at least on an annual basis.
      5. Report to the Board on the IT performance, status of Strategic projects and associated risks, and other significant issues.
      6. Appoint members of the Senior Management Team, who will be part of the “Enterprise Control Board (ECB)” that will ensure alignment of the IT projects with the Bank’s Strategic Plan. The TTC shall review and approve the ECB Charter on an annual basis.

I. Purpose

Security Bank Corporation recognizes technology, information security and business continuity risks as some of the most significant risks currently faced by the Bank. To provide focus in the management of these risks, the Risk Oversight Committee (ROC) forms the Information Security Risk Management Committee (ISRMC), tasked with the oversight and maintenance of the company’s information security risk management program.

II. Memberships

• The Committee shall be composed of five (5) members, including the Chairperson.
• The ROC shall appoint the Committee members, fill vacancies occurring in the Committee, and designate the Chair of the Committee.

III. Duties and Responsibilities

• Provide guidance in the development of the Bank’s policies, risk appetite and limits relevant to the management of technology, information security and business continuity risks, ensuring that current and emerging risk exposures are consistent with the Bank’s strategic direction and over- all risk appetite.
• Receive, review, and provide inputs to reports of significant risk issues identified by management and ensure that said risks are promptly assessed, mitigated, or corrected, and monitored.
  • Material residual risks and threats, and the appropriateness of the risk management policies, procedures and mitigation controls in place that is commensurate with the assessed severity of the risk.
  • Update on consolidated issues register, including number of new issues, closed issues, and general implementation status of key actions;
  • Significant control exposures / incidents / compliance breaches / potential fraud or malpractice and selection of most appropriate response
  • Progress against control implementation plans and any re-estimate of implementation

• Periodically review with management the Bank’s contingency/ crisis management plans, business continuity and disaster recovery plans to ensure operational resiliency.
• Ensure that the Information Security Risk Management function has adequate staff and resources and carry out their responsibilities independently, objectively, and effectively.
• Ensure that all employees undergo risk awareness training appropriate to their position and maintain these skills, as required.
• Oversee the Outsourcing Committee in its role of managing and reviewing outsourcing contracts with third party providers.