2024 FINRA Audit & Risk Committee Charter
Purpose
The Audit & Risk Committee (Committee) is a standing committee of the FINRA Board of Governors (Board).1 This Charter and the FINRA Governance Guidelines govern the operations of this Committee.
As further described below, the Committee ensures the existence of adequate controls and the integrity of FINRA’s financial reporting process. The Committee recommends to the Board, and monitors the independence and performance of, the independent registered public accountants (IRPA) retained as outside auditors by FINRA. The Committee also directs and oversees all the activities of FINRA’s internal audit function, FINRA’s Ombudsman function and FINRA’s compliance with applicable legal and regulatory requirements and corporate policies. In addition, the Committee assists the Board in its oversight of FINRA’s enterprise risks.
Responsibilities
1. Oversee and Monitor the Existence of Adequate Controls and the Integrity of FINRA’s Financial Reporting Process
- Take the appropriate actions to set the overall corporate “tone” for quality financial reporting, sound business risk management practices and ethical behavior.
- Oversee FINRA’s financial reporting process on behalf of the Board and report the results of these activities to the Board.
- Discuss with management, the internal auditors and the IRPA the adequacy and effectiveness of the accounting and financial controls, including FINRA’s system for monitoring and managing business risk.
- Review and discuss with management and the IRPA, the audited financial statements of FINRA or its subsidiaries, including their judgment about the quality, not just acceptability, of accounting principles, the reasonableness of significant judgments and the clarity of the disclosures in the financial statements.
- Discuss the results of the annual audit and any other matters required to be communicated to the Committee by the IRPA under the U.S. generally accepted auditing standards (GAAP).
- Review with management and the IRPA (if they have reviewed unaudited financial statements), any unaudited financial statements prepared for external distribution, before distribution or publication of such financial statements. The Chair of the Committee may represent the entire Committee for the purposes of this interim review.
- Meet with the IRPA, with and without management present, to discuss the results of their annual audit.
- Prepare an Audit & Risk Committee report, consistent with such reports required by the Securities and Exchange Commission (SEC) to be included in annual proxy statements for public companies, for inclusion in FINRA’s Annual Report.
- Make a recommendation to the Board for approval of the financial statements for publication in FINRA’s Annual Report.
2. Recommend to the Board, and Monitor the Independence and Performance of, the IRPA Retained as Outside Auditors by FINRA
- Establish a clear understanding with management and the IRPA, that the IRPA is ultimately accountable to the Board and the Committee, and that the Committee has the ultimate authority and responsibility to evaluate and, where appropriate, replace the IRPA.
- Annually, obtain and review a report by the IRPA describing: (1) the firm’s internal quality control procedures; (2) any material issues raised by the most recent internal quality control review, PCAOB inspection or peer review of the firm, or by any inquiry or investigation by governmental or professional authorities, and any steps taken to deal with any such issues; and (3) all relationships between the IRPA and the company to assess the auditor’s independence.
- Annually, review and recommend to the Board the selection of FINRA’s IRPA. In support of the Committee’s annual review of the IRPA, management will provide the Committee with the results of its formal survey and assessment of the IRPA’s performance.
- Set clear hiring policies for employees or former employees of the IRPA.
- Set and follow policies for review and approval of all IRPA services and fees, where such policies meet relevant requirements set by the SEC for publicly traded companies.
3. Review and Oversee All the Activities of FINRA's Internal Audit Function, Including But Not Limited to Management’s Responses to the Internal Audit Function
- Review and oversee the activities of the organization’s internal audit function to ensure the existence of a substantial, independent internal audit staff, which reports directly to the Committee and reviews all aspects of FINRA and its subsidiaries, including the regulatory and the disciplinary processes, and FINRA’s, and its subsidiaries’, systems.
- Although the Internal Audit Department and the Chief Audit Executive shall report directly to the Committee, the Committee may, in its discretion, direct that the Internal Audit Department also report to FINRA senior management on matters the Committee deems appropriate and may request that senior management perform such operational oversight as necessary and proper, consistent with preservation of the independence of the internal audit function.2
- Review and approve, at least annually, the Internal Audit Charter and the authority provided to the Internal Audit Department.
- Review and approve, at least annually, proposed internal audit plans for the coming year, the department budget and staff, significant interim changes to the plans, budget or staffing and the coordination of such plans with those of the independent auditors.
- Maintain exclusive authority to: (i) hire or terminate the Chief Audit Executive; (ii) determine the compensation of the Chief Audit Executive; and (iii) determine the budget for the Internal Audit Department.3
- Oversee and monitor the internal audit function’s compliance with the Institute of Internal Auditors’ (IIA) International Standards for the Professional Practice of Internal Auditing and Code of Ethics through discussion with the Chief Audit Executive, with management and through obtaining independent reviews at least every five years, as required by IIA Standards.
- Receive and review an annual report from the Chief Audit Executive on the results of an internal assessment of IA’s Quality Assurance and Improvement Program (QAIP). Such assessment will review and report on IA’s compliance with the IIA’s Attribute Standards, Performance Standards and Code of Ethics. The QAIP annual assessment will be provided to the Committee at the first meeting of each year unless otherwise approved by the Committee.
- Meet separately with the internal auditors, at least quarterly, to discuss matters as necessary to ensure that Internal Audit has the resources and management support necessary to effectively perform its duties.
- Receive and review periodic reports from management on the quality of internal controls in key risk and control areas (e.g., cyberattack/information security breach; significant business interruption; and insurable risk management).
- Receive and review summary reports from the internal auditors on the results of internal audits and management’s progress in responding to issues identified, and discuss with management any disagreements on the issues or delays in taking corrective actions.
4. Review and Oversee All the Activities of FINRA’s Ombudsman Function
- Review and oversee the activities of the organization’s Ombudsman function to ensure the existence of an independent Ombudsman staff, which reports directly to the Committee and conducts inquiries and investigation of complaints received from investors, member firms, registered representatives, employees and the general public related to FINRA operations and practices.
- Review and approve, at least annually, the Ombudsman Charter and the authority provided to the Ombudsman Office.
- Review and approve, at least annually, the proposed Ombudsman department budget and staff.
- Meet separately with the Ombudsman, as appropriate to discuss matters as necessary to ensure that the Ombudsman has the resources and management support necessary to effectively perform its duties.
- Receive and review summary reports from the Ombudsman on the results of its investigations, including trends in the numbers of inquiries or complaints received, the nature of issues identified, and any informal recommendations made by the Office to senior management.
5. Oversee and Monitor Compliance with Legal and Regulatory Programs, and Ethics Programs Established by Management and the Board
- Discuss with the Chief Legal Officer (CLO), management, the internal auditors and the IRPA the adequacy and effectiveness of programs for ensuring legal and ethical compliance.
- Review the activities of and consult with FINRA’s Ombudsman, particularly in circumstances in which management does not adequately respond to actions suggested by the Ombudsman.
- Receive from, and discuss with, management and internal audit, at least quarterly, a report of regulatory examination activities and the results reported from such activities, including the status of management’s proposed corrective actions.
- Receive from the CLO, at least annually, a report on ethics programs, to include administration of the programs, proposed changes to policy for the Committee’s approval and a summary of violations and corrective actions.
- Conduct an appropriate review of all related-party transactions and business relationships — particularly those types of transactions identified in SEC Regulation S-K, Item 404 — for potential conflict of interest situations and approve all such transactions before FINRA enters into the transaction.
- Establish procedures for handling complaints regarding accounting, internal accounting controls or auditing matters, and ensure that any such complaints are appropriately investigated.
6. Assist the Board in its Oversight of the Company’s Enterprise Risks
- Review and discuss management’s activities to establish and maintain an appropriate environment and culture at FINRA for sound business risk practices.
- Review and discuss FINRA’s enterprise risk management (ERM) program, including its executive leadership, headcount and budget, and structure.
- Engage in a dialogue with FINRA’s management, as and when appropriate, intended to enhance the effectiveness of processes to identify, assess and manage FINRA’s enterprise risks.
- Review and discuss reporting regarding FINRA’s enterprise risks, including ERM dashboard reporting and annual self-assessment results.
- Coordinate with the Board, committees and management to help ensure that the Board and committees receive the information necessary to permit them to fulfill their duties and responsibilities with respect to oversight of FINRA’s enterprise risks.
- Review the assignment of the Committee responsible for primary oversight for each enterprise risk for appropriateness.
- For each risk where the Committee is assigned primary oversight responsibility, meet at least once annually to review and discuss the assigned enterprise risk with the designated risk owners, including factors impacting the risk, risk mitigation activities, risk tolerances and metrics, and the results of the annual self-assessment of overall risk-management effectiveness and the risk prioritization, and provide a timely debrief on the enterprise risk discussions to the Board following each meeting.
7. The Committee shall maintain free and open communication among the Committee members, independent auditors, internal auditors, Ombudsman staff and management of FINRA.
8. The Committee is empowered to investigate any matter brought to its attention, in discharging its oversight role, with full access to all FINRA books, records, facilities and personnel.
Limitation of Powers and Allocation of Responsibilities
While the Committee has the responsibilities and powers set forth in this Charter, the role of the Committee is assisting the Board in its oversight responsibilities. Management of the Company is responsible for the preparation, presentation and integrity of FINRA's financial statements and for the effectiveness of internal controls over financial reporting. Management also is responsible for maintaining appropriate accounting and financial reporting principles and policies, as well as internal controls and procedures designed to provide reasonable assurance of compliance with accounting standards and related laws and regulations. The Internal Audit department is responsible for providing reliable and timely information to the Committee and senior management concerning the quality and effectiveness of, and the level of adherence to, FINRA's control and compliance procedures and risk management systems. The independent auditor is responsible for planning and carrying out an audit in accordance with GAAP.
In fulfilling their duties and responsibilities set forth herein, it is recognized that members of the Committee are not FINRA employees and even though one or more may be designated as an "Audit Committee Financial Expert" as defined in rules of the SEC, members of the Committee are not, and do not represent themselves to be, performing the functions of accountants or auditors, or providing expert or special assurance as to FINRA’s financial statements. Moreover, it is not the duty or responsibility of the Committee or its members to plan or conduct audits, to conduct "field work" or other types of auditing or accounting reviews or procedures, to determine that FINRA’s financial statements and disclosures are complete and accurate and in accordance with GAAP or international financial reporting standards (IFRS) and applicable rules and regulations, or to set auditor independence standards. Likewise, it is not the Committee’s responsibility to conduct investigations or to assure compliance with specific legal requirements or FINRA's Employee Code of Conduct.
Each member of the Committee will be entitled to rely, to the fullest extent permitted by law, upon the integrity of those persons or organizations within and outside of FINRA from whom it receives information, and the accuracy of the information.
Potential Conflicts of Interest
As further set forth in the FINRA Board Code of Conduct, no member of the Committee shall participate in the consideration or decision of any matter relating to a particular member, company or individual if such Committee member has a material interest in, or a professional, business or personal relationship with, that member, company or individual, or if such participation shall create an appearance of impropriety. A Committee member shall consult with the CLO to determine if recusal is necessary. If a member of the Committee is recused from consideration of a matter, any decision on the matter shall be by a vote of a majority of the remaining members of the Committee.4
Composition
The Committee shall consist of four or five members of the Board, with a majority being public governors and none of whom shall be officers or employees of FINRA.5 Each member of the Committee must meet the independence and experience requirements of Rule 10A-3 under the Securities Exchange Act of 1934. In addition, each member of the Committee must be financially literate, as such qualification is interpreted by the Board in its business judgment, or become financially literate within a reasonable time after appointment to the Committee.
The Committee shall designate, subject to Board approval, at least one of its members as an “Audit Committee Financial Expert” in accordance with applicable SEC regulations. The designation or determination by the Board of a person as an Audit Committee Financial Expert will not impose on such person individually, on the Committee, or on the Board as a whole, any greater duties, obligations or liability than would exist in the absence of such designation or determination. A public governor shall serve as Chair of the Committee.6
[Adopted February 6, 2008; Amended February 11, 2009; Amended February 13, 2013; Amended February 13, 2014; Amended February 12, 2015; Amended March 7, 2018; Amended March 10, 2023; Amended May 18, 2023; In addition, the Audit & Risk Committee reviews and reaffirms its charter annually.]
1 This Committee was appointed by the FINRA Board and delegated the responsibilities set forth in this Charter pursuant to and in accordance with Article VII, Section 1(c) and Article IX, Sections 1 and 5 of FINRA’s By-Laws.
2 See Article IX, Section 5(d) of FINRA’s By-Laws.
3 See id.
4 See Article IX, Section 5(c) of FINRA’s By-Laws.
5 See Article IX, Section 5(a) of FINRA’s By-Laws.
6 See id.