The purpose of this Charter is to set forth the composition, authority and responsibilities of the Compliance and Risk Committee (the "Committee") of the Board of Directors of CA, Inc. (the "Company").
The members of the Committee are designated by the Board, on the recommendation of the Corporate Governance Committee of the Board, in accordance with the Company's By-laws, and serve at the discretion of the Board. The Board appoints one member of the Committee as Chair of the Committee.
Authority and Responsibilities
General. The general purposes of the Committee are to:
Provide general oversight to the Company's Risk and Compliance functions.
Provide input to management in the identification, assessment, mitigation and monitoring of enterprise-wide risks faced by the Company.
Provide recommendations to the Board with respect to its review of the Company's business practices and compliance activities and enterprise risk management.
The Executive Vice President, Risk and Chief Administrative Officer will report to the Committee with respect to the Company's Enterprise Risk Management function, and the Executive Vice President and General Counsel will report to the Committee with respect to the Company's Business Practices and Compliance functions, and each will report as well as to the Chief Executive Officer; provided, however, that the Executive Vice President, Risk and Chief Administrative Officer, the Executive Vice President and General Counsel, the Chief Compliance Officer, the Chief Ethics Officer and the Chief Risk Officer will at all times have unrestricted access to the Committee or any member of the Committee or the Board for any purpose he or she deems appropriate.
Business Practices and Compliance Oversight Responsibilities. The Committee will assist the Board in fulfilling its oversight responsibilities with respect to the Company's compliance with legal and regulatory requirements. In particular, the Committee will:
Oversee the activities of the Business Practices and Compliance functions. The Company's Chief Compliance Officer and the Company's Chief Ethics Officer will report directly to the Committee and to the Company's Executive Vice President and General Counsel (unless the Chief Compliance Officer or the Chief Ethics Officer is also the Executive Vice President and General Counsel).
Review with the Audit Committee of the Board on a timely basis all compliance issues relating to accounting and financial reporting matters.
Oversee the adoption and maintenance of procedures to ensure that all compliance and ethics matters receive prompt review by or under the authority of the Chief Compliance Officer or the Chief Ethics Officer, including, as appropriate, the reporting of such matters to the Committee and the Board.
Oversee the establishment and maintenance of a comprehensive compliance and ethics program, including an ethics and compliance training program for all employees.
Monitor the process for communicating to employees the Company's Code of Conduct and the importance of compliance therewith, including: (a) the maintenance and periodic review of the Code; and (b) assuring employees that no retaliation or other negative action will be taken against any employee because he or she submits any report or complaint concerning potential violations of law or other misconduct and concerns regarding accounting, auditing or internal control matters.
To help ensure that the Chief Compliance Officer preserves the requisite, ongoing authority and independence to maintain an effective compliance program, the Chair of the Committee will be involved in any action to appoint, replace, reassign, or terminate the Chief Compliance Officer.
Enterprise Risk Management Oversight Responsibilities. The Committee will assist the Board in fulfilling its oversight responsibilities with respect to identifying and assessing critical risks facing the Company and considering strategies for their management and mitigation. In particular, the Committee will:
Review with management, including the Chief Administrative Officer and the Chief Risk Officer, the critical risks arising with respect to the Company, including the Company's strategies, business operations, financial reporting, and legal and regulatory affairs, and provide input and guidance on the Company's risk tolerances.
Review with management, including the Chief Administrative Officer and the Chief Risk Officer, the steps management has taken to identify, control and monitor such exposures, including guidelines and policies to govern the process by which risk assessment and risk management are undertaken.
Review with management the allocation of resources and assignment of responsibilities for activities addressing the Company's critical risks.
Review with the Audit Committee of the Board on a timely basis all major risks relating to accounting and financial reporting matters.
The Company's Chief Risk Officer will report directly to the Committee and to the Company's Chief Administrative Officer (unless the Chief Risk Officer is also the Chief Administrative Officer).
To support the independence of the Chief Risk Officer, the Committee is authorized to oversee the compensation of the Chief Risk Officer, including by providing appropriate input to the Compensation and Human Resources Committee.
Delegation of Authority
The Committee may delegate authority to one or more members or subcommittees when deemed appropriate, provided that the actions of any such members or subcommittees are reported to the full Committee no later than at its next scheduled meeting.
Counsel and Other Delegation of Authority; Company Funding Obligations
The Committee has the authority, to the extent it deems necessary or appropriate, to retain and terminate the retention of independent legal counsel, or other advisors, to assist the Committee in carrying out its responsibilities. The Company will provide for appropriate funding, as determined by the Committee, to pay any such counsel or other advisors retained by the Committee and to pay ordinary administrative expenses of the Committee that are necessary or appropriate in carrying out its duties.
Meetings; Executive Sessions
The Committee meets as often as it deems necessary. The Committee meets periodically in executive sessions, with or without such officers or other employees of the Company, counsel to the Company, counsel or other advisors to the Committee, or other parties, as the Committee may determine. Meeting agendas will be prepared and provided in advance to the Committee, together with appropriate briefing materials.
Reports to the Board; Minutes
The Committee will make regular reports to the Board regarding the Committee's activities and will make reports to the Company's Audit Committee from time to time, as appropriate. Minutes of the meetings and other actions of the Committee will be prepared and submitted for approval by the Committee and will be furnished to the Board at regular intervals.
The Committee will conduct an annual self-assessment of its performance with respect to its purposes and the authority and responsibilities set forth in this Charter. The results of the self-assessment will be reported to the Board.
This Charter will be subject to review and approval by the Board. The Committee will review this Charter annually and adopt any changes deemed appropriate, subject to approval by the Board.
Adopted by the Compliance and Risk Committee: May 2011