EFTA01343863.pdf

Americas Region Reputational Risk Committee Policy Deutsche Bank Section 1: Scope and Responsibility The Americas Region supports business practices that comply with the Group Reputational Risk Management Program, as outlined in the DB Group Reputational Risk Management Program Policy dated May 9, 2011, and also complies with the requirements of the Group "Conduct of Meetings" policy. Within the Americas region, consideration of all reputational risk issues is the responsibility of the Americas Regional Governance Board (RGB). The RGB has delegated such consideration to the Americas Reputational Risk Committee (ARRC), a permanent sub-committee of the RGB. The governance requirements described in this remit are applicable to all businesses, infrastructure groups and employees in the United States, Canada, Latin America and the Cayman Islands. 1.1 Mission The ARRC functions as the senior regional approval and oversight committee in the Americas for reputational risk. The ARRC is responsible for the development of a regional reputational risk appetite, setting standards for ARRC review, establishing criteria for escalation within and outside the region, and providing guidance to assist the Business Divisions in identifying reputational risk issues for escalation to the ARRC. The ARRC provides oversight of the regional reputational risk appetite. 1.2 Tasks and Responsibilities of the ARRC The ARRC is responsible for reviewing, assessing, and opining on all reputational risk issues brought to the ARRC by businesses or Control & Support functions. Resolution of an issue means that the Committee may approve, approve with conditions, defer or reject any proposal presented. The ARRC is also responsible for escalating issues that cannot or should not be decided within the region (see Section 8). The ARRC has a responsibility to report all actions taken within the region through the RRN (Reputational Risk Network) for further aggregation on a global level. Lastly, the ARRC sets and monitors the regional risk appetite for reputational risk. The ARRC escalates unresolved issues first to the RGB and then if necessary to the North America Executive Committee (ExCo) regionally, and to the Group Reputational Risk Committee globally. Within the Americas region, all transacting businesses and/or reviewing Control & Support functions, are required to bring to the ARRC for review any transactions that give rise to a new reputational risk or increase an existing risk. Reputational risk, as defined in Group Policy, is: "...The threat that publicity concerning a transaction, counterparty or business practice involving a client will negatively impact the public's trust in DB..." Such risk can be found when adopting a client, undertaking a transaction, pursuing a particular business activity or proposition, or even in associating DB's name with that of a particular client, company or industry. A Reputational Risk Analysis Desk Guide (Appendix 1) has been developed by Compliance and Legal to assist businesses and control functions in reviewing the reputational risk aspects of a transaction or other venture, so that the decision to escalate issues for a reputational risk review can be made in an informed manner. Appendix 2 contains the criteria the business should apply when identifying reputational risk issues to be escalated to the ARRC. The grid defines which transactions can be handled within the business, within the business but with reporting to the ARRC and escalated to the ARRC for pre-approval. 2 For internal use only CONFIDENTIAL - PURSUANT TO FED. R. CRIM. P. 6(e) DB-SDNY-0028800 CONFIDENTIAL SDNY_GM_00174984 EFTA01343863