(a) A corporate credit union must develop and follow an enterprise risk management policy.
(b) The board of directors of a corporate credit union must establish an enterprise risk management committee (ERMC) responsible for reviewing the enterprise-wide risk management practices of the corporate credit union. The ERMC must report at least quarterly to the board of directors.
(c) The ERMC must include at least one independent risk management expert. The risk management expert must have at least five years of experience in identifying, assessing, and managing risk exposures. This experience must be commensurate with the size of the corporate credit union and the complexity of its operations. The board of directors may hire the independent risk management expert to work full-time or part-time for the ERMC or as a consultant for the ERMC.
(d) A risk management expert qualifies as independent if:
(1) The expert reports to the ERMC and to the corporate credit union's board of directors;
(2) Neither the expert, nor any immediate family member of the expert, is supervised by, or has any material business or professional relationship with, the chief executive officer (CEO) of the corporate credit union, or anyone directly or indirectly supervised by the CEO; and
(3) Neither the expert, nor any immediate family member of the expert, has had any of the relationships described in paragraph (d)(2) of this section for at least the past three years.
(e) The risk management expert is not required to be a director of the corporate credit union.
[76 FR 23871, Apr. 29, 2011, as amended at 80 FR 25939, May 6, 2015]