EFTA01343920.pdf

Americas Region Reputational Risk Committee Policy Deutsche Bank Section 1: Scope and Responsibility The Americas Region supports business practices that comply with the Group Reputational Risk Management Program, as outlined in the DB Group Reputational Risk Management Program Policy dated May 9, 2011. Within the Americas region, consideration of all reputational risk issues is the responsibility of the Americas Regional Governance Board (RGB). The RGB has delegated such consideration to the Americas Reputational Risk Committee (ARRC), a permanent sub-committee of the RGB. The governance requirements described in this remit are applicable to all businesses, infrastructure groups and employees in the United States, Canada, Latin America and the Cayman Islands. 1.1 Mission The ARRC functions as the senior regional approval and oversight committee in North America for reputational risk. The ARRC is responsible for the development of a regional reputational risk appetite, setting standards for ARRC review, providing guidelines and criteria for escalation, and providing guidance to assist the Business Divisions in identifying reputational risk issues for escalation. The ARRC provides oversight of the regional reputational risk appetite. 1.2 Tasks and Responsibilities of the ARRC The ARRC is responsible for reviewing, assessing, and opining on all reputational risk issues brought to the ARRC by businesses or Control & Support functions. Resolution of an issue means that the Committee may approve, approve with conditions, defer or reject any proposal presented. The ARRC is also responsible for escalating issues that cannot or should not be decided within the region (See Section 8). The ARRC has a responsibility to report all actions taken within the region through the RRN (Reputational Risk Network) for further aggregation on a global level. Lastly, the ARRC sets and monitors the regional risk appetite for reputational risk. The ARRC escalates unresolved issues first to the RGB and then if necessary to the North America Executive Committee regionally, and to the Group Reputational Risk Committee globally. Within the Americas region, all transacting businesses and/or reviewing Control & Support functions, are required to bring to the ARRC for review any transactions that give rise to a new reputational risk or increase an existing risk. Reputational risk, as defined in Group Policy, is: "...The threat that publicity concerning a transaction, counterparty or business practice involving a client will negatively impact the public's trust in DB...' Such risk can be found when adopting a client, undertaking a transaction, pursuing a particular business activity or proposition, or even in associating DB's name with that of a particular client, company or industry. A Reputational Risk Analysis Desk Guide (see Appendix 1) has been developed by Compliance and Legal to assist businesses and control functions in reviewing the reputational risk aspects of a transaction or other venture, so that the decision to escalate to the ARRC for review can be made in an informed manner. This appendix contains the criteria the business should evaluate when identifying reputational risk issues to be escalated to the ARRC. 1.3 Responsibilities of Business and Support Primary responsibility for the identification, escalation and resolution of reputational risk issues resides with the businesses. The role of Control Groups is to assist and advise the businesses in ascertaining that such issues have been appropriately identified, escalated and addressed to 2 For internal use only CONFIDENTIAL - PURSUANT TO FED. R. CRIM. P. 6(e) DB-SDNY-0028884 CONFIDENTIAL SDNY_GM_00175068 EFTA01343920