Risk and Technology Committee
FIDELITY NATIONAL INFORMATION SERVICES, INC.
RISK AND TECHNOLOGY COMMITTEE CHARTER
The purpose of the Risk and Technology Committee (the “Committee”) of the Board of Directors(the “Board”) ofFidelityNationalInformation Services,Inc.(the “Company”)is primarily to assist the Board in its oversight of executive management’s responsibilities for the management of the Company’s overall operational, information security, strategic, reputational, technology and other risks, including, without limitation, merchant credit risk (collectively, the “Enterprise Risks”).
While the Committee has the responsibilities and duties set forth in this Charter, the Company’s management is responsible for designing, implementing and maintaining an effective Enterprise Risk management framework and technology program.
The Committee shall consist of three or more directors, as determined by the Board from time to time. Each member of the Committee shall meet all applicable independence and other requirements in accordance with the requirements of applicable law and the New York Stock Exchange. The members and the chairperson of the Committee shall be appointed and removed by theBoard, acting on the recommendation of the Corporate Governance and NominatingCommittee.
The Committee shall meet at least four times each year at a time and place determined by the Committee chairperson, with further meetings to occur, or actions to be taken by unanimous written consent, when deemed necessary or desirable by the Committee or its chairperson. A majority of the members of the Committee present at a meeting shall constitute a quorum.
The chairperson shall preside at all meetings of the Committee and shall set the agenda. In the absence of the chairperson at a duly convened meeting, the Committee shall select a member of the Committee to serve as chairperson of the meeting. The chairperson shall report the Committee’s actions, recommendations and findings to the Board at the next regularly scheduled Board meeting following a Committee meeting.
All determinations of the Committee shall be made by a majority of its members present at a duly convened meeting. In lieu of a meeting, the Committee may act by unanimous written consent.
The Committee may, in its discretion, delegate all or a portion of its authority to subcommittees or individual members of the Committee as it deems appropriate. The Committee may invite such members of management and other persons to its meetings as it may deem desirable or appropriate.
The Committee chairperson may liaise with the chairperson ofthe Audit Committee to assist the Audit Committee in itsreview of the Company’sfinancial and compliance risks, as set forth in the Audit Committee charter. The Committee chairperson may liaise with the chairperson of the Audit Committee, at their discretion, to organize and conduct joint meetings of the two committees on topics of common interest. The Committee chairperson also may liaise with the chairperson of the Compensation Committee to assist the Compensation Committee in its consideration of the Company’s Enterprise Risks as they relate tothe Company’s compensation policies and practices.
The Committee will meet periodically in separate sessions with management, when and as it deems appropriate.
IV. Specific Duties and Responsibilities.
The specific duties and responsibilities of the Committee include:
- Oversee executive management’s overall deployment of an Enterprise Risk framework and itsrisk measurement methodologies.
- Review with executive management the Company’s policies, procedures and standards for identifying and managing Enterprise Risk and the Company’s compliance with, and performance against, those policies, procedures and standards.
- Review, discuss with executive management, and oversee theCompany’s data security risk strategy and data security risk policies and controls.
- Review and discuss with executive management the Company’s Enterprise Risk strategy and Enterprise Risk policies andcontrols.
- Review and discuss with executive management any material reports or inquiries from regulatory or governmental agencies of the Company related to the Enterprise Risks and remediation plans related to such risks.
- Oversee the Company’s technology planning and strategy, including integration, investments, expenditures, innovation, modernization and response to client, competitor, market and industry trends and disruptions.
- Review with executive management the Company’s technology program performance against financial, operational, cyber security, application compliance, regulatory, service delivery, talent and key performance objectives.
- Review future trends in technology that may affect the Company’s strategic plans, including monitoring of overall industry trends.
- Receive, as and when appropriate, reports from internal auditors and members of management on the results of Enterprise Risk management reviews and assessments.
- Conduct periodic assessments of the state of the Company’s management culture.
- Conduct an annual evaluation of the Committee’s own performance and report to the Board the results of its self-evaluation. As part of its self-evaluation process, the Committee shall assessthe adequacy ofthisCharter. The Committee may recommend amendments to this Charter at any time and submit amendments for approval to the Board.
- Discharge any other responsibilities or duties delegated to the Committee by the Board from time to time.
The Committee’s role is one of oversight, recognizing that the Company’s management is responsible for assessing and managing the Company’s Enterprise Risks. The Company’s management is responsible for designing, implementing and maintaining an effective and appropriate Enterprise Risk management program, which is overseen by the Committee in accordance with its responsibilities and powers set forth in this charter. The Company’s management is also responsible for providing appropriate reporting and information that will allow the Committee to perform its oversight role effectively.
The Committee has the authority to retain counsel or other advisors, in its sole discretion, and to agree to such fees and other retention terms with any provider of services to the Committee as the Committee may deem necessary. The Committee also has the authority to incur such administrative expenses as are necessary to carry out its duties.
In fulfilling its responsibilities and duties, the Committee shall consider, among other things, the potential effect of any matter on the Company’s reputation.
Last reviewed: January , 2021
- Financial Expert
- Independent Director