SECTION I. Authority and Purpose
The Audit and Risk Committee of the Federal Reserve Bank of New York's Board of Directors operates under the bylaws of the Bank consistent with the policies of the Board of Governors of the Federal Reserve System (the Board of Governors). The committee, acting on behalf of the Board of Directors, performs the functions necessary to assess and ensure the effectiveness and independence of the Bank's internal audit function.

The Audit and Risk Committee is appointed by the Board of Directors (the Board) of the Federal Reserve Bank of New York (the Bank) for the purpose of assisting the Board in assessing (1) adequacy and effectiveness of the controls over financial reporting, (2) the Bank's external auditor's qualifications and independence, (3) the performance of the Bank's internal audit function and external auditors, (4) the adequacy and effectiveness of risk management operations, and (5) the adequacy and effectiveness of the Bank's compliance with legal and regulatory requirements.

SECTION II. Committee Membership
The Audit and Risk Committee shall consist of no fewer than three members and no more than five members. In no event may the Class A Directors constitute a majority of the Committee's membership. The members of the Audit and Risk Committee shall meet the independence and experience requirements of Section 4 of the Federal Reserve Act and, to the extent not inconsistent therewith, (a) System Letter 2622 (December 20, 2004), as the same may be amended, supplemented, superseded or otherwise modified, (b) the Rules of the New York Stock Exchange, (c) Section 10A(m)(3) of the Securities Exchange Act of 1934 (the "Exchange Act") and the rules and regulations of the Securities and Exchange Commission (the "Commission"), including but not limited to Subpart C, Canons of Ethics. At least one member of the Audit and Risk Committee shall be an audit committee financial expert as defined by the Commission. Audit and Risk Committee members shall not simultaneously serve on the audit committees of more than two public companies. The members of the Audit and Risk Committee shall be appointed by the Board on the recommendation of the Nominating and Corporate Governance Committee. Audit and Risk Committee members may be replaced by the Board.
SECTION III. Meetings
The Audit and Risk Committee has the authority to meet as often as circumstances require, but not less frequently than quarterly. A majority of the current members of the Audit and Risk Committee shall constitute a quorum for the transaction of business, and action by the Audit and Risk Committee shall be upon the vote of a majority of those present at any meeting at which a quorum is present. The Audit and Risk Committee shall meet at least once per year with the Bank's external auditor and the Bank's General Counsel. The Audit and Risk Committee shall meet periodically with management, the internal auditors and the external auditor in separate executive sessions. The Audit and Risk Committee may request any officer or employee of the Bank or the Bank's outside counsel or external auditor to attend a meeting of the Committee or to meet with any members of, or consultants to, the Committee. The General Auditor, in consultation with the committee chair, will approve the preparation of meeting agendas and distribution of agendas and other briefing materials to committee members in advance of meetings. The General Auditor will ensure that meeting minutes are prepared.
SECTION IV. Notational Voting
The Audit and Risk Committee may transact business through notational voting subject to the following restrictions:
  • the decision to allow notational voting on any particular matter shall be subject to the approval of the Chair of the Committee;

  • only actual votes shall be counted – silence shall not be interpreted as consent; and

  • action by the Committee pursuant to notational voting shall be upon a vote of a majority of the Committee members.
SECTION V. Committee Authority and Responsibilities
The Audit and Risk Committee shall consult with the Board of Governors with regard to the selection, compensation and performance of the external auditor, and shall do so at least annually. The Audit and Risk Committee shall recommend, if necessary, the termination of the external auditor. The Audit and Risk Committee shall be directly responsible for the oversight of the work of the external auditor (including resolution of disagreements between management and the external auditor regarding financial reporting) for the purpose of preparing or issuing an audit report or related work. The external auditor shall report directly to the Audit and Risk Committee.

The Audit and Risk Committee shall pre-approve all auditing services and permitted non-audit services (including the fees and terms thereof) to be performed for the Bank by its external auditor, subject to de minimus exceptions which are approved by the Audit and Risk Committee prior to the completion of the audit.

The Audit and Risk Committee shall have the authority, to the extent it deems necessary or appropriate, to retain independent legal, accounting or other advisors. The Bank shall provide for appropriate funding, as determined by the Audit and Risk Committee, for payment of compensation to the external auditor for the purpose of rendering or issuing an audit report and to any advisors employed by the Audit and Risk Committee.

The Audit and Risk Committee shall make regular reports to the Board and ensure that all audit recommendations and concerns receive proper attention by Bank management. The Audit and Risk Committee shall review and reassess the adequacy of this Charter annually, confirm that all responsibilities outlined therein have been carried out, and recommend any proposed changes to the Board for approval. The Audit and Risk Committee shall annually review the Audit and Risk Committee's own performance.

The Audit and Risk Committee shall receive reports from the General Counsel or the Corporate Secretary regarding risk events involving the Board of Directors, an individual Director, and/or the General Auditor, including but not limited to a waiver of any applicable policy. The Audit and Risk Committee shall be responsible for ensuring that risks involving the full Board, a Director, or the General Auditor are being properly managed by the person or entity responsible, including, where applicable, the full Board, a Board committee, an individual Board member, and/or senior Bank management.

The Audit and Risk Committee shall perform an annual self-evaluation of the committee's performance of its responsibilities as stated in the Bank's bylaws and this charter and determine whether obtaining an assessment by the General Auditor or other outside party would provide a useful additional perspective.

The Audit and Risk Committee, to the extent it deems appropriate, shall:

A. Financial Statement and Disclosure Matters

1. Ensure that the internal audit function has appropriate access to the documents and individuals needed to accomplish their assigned responsibilities.

2. Review with management and the external auditor the annual audited financial statements in both draft and final form and discuss any issues arising with respect to accuracy, fraud, or other irregularities.

3. Discuss with management and the external auditor significant financial reporting issues and judgments made in connection with the preparation of the Bank’s financial statements, including any significant changes in the Bank’s selection or application of accounting principles, any major issues as to the adequacy of the Bank’s internal controls and any special steps adopted in light of material control deficiencies.

4. Review and discuss reports from the external auditors on:

  • All critical accounting policies and practices to be used.

  • All alternative treatments of financial information within generally accepted accounting principles that have been discussed with management, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the external auditor.

  • Other material written communications between the external auditor and management, such as any management letter or schedule of unadjusted differences.

5. Discuss with management and the external auditor any off-balance sheet structures on the Bank’s financial statements.

6. Discuss with management the Bank’s major financial risk exposures and the steps management has taken to monitor and control such exposures, including the Bank’s risk assessment and risk management policies and control and governance processes.

7. Discuss with the external auditor any difficulties encountered in the course of the audit work, any restrictions on the scope of activities or access to requested information, and any significant disagreements with management.

8. Review disclosures made to the Audit and Risk Committee by the Bank’s President, First Vice President and the Bank’s Executive Vice President having responsibilities similar to those of a chief financial officer during their certification process about any significant deficiencies in the design or operation of internal controls or material weaknesses therein and any fraud involving management or other employees who have a significant role in the Bank’s internal controls.

B. Oversight of Bank's Relationship with the External Auditor
1. Review and evaluate the lead partner of the external auditor team.

2. Obtain and critically evaluate a report from the external auditor at least annually regarding (a) the external auditor’s internal quality-control procedures, (b) any material issues raised by the most recent internal quality-control review, or peer review, of the firm, or by any inquiry or investigation by governmental or professional authorities within the preceding five years respecting one or more external audits carried out by the firm, (c) any steps taken to deal with any such issues, and (d) all relationships between the external auditor and the Bank. Evaluate the qualifications, performance and independence
of the external auditor, including considering whether the auditor’s quality controls are adequate. The Audit and Risk Committee shall present its conclusions with respect to the external auditor to the Board.

3. Ensure the rotation of the lead (or coordinating) audit partner having primary responsibility for the audit and the audit partner responsible for reviewing the audit at least once every five years and in a manner otherwise consistent with the requirements of the laws applicable to public companies.

4. Recommend to the Board policies for the Bank’s hiring of employees or former employees of the external auditor who participated in any capacity in the audit of the Bank.

5. Discuss with the national office of the external auditor issues on which they were consulted by the Bank’s audit team and matters of audit quality and consistency.

C. Oversight of the Bank’s Internal Audit Activity
1. Recommend to the Board the appointment and termination (including separation payments) of the General Auditor, and to concur with any reassignment of the General Auditor to another position in the Bank.

2. Formally evaluate the performance of the General Auditor, following the guidelines set forth by the Bank for evaluating the performance of other officers.

3. Recommend to the Board, or a designated subset of the Board, all actions affecting the salary or classification of the General Auditor.

4. Approve all actions affecting the salary or classification of other officers assigned to the Internal Audit Activity.

5. Ensure that the General Auditor is not dependent on any Bank executive or operating officer for the security of his or her position and has access to the Board on a confidential basis.

6. Ensure that the Internal Audit Activity is independent of Bank management, both by intent and actual practice.

7. Review and approve any significant deviations from financial accounting practices.

8. Review the independence and effectiveness of the internal audit function to ensure that it operates in accordance with applicable and appropriate professional standards, including those endorsed by the Institute of Internal Auditors.

9. Review and approve the General Auditor’s Annual Audit Plan and any material changes to that Plan.

10. Review the reports to management prepared by the Internal Audit Activity for matters deemed significant by the General Auditor and management’s response to such reports.

11. Approve the Bank’s operational risk management policy/ approach and review Internal Audit Activity’s assessment of the Bank’s operational risk management framework and execution of same. The Bank’s operational risk management policy and framework should be designed to identify significant operational risks and should explain how of each such risk is managed.

12. Discuss with the external auditor and management the Internal Audit Activity responsibilities, budget and staffing and any recommended changes in the planned scope of the internal audit.

13. Annually, the Chair of the Audit and Risk Committee shall consult with the Chair of the Management and Budget Committee regarding the adequacy of the budget for the Audit Function.

D. Compliance, Credit and Risk Oversight Responsibilities
1. Obtain reports from senior management, the Chief Compliance Officer, the Bank’s General Auditor and the external auditor that the Bank is in conformity with applicable legal requirements and the Bank’s Code of Conduct. Such reports should include, among other things, and the Committee should review, the Bank’s process for communicating the Code of Conduct to employees and officers and compliance therewith, and the Bank’s investigation and follow-up regarding instances of non-compliance.

2. Obtain from the General Auditor an independent and objective assessment of (1) adequacy and effectiveness of the controls over financial reporting, (2) the adequacy and effectiveness of risk management operations, and (3) the adequacy and effectiveness of the Bank's compliance with legal and regulatory requirements.

3. Obtain reports from senior management and the Chief Compliance Officer regarding the policies, procedures, controls and risks related to the Bank’s procurement activities and vendor management.

4. Establish procedures for the receipt, retention and treatment of complaints received by the Bank regarding accounting, internal accounting controls or auditing matters, and the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters.

5. Discuss with management and the external auditor any correspondence with any governmental agencies and any published reports that raise material issues regarding the Bank’s financial statements or accounting policies.

6. Discuss with the Bank’s General Counsel legal matters that may have a material impact on the financial statements or the Bank’s compliance with applicable laws and its own policies.

7. Obtain reports from management and the General Auditor on the effectiveness of internal controls over compliance, credit, operational and other risks.

8. Authorize investigations into any matters within the committee's scope of responsibility.

9. Answer external auditors' questions, including those about the risks of fraud and whether Audit and Risk Committee members have knowledge of fraud or suspected fraud affecting the Bank. Committee members should be prepared to discuss the committee's assessment of fraud risk and related mitigation strategies.

SECTION VI. Limitation of Audit and Risk Committee's Role
While the Audit and Risk Committee has the responsibilities and powers set forth in this Charter, it is not the duty of the Audit and Risk Committee to plan or conduct audits or to determine that the Bank's financial statements and disclosures are complete and accurate and are in accordance with generally accepted accounting principles and applicable rules and regulations. These are the responsibilities of management and the external auditor.Effective as of January 16, 2014