December 8, 2022

FEDERAL RESERVE BANK OF ATLANTA
AUDIT & OPERATIONAL RISK COMMITTEE CHARTER

I.   PURPOSE

The Audit and Operational Risk Committee of the Federal Reserve Bank of Atlanta (Bank) operates consistent with the by-laws of the Bank and the policies of the Board of Governors of the Federal Reserve System. The Audit and Operational Risk Committee, acting on behalf of the Board of Directors, shall perform functions necessary to assess the effectiveness and independence of the Bank's internal and external audit function in providing an independent and objective assessment of the Bank's risk management, control, compliance, and governance processes.

The Audit and Operational Risk Committee assists the Board of Directors in fulfilling its oversight responsibilities related to assessing 1) the adequacy and effectiveness of controls over financial reporting, 2) the efficiency and effectiveness of operations, 3) the effectiveness of risk management processes, and 4) compliance with laws and regulations.

To promote independent and objective assessments, the General Auditor reports to the Board of Directors through the Audit and Operational Risk Committee. The Audit and Operational Risk Committee must ensure that the General Auditor has access to the Board of Directors, on a confidential basis, and that the audit function is independent, both by intent and actual practice, from the management of the Bank. The Audit and Operational Risk Committee also provides oversight of the Bank's enterprise risk management compliance functions and activities, including significant operational and compliance risk exposures and related risk mitigation efforts. 1

II.  COMPOSITION AND TERM

The Audit and Operational Risk Committee consists of a minimum of three of the Bank's directors. As defined below, all Committee members shall be "independent" and "financially literate" and at least one member shall have "banking, accounting, or other relevant financial proficiency." The Board of Directors need not explicitly designate and publicly disclose which Audit and Operational Risk Committee members meet the financial proficiency requirement.

The Chair of the Board of Directors appoints, with the approval of the full Board of Directors, the Committee members for one-year terms and designates the Committee chair.

Members of the Audit and Operational Risk Committee are considered to be "independent" if they have no relationship with the Bank that might interfere with the exercise of their independence from management and the Bank. Examples of relationships include (i) a director being employed by the Bank within the past five years; (ii) a director accepting compensation from the Bank other than compensation for Board services; (iii) a director being a member of the immediate family of an individual who has been employed by the Bank as an officer within the past five years; and (iv) a director being a partner in, or controlling shareholder or an executive officer of, any for-profit business to which that Bank made, or from which the Bank received, payments that have been significant to the Bank within the past five years. A director who is an officer or director of a depository institution or its holding company is not considered to have a relationship that interferes with his or her independence solely because the depository institution makes payments to the Bank for financial services or an extension of credit.

"Financially literate" means the director has an understanding of financial statements, internal accounting controls, and Audit and Operational Risk Committee functions.

"Banking, accounting, or other relevant financial proficiency" means significant employment experience in finance, accounting, auditing, or banking functions, professional certification in accounting, or other comparable experience or background which results in the individual's financial sophistication, including being or having been a chief executive officer or other senior officer with financial oversight responsibilities.

III.  MEETINGS

The Audit and Operational Risk Committee meets at the call of the Committee chair, but no less often than quarterly. Executive sessions with the General Auditor are conducted at least quarterly and always when meetings are attended by Bank management.

The Committee Chair, in calling a meeting, shall endeavor to transmit reasonable notice thereof to all members of the Committee, and a meeting may be held provided a quorum can be assembled. A quorum shall consist of a simple majority of Committee members. In the rare event a quorum of present members cannot be achieved, a member unable to attend the meeting may communicate his/her vote in writing on matters requiring Committee action in advance of the meeting. In addition, where ratification of Committee action by an absent member is deemed necessary, the Committee may request such ratification subsequent to the meeting where the action was approved. The business of the Committee also may be conducted by means of a conference telephone call or via correspondence, provided reasonable efforts are made to have all members of the Committee participate and provided further that a quorum of the Committee participates.

Minutes of all meetings of the Committee shall be kept by such person as the Committee may from time to time designate for that purpose.

IV.  RESPONSIBILITIES

The Audit and Operational Risk Committee's duties and responsibilities are as follows:

A.  Review of Internal and External Audit Work and Results

  1. Hold regular meetings to permit timely and adequate discussion of significant audit results, risks, governance and control processes, losses and irregular occurrences, and other matters of concern to the auditors and directors. Ensure that audit recommendations and concerns receive proper attention by Bank management.2

  2. Promote open communication with internal audit, Bank management, the external auditors, the Board, and any other relevant parties.

  3. Determine that internal and external auditors are free from interference in determining the scope of audit engagements, performing audit work, and communicating the results thereof. In the case of audits performed by external auditors, it shall not be considered "interference" for the Board of Directors to have input into the scope of the audit.

  4. Ensure that the internal audit function has appropriate access to the documents and individuals needed to accomplish their assigned responsibilities.

  5. Obtain from the General Auditor and external auditor, an independent and objective assessment of the Bank's financial condition and reporting, procedural and accounting controls, operational effectiveness and efficiency, compliance with laws and regulations, and the effectiveness of Bank management's risk management programs.

  6. Seek any information it requires from the General Auditor or Bank employees (all of whom are directed to cooperate with the Committee's request), the Board of Governors, or outside parties.

  7. Review and discuss quality assurance review results performed annually of the internal audit activity to ensure that the department continues to generally conform to the IIA Standards.

  8. Bring before the Board of Directors any matters reported by the General Auditor, external auditor, or others that warrant the Board's attention, and ensure that audit recommendations and concerns receive proper attention by Bank management.
B.  External Auditor Evaluation and Independence
  1. At least annually, meet with the external auditor to review the scope and results of the Bank's external audit of internal controls, the fair presentation of the Bank's financial statements, updates on developments affecting the Bank's external financial reporting, and certain other matters required under generally accepted auditing standards.

    When the release date of the Bank's financial statements does not coincide with regularly scheduled Committee meetings, the Committee will convene by phone to review the final statements and external audit findings in advance of the release of the financial statements. The external auditors should participate on the call.

  2. Provide input to the Board of Governors on the quality of the external auditor's annual performance under the Federal Reserve System contract as it relates to this Bank. Comment to the Board of Directors on the proposed scope of the external audit contract for the System and on potential bidders when this arrangement is renegotiated.

  3. Promptly inform the Board of Directors of any significant concerns related to financial reporting, the quality of external audit work, or the independence of the external auditor.

  4. Ensure that the independence of the external auditor is not diminished in fact or appearance. Committee approval is required for plans to engage the external auditor to perform non-audit services or if an individual who provided external audit services is employed into a management position at the Bank.

  5. In accordance with Bank and Board of Governors' policies, engage independent counsel and other advisors and/or following recommendation to the Board of Directors and consultation with the Board of Governors, engage its own external audit firm when necessary to fulfill its duties, including its fiduciary responsibilities.

C.  Risk Management and Compliance Oversight

  1. Oversee the Bank's enterprise risk management program which includes management of compliance risks associated with failure to comply with laws and regulations.

  2. Assess and provide feedback to Bank management on its strategic, operational, and compliance risk exposures, and monitor management efforts to mitigate these risks. The Committee shall receive reports on these matters, including, but not limited to, annual updates from the Federal Reserve Financial Services (FRFS) Enterprise and Federal Reserve System Chief Payments Executive.

  3. Review reports from the Bank's Compliance Officer regarding the state of the Compliance function, the level of compliance risk exposures, and actions taken to mitigate these exposures. The state of the Compliance function includes compliance programs established by the Bank to address compliance risks, including but not limited to the Bank's Anti-Money Laundering, Office of Foreign Assets Control (counter-terrorism financing) programs, and the compliance functions and activities provided to FRFS.

D.  Concerns Regarding Accounting, Internal Controls and Audit Matters

  1. Audit and Operational Risk Committee members should be prepared to answer inquiries from the external auditors, especially concerning fraud and the mitigation of fraud risks.

    Statement on Auditing Standards No. 99, "Consideration of Fraud in a Financial Statement Audit (SAS 99)," requires the external auditors to obtain information to identify the risks of material misstatement due to fraud, including making specific inquiries of management, the General Auditor, and the Audit and Operational Risk Committee. Members of the Audit and Operational Risk Committee should be prepared to answer the auditors' questions about the risks of fraud in the Bank and whether the Committee members have knowledge of fraud or suspected fraud affecting the Bank. Audit and Operational Risk Committee members should also be prepared to discuss how the Audit and Operational Risk Committee exercises oversight of the assessment of the risk of fraud and activities that mitigate those risks.

    Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 18, Related Parties (AS 18) and Auditing Standard No. 16, Communications with Audit Committees (AS 16), and associated amendments to other auditing standards, require external auditors to heighten their attention in three areas: (i) related-party transactions of the company; (ii) significant unusual transactions; and (iii) financial relationships and transactions with executive officers of the company, including executive compensation arrangements. These transactions and relationships pose an increased risk of material misstatement in financials due to fraud, conflict of interest, or error. Audit and Operational Risk Committee members should be prepared to discuss with external auditors the Committee's understanding of such matters and whether any concerns exist.

  2. The Committee shall establish procedures for (1) the confidential, anonymous submission by Bank employees of complaints and concerns regarding questionable accounting practices, internal controls, or audit matters and (2) the receipt, retention, and treatment of such complaints and concerns.

E.  Personnel Actions

  1. Formally appraise the performance of the General Auditor, following guidelines set forth by the Bank for evaluating the performance of its officers.

  2. Initiate for Board of Directors' approval all actions affecting the appointment, salary, or classification of the General Auditor.

  3. Initiate for Board of Directors' approval the appointment and termination (including separation payments) of the General Auditor. Obtain from the General Auditor information regarding any termination, suspension, modification of salary, or demotion affecting any audit officer. Committee concurrence is required for any reassignment of the General Auditor to another position in the Bank.

F.  Departmental Oversight Matters

  1. Review and approve the annual audit program to determine that it includes audits whose scope and frequency provide an appropriate level of audit attention and, when necessary or practical, that audit coverage is coordinated with other external audits (i.e. Board of Governors, Treasury, etc.).

  2. Review and approve the annual audit resource plan and budget to determine that it is sufficient to carry out an effective audit program. Also, periodically review the resource plan and budget against actual performance and review justifications for any significant variances from existing System and Bank guidelines.

  3. Annually review the formal written charters of the Audit and Operational Risk Committee and the Audit Department, and review Committee activities to ensure the charter is being fulfilled.

  4. Obtain the full Board of Directors' approval of the Audit and Operational Risk Committee charter when changes are warranted.

AUDIT AND OPERATIONAL RISK COMMITTEE INTERACTION

Information and reports reviewed by the Audit and Operational Risk Committee and Executive Committee may each be of interest to the other and should be provided to the other as appropriate. Joint meetings of these committees to review and discuss topics of mutual interest may be beneficial on occasion.


1 Monitoring of certain key enterprise risks may also be within the purview of other committees.

2 Audit results and matters of concern related to Bank Supervision and Regulation will be referred to the Executive Committee of the Board of Directors.