Board Risk Committee members

Alan Keir (Chair, subject to regulatory approval), Albert Hitchcock and Phil Rivett.

Board Risk Committee Terms of Reference

16 March 2022

1. Purpose

1.1 The purpose of the Board Risk Committee (BRC) is to provide oversight and advice to the Board in relation to current and potential future risk exposures and future risk strategy including determination of risk appetite and to report formally to the Board on those matters after each meeting. Additionally, the Committee is responsible for monitoring compliance oversight, and the effectiveness of the Enterprise Risk Management Framework (ERMF) and advising the Remuneration Committee on any risk adjustments to be made on remuneration.

2. Authority

2.1 The Committee is a Committee of the Board from which it derives its authority and to which it regularly reports.

2.2 The Committee has delegated authority from the Board in respect of its functions and responsibilities as set out in these Terms of Reference.

2.3 The Committee may sub-delegate any or all of its powers and authority as it sees fit, including, without limitation, the establishment of sub-committees to analyse particular issues and to report back to the Committee.

2.4 The Committee has authority to oversee any investigation of activities relating to the Society which are within its Terms of Reference.

2.5 The Committee is authorised seek any information it requires from any employee of the Society in order to perform its duties or call any employee to be questioned at a meeting of the Committee as and when required.

2.6 The Committee may obtain, at the Society’s expense, external legal or other professional advice on any matter within its Terms of Reference.

2.7 The Committee Chair and the Society Secretary are authorised by the Board to review and approve any non-material change required to be made to the Committee’s Terms of Reference. Any such change should be reported to the Board.

3. Membership

3.1 Members of the Committee shall be appointed by the Board, on the recommendation of the Nomination and Governance Committee in consultation with the Chair of the Board Risk Committee.

3.2 The Committee shall be made up of at least three independent non-executive Directors of the Society, including the Chair of the Society’s Audit Committee and a member of the Society’s Board IT and Resilience Committee (other than the Chair of the BRC) and a member of the Board Remuneration Committee.

3.3 The Board shall appoint the Committee Chair who shall be an independent non-executive Director.

3.4 In the absence of the Committee Chair and/or an appointed deputy, the remaining members present shall elect one of themselves to chair the meeting.

3.5 The Chair of the Board shall not be a member of the Committee.

3.6 Appointments to the Committee shall be for a period of up to three years, which may be extended for a further three year period (or, in exceptional circumstances, two such periods), provided the Director still meets the criteria for membership of the Committee.

3.7 Only the members of the Committee have the right to attend Committee meetings. Other individuals such as the Chair of the Board, the CEO, the Chief Risk Officer, Executive Directors, Community Leaders, external adviser(s), and representatives from the Risk function may be invited to attend all or part of any meeting as and when appropriate.

4. Secretary

4.1 The Society Secretary or their nominee shall act as the Secretary of the Committee and will ensure that the Committee receives information and papers in a timely manner to enable full and proper consideration to be given to the issues.

5. Quorum and mode of meetings

5.1 The quorum necessary for the transaction of business shall be two members.

5.2 A duly convened meeting of the Committee at which a quorum is present shall be competent to exercise all or any of the authorities, powers and discretions vested in or exercisable by the Committee.

5.3 In the event of difficulty in forming a quorum, independent non-executive Directors of the Society who are not members of the Committee may be co-opted as members for individual meetings.

5.4 A decision of the Committee may be taken by written resolution including electronic mail. A decision may not be taken in accordance with this provision if the members of the Committee would not have formed at quorum at a meeting.

5.5 The members of the Committee shall be deemed to meet together if they are in separate locations, but are linked by conference telephone, video or other communication equipment. For the avoidance of doubt, a quorum in that event shall be as set out in 5.1 above. Such a meeting shall be deemed to take place where the largest group of members of the Committee participating is assembled or, if there is no such group, where the Chair is located.

6. Frequency of meetings

The Committee shall:

6.1 Meet at least four times a year.

6.2 Meet the Chief Risk Officer at least once a year without management being present to discuss their remit and any issues arising from the risk oversight activity.

6.3 In addition, the Chief Risk Officer, the Data Protection Officer and the Chief Internal Auditor shall be given the right of direct access to the Chair of the Board and to the Committee.

7. Notice of meetings

7.1 Meetings of the Committee shall be called by the Secretary of the Committee at the request of the Committee Chair.

7.2 Meetings of the Committee shall be called by the Secretary of the Committee at the request of any of its members or at the request of the Chief Risk Officer, or the external or internal auditors if they consider it necessary.

7.3 Unless otherwise agreed, notice of each meeting confirming the venue, time and date together with an agenda of items to be discussed, shall be forwarded to each member of the Committee and any other person required to attend, no later than three working days before the date of the meeting.

7.4 Supporting papers shall be sent to Committee members and to other attendees as appropriate, at the same time.

8. Minutes of meetings

8.1 The Secretary of the Committee shall minute the proceedings and resolutions of all meetings of the Committee, including recording the names of those present and in attendance.

8.2 The Secretary of the Committee shall record any conflict of interests reported at the meeting.

8.3 Draft minutes of Committee meetings shall be circulated promptly to all members of the Committee and, once agreed, to all members of the Board (unless in the opinion of the Committee Chair it would be inappropriate to do so).

9. Duties and responsibilities


The Committee shall annually, or more frequently as required, establish and recommend to the Board the Society’s Board Risk Appetite, and ensure that the Board considers the appropriateness of the Society’s Plan in the context of Board Risk Appetite.


The Committee shall approve under delegated mandate from the Board:

  • The Enterprise Risk Management Framework (ERMF).
  • The Society’s Risk Strategy1.
  • Pillar 3 Disclosures for publication.
  • Recovery Plan.
  • Resolvability Assessment.
  • The Society’s Internal Capital Adequacy Assessment Process (ICAAP) and Internal Liquidity Adequacy Assessment (ILAA).
  • Review and approve on behalf of the Board any Society-wide policies which the Board formally delegates to the Committee; and
  • Nationwide’s Oversight Plan.


The Committee shall:

9.3.1 Keep under review the effectiveness of the ERMF to identify, assess and manage risk within the agreed Society Plan and Board Risk Appetite, ensuring sound systems of risk management and internal control.

9.3.2 Delegate authority to the Chief Risk Officer to approve minor revisions to the ERMF in between meetings of the Committee to ensure that they are kept up to date, such revisions being reported to the next appropriate meeting of the Committee. Any significant revisions will be reported to the members of the Committee promptly.

9.3.3 Challenge the Society’s assessment and measurement of key current and longer-term risks2.

9.3.4 Challenge the Society’s assessment of compliance with legislative and regulatory requirements.

9.3.5 Provide advice, oversight and challenge necessary to enable management to embed and maintain a supportive risk culture throughout Nationwide.

9.3.6 Provide oversight and challenge of the day-to-day risk, control and oversight arrangements of the executive and provide advice to the Board as to the effectiveness of the control environment.

9.3.7 Provide oversight and challenge of the design and execution of stress testing and scenario analysis, including the review where appropriate of assumptions, results, and proposed management actions on behalf of the Board.

9.3.8 Provide oversight and challenge of due diligence on risk issues relating to material transactions and strategic proposals that are subject to approval by the Board, focussing in particular on implications for the risk appetite, and strategy and taking independent external advice where appropriate.

9.3.9 Review whether Nationwide’s pricing frameworks take fully into account its business model and risk appetite, and present recommendations to the Board when the framework is not adequate Provide oversight and challenge that there is appropriate alignment between Nationwide’s material products and services (including pricing and profitability) and its values, risk strategy and risk appetite.

9.3.10 Provide advice on the appointment of external risk consultants that the Chief Risk Officer may decide to engage for advice or support.

9.3.11 Keep under review the appropriateness of Nationwide’s Resolvability Self-Assessment up and until any Resolution Committee is in operation and make recommendations to the Board for approval.

9.3.12 Review and satisfy itself that Nationwide’s stress testing framework, governance and related internal controls are appropriate.


The Committee will:

9.4.1 Review Nationwide’s risk profile in respect of performance against risk appetite, risk trends, emerging risks and risk concentrations.

9.4.2 Receive and review management reports which assess the nature and extent of risks facing Nationwide, including reports on any material breaches of risk appetite, and consider the adequacy of proposed actions and the impact on the business of risks that do materialise.

9.4.3 Receive formal reports from the Board IT & Resilience Committee (BITRC) following each meeting of that Committee on all risks and controls relating to IT risks and resilience matters along with any other matters of interest or formal recommendations to the BRC. Copies of relevant BITRC papers will be made available to the members of the BRC.

9.4.4 Monitor the deployment of Nationwide’s Recovery Plan, once implemented, and assess the risk of entering into Resolution.

9.4.5 Monitor the performance of the Executive Risk Committee (ERC) within the context of the Society’s strategy, risk appetite, risk culture and the ERC Terms of Reference.

9.4.6 To make recommendations to the Board on the appointment and removal of the Chief Risk Officer. The Chair of the Committee will be consulted in respect of the Chief Risk Officer’s performance appraisal and compensation.

9.4.7 The Chief Risk Officer’s formal reporting line is to Nationwide’s Chief Executive Officer. However, the Chief Risk Officer also has a reporting line to the Board Risk Committee through the Chair of the Committee in respect of the matters set out in these Terms of Reference.

9.4.8 The Chief Risk Officer will meet regularly with the Chair of the Committee and will have the right and responsibility to elevate issues to the Chair of the Committee where he or she considers it necessary in the furtherance of his/her responsibilities.

9.4.9 The Committee shall satisfy itself that the Risk function is adequately resourced, has appropriate access to information and is free from constraint by management or other restrictions so as to be able to perform its function effectively.

9.4.10 Notwithstanding any delegations to the BITRC, the BRC retains overall responsibility for providing oversight and advice to the Board on all risk matters.


The Committee will provide input to the Remuneration Committee to assist that committee in its assessment of possible impacts on variable remuneration. Such “input” may be provided in conjunction with the Audit Committee including a) an examination of whether remuneration incentives take into consideration capital, liquidity and the likelihood and timing of earnings; b) whether any risk weightings should be applied to performance objectives incorporated in the incentive structure of executive remuneration and c) how incentive & remuneration arrangements appear to have affected observed behaviours & influences on risk culture & any consequent impact on the organisation’s principle risks and to make recommendations to the Remuneration Committee on clawback provisions.


The Committee shall:

9.6.1 Monitor and review the effectiveness of the Second Line Oversight functions in the context of the overall risk management system; and

9.6.2 Review promptly all reports to the Board Risk Committee from the Second Line Oversight functions.


9.7.1 The Committee shall review and recommend to the Audit Committee for onward recommendation to the Board for its approval the risk statements to be included in the Annual Report concerning internal controls and risk management prior to their endorsement by the Board and the external auditors.

10. The Society’s Enhanced Regulated Subsidiary

10.1 The Society’s enhanced regulated subsidiary is known as The Mortgage Works (UK) plc (“TMW”). The Committee’s responsibilities in relation to TMW are as follows:

10.1.1 To provide oversight of risk related matters and the enterprise risks within TMW and endorse material deviations by TMW from the approach adopted by the Society.

10.1.2 To work and liaise as necessary with TMW and their Directors. In exercising its responsibilities, the Committee will have the right to request TMW Directors to take action or provide information and documentation from time to time such as it shall determine.

11. Reporting responsibilities

11.1 The Committee Chair shall report formally to the Board on its proceedings after each meeting on all matters within its duties and responsibilities including:

  • Monitoring Nationwide’s performance against Board Risk Appetite;
  • Approving the Enterprise Risk Management Framework (ERMF); and
  • Reviewing and challenging upon request Nationwide’s Risk Strategy.

11.2 The Committee shall make whatever recommendations to the Board it deems appropriate on any area within its remit where action or improvement is needed.

11.3 A report to members on the Committee's activities is to be included in the Society’s Annual Report and Accounts.

11.4 Where any disagreements between the Board or the Board IT & Resilience Committee and the Committee cannot be resolved, the Committee has the right to report the issue to members as part of its activities in the Annual Report and Accounts.

12. Decision making and Senior Manager & Certification regime responsibilities

12.1 All members of the Committee are responsible for and bound by the decisions taken by the Committee whether or not they actively supported or participated in the decisions although dissent can be recorded.

12.2 A member of the Committee who is a Senior Management Function (SMF) Holder under the Senior Manager and Certification Regime (SMCR) remains individually accountable for their contributions to collective decisions and their implementation insofar as those contributions are in scope of their Senior Manager responsibilities and therefore they also remain accountable for taking reasonable steps in respect of their function and allocated responsibilities.

13. Annual General Meeting

The Chair of the Committee or a deputy chosen from the Committee membership shall attend the Annual General Meeting, prepared to respond to any member questions on the Committee's activities or any matter within the remit of the Committee.

14. Miscellaneous

14.1 The Committee shall:

14.1.1 give due consideration to applicable laws and regulations, including the Prudential Regulation Authority’s and Financial Conduct Authority’s Principles and Rules, the UK Listing Authority’s Listing Rules and Disclosure Guidance and Transparency Rules, the Building Societies Act 1986 and to the recommendations of the UK Corporate Governance Code, as appropriate;

14.1.2 be cognisant of the conduct risks arising (or increasing) as a result of their judgements, taking proactive steps to avoid or prevent these where possible;

14.1.3 work and liaise as necessary with all other Board Committees as required;

14.1.4 have access to sufficient resources in order to carry out its duties, including access to Nationwide’s Secretariat for assistance as required;

14.1.5 receive appropriate and timely training relevant to its activities, both in the form of induction training for new members and on an ongoing basis for all members; and

14.1.6 at least once a year, to review its own performance, constitution and Terms of Reference to ensure it is operating effectively and report the results of this review and recommend any changes necessary to the Board for approval.

14.2 For the purposes of these Terms of Reference, “the Society” shall mean Nationwide Building Society; “Nationwide” shall mean Nationwide Building Society and its subsidiaries; and the “Society Plan” shall mean Nationwide’s Society Strategy.

1 The approval of risk strategies for IT-related risk categories (as defined in ERMF) has been delegated to Board IT & Resilience Committee (BITRC). BRC approves the Society Risk Strategy and retains responsibility for recommending and monitoring Board Risk Appetite metrics for all risk categories.

2 For IT-related risk, this activity is delegated to BITRC but the BRC retains overall responsibility for providing oversight and advice to the Board on all risk matters. The Chair of the BRC has the right to bring any risk matter, including IT-related risk matters, to the attention of the BRC.