Risk Management Committee

FIRST FINANCIAL SERVICE CORPORATION
RISK MANAGEMENT COMMITTEE CHARTER

Purpose of the Risk Management Committee:

The purposes of the Risk Management Committee are to assist the Board of Directors in fulfilling its oversight responsibilities. The Committee’s primary duties and responsibilities are to:

• Monitor the integrity of the Corporation’s accounting and financial reporting principles and system of internal controls, internal accounting controls and disclosure controls and procedures;


• Monitor the Corporation’s internal audit function and the performance of the Corporation’s independent auditors; and


• Monitor compliance with legal and regulatory requirements.

In fulfilling their responsibilities hereunder, it is recognized that members of the Risk Management Committee are not full-time employees of the Corporation and are not, and do not represent themselves to be, accountants or auditors by profession or experts in the fields of accounting or auditing including in respect of external auditor independence. As such, it is not the duty or responsibility of the Risk Management Committee or its members to conduct "field work" or other types of auditing or accounting reviews or procedures or to set auditor independence standards, and each member of the Risk Management Committee shall be entitled to rely on:

• The integrity of those persons and organizations within and outside the Corporation from which it receives information,


• The accuracy of the financial and other information provided to the Risk Management Committee by such persons or organizations absent actual knowledge to the contrary (which shall be promptly reported to the Board of Directors), and Representations made by management as to any information technology, internal audit and other non-audit services provided by the independent external auditors to the Corporation.

Composition of the Risk Management Committee:

• The Risk Management Committee shall be comprised of at least three independent members of the Board of Directors, each of whom shall have no relationship to the Corporation, or to the executive officers of the Corporation or its subsidiaries or affiliates, that may interfere with the exercise of their independence from management and the Corporation, and shall not be compensated for any consulting, advisory or other services performed for the Corporation other than compensation received for Board of Directors and committee fees, and shall not be an affiliate of the Corporation or any of its subsidiaries.


• Each member of the Risk Management Committee must be able to read and understand fundamental financial statements, including the Corporation’s consolidated balance sheet, income statement, and cash flow statement.


• While not an absolute requirement, The Corporation will have at least one member of the Risk Management Committee who is considered to be a “financial expert” by virtue of their education and experience as a public accountant or auditor or principal financial officer of an SEC registrant.


• Members of the Risk Management Committee shall be appointed annually by majority vote of the Board of Directors and shall serve until the next annual meeting of the Board of Directors or until their successors shall be duly qualified and appointed.

Meetings of the Risk Management Committee:

The Risk Management Committee shall meet four times annually, or more frequently if circumstances dictate, to discuss with management the annual audited financial statements and quarterly financial results and the required certifications of the CEO and CFO. At least annually, the Committee should meet separately with the internal auditor and the independent external auditor, without any members of management being present, to discuss any matters that the Risk Management Committee or any of these persons or firms believes should be discussed privately.

The Risk Management Committee may request any officer or employee of the Corporation, or the Corporation’s independent counsel, or independent external auditors to attend a meeting or to meet with any members of or consultants to, the Risk Management Committee.

Responsibilities of the Risk Management Committee:

• The Committee’s principal responsibility is one of oversight. The Corporation’s management is responsible for preparing the financial statements and the outside auditors are responsible.


• The Risk Management Committee shall pre-approve all auditing services and permitted non-audit services (including the fees and terms thereof) to be performed for the Corporation by its independent auditor, subject to the de minimus exceptions for non-exceptions for non-audit services described in Section 10A(i)(1)(B) of the Exchange Act which are approved by the Committee prior to the completion of the audit.


• The Committee shall make regular reports to the Board. The Risk Management Committee shall review and reassess the adequacy of this Charter annually and recommend any proposed changes to the Board for approval. The charter will be published at least every three years in advance in accordance with SEC regulations.


• The Risk Management Committee shall establish a program of regular continuing education for all Risk Management Committee members to ensure that they are properly equipped to fulfill their responsibilities.


• The Risk Management Committee shall be responsible for informing the independent external auditor of any serious concerns regarding to the accuracy and integrity of the Corporation’s financial reporting, any serious concerns regarding the honesty and integrity of the Corporation’s management, and any serious concerns regarding the adequacy of the Corporation’s internal accounting and disclosure controls.

Financial Statement and Disclosure Matters:

The Risk Management Committee, to the extent it deems necessary or appropriate shall:

• Review and discuss with management and the independent accountant the annual financial statements, including disclosures made in management’s discussion and analysis, recommend to the Board whether the audited financial statements should be included in the Corporation’s Form 10-K.


• Review and discuss with management and the independent auditor the Corporation’s quarterly financial statements prior to the filing of its Form 10-Q, including the results of the independent auditor’s review of the quarterly financial statements.


• Discuss with management and the independent auditor significant financial reporting issues and judgments made in connection with the preparation of the company’s financial statements, including any significant changes in the Corporation’s selection of application of accounting principals, any major issues as to the adequacy of the Corporation’s internal controls and any special steps adopted in light of material control deficiencies


• Review and discuss reports from the independent auditors on:


• All critical accounting policies and practices to be used


• All alternative treatments of financial information within generally accepted accounting principles that have been discussed with management, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the independent auditor,


• Other material written communication between the independent auditor and management, such as any management letter or schedule of unadjusted differences.
• Discuss with management the Corporation’s earnings press release, including the use of “pro forma” or “adjusted” non- GAAP information, as well as financial information and earnings guidance provided to analysis and rating agencies. Such discussion may be done generally (consisting of discussing the types of information to be disclosed and the types of presentation to be made.


• Discuss with management and the independent auditor the effect of regulatory and accounting initiatives as well as off-balance sheet structures on the Company’s financial statement.


• Review and ratify all Corporation transactions with related parties, including loans and extensions of credit, fees and commissions for services, purchases or sales of assets, rental agreements, and any other financial arrangements. For purposes of this Risk Management Committee responsibility, the definition of related parties will follow the definition of insider loans as provided in Regulation O, of the federal banking regulations.


• Discuss with management the major financial risk exposures and the steps management has taken to monitor and control such exposure, including the risk assessment and risk management policies.


• Discuss with the independent auditor the matters required to be discussed by Statement on Auditing Standards No. 61 relating to the conduct of the audit, including any difficulties encountered in the course of the audit work, any restrictions on the scope of the activities or access to requested information, and any significant disagreements with management.


• Review disclosures made to the Audit Committee by the Company’s CEO and CFO during their certification process for the Form 10-K and Form 10-Q about any significant deficiencies in the design or operation of internal controls or material weaknesses therein and any fraud involving management or other employees who have a significant role in the internal controls.

Approval of Expenses of Executive Management:

All expenses of personnel defined as executive management for purposes of complying with banking regulations (Reg. O), shall be reported to the Risk Management Committee on a quarterly basis.

Oversight of the Corporation’s Relationship with the Independent External Auditor:

• The Risk Management Committee should recommend the appointment and/or discharge of the Corporation’s independent external auditor.


• The Risk Management Committee should pre-approve the compensation of the external auditor, and evaluate the external auditor's independence.


• Obtain and review a report from the independent auditor at least annually regarding (a) the independent auditor’s internal quality control procedures, (b) any material issues raised by the most recent internal quality control review, or peer review, of the firm, or by any inquiry or investigation by governmental or professional authorities within the preceding five years respecting one or more independent auditors carried out by the firm, and (c) any steps taken to deal with any such issues.


• The Risk Management Committee shall receive from the outside auditors on a periodic basis a formal written statement delineating all relationships between the outside auditors and the Corporation, consistent with the Independence Standards Board, Standard No. 1, regarding relationships and services, which may impact the objectivity and independence of the outside auditors, and other applicable standards. The statement shall include a description of all services provided by the outside auditors and the related fees.


• Ensure the rotation of the lead audit partner having primary responsibility for the audit and the audit partner responsible for reviewing the audit as required by law.

Internal and External Audit Plans:

The Risk Management Committee should review the annual audit plans of the internal audit division and the independent external auditor, including the degree of coordination of the respective plans.

The Risk Management Committee should inquire of the internal auditor and independent external auditor as to the extent to which the planned audit scope can be relied upon to detect material misstatements in the consolidated financial statements and other public disclosures, weaknesses in internal accounting and disclosure controls, and fraud.

Annual Proxy Statement Disclosure:

The Risk Management Committee should report audit activities to the Board of Directors and issue an annual report to be included in the Corporation’s proxy statement (including appropriate oversight conclusions) for submission to the shareholders. In addition, the Risk Management Committee should re-approve the Risk Management Committee Charter, annually, with a copy of the charter filed with the SEC every three (3) years, and after any amendments.

Internal Audit Supervision:

• The Risk Management Committee should also review the appointment and replacement of the senior internal auditing executive or outsourced internal audit service provider.


• At least annually, the Risk Management Committee should evaluate the effectiveness of the internal audit function and consider the need to make changes to ensure that the internal audit objectives are being met.


• The Risk Management Committee should review the periodic reports of internal audit division activities, including the opinion of the internal audit director or outsourced service provider regarding the adequacy of the Corporation’s internal accounting and disclosure control structure.

Fraud Reporting and Handling of Complaints:

• The Risk Management Committee shall have the responsibility for establishing procedures for the receipt, retention, and treatment of complaints received by the Corporation regarding accounting, internal accounting controls, or auditing matters; and the confidential, anonymous submission by employees of the Corporation of concerns regarding questionable accounting or auditing matters.


• Obtain reports from management the employees of the company are in conformity with the Corporation’s Code of Conduct and Ethics. Advise the Board with respect to the Corporation’s policies and procedures regarding compliance with the Code of Conduct and Ethics.


• The Risk Management Committee shall also establish procedures to ensure that no retaliation will be allowed to occur against anyone who reports potential fraud or a complaint in good faith.

Legal Counsel:

• The Risk Management Committee should meet regularly with the Corporation’s general in-house legal counsel and outside legal counsel, when appropriate, to discuss legal matters that have a significant impact on the Corporation's consolidated financial statements.


• An assessment of the Corporation’s legal liability should be reviewed for any pending or threatened litigation, including establishment of any appropriate reserves or financial disclosures until the matter is adjudicated.


• The Risk Management Committee may retain legal counsel at its discretion without prior permission of the Board of Directors or its management at the expense of the Corporation.

Funding:

The Corporation shall provide the Risk Management Committee with appropriate funding, as determined by the Risk Management Committee, in its capacity as a committee of the Board of Directors, for payment of compensation –

• To the registered independent external auditor employed by the Corporation for the purpose of rendering or issuing an audit report; and


• To any advisors employed by the Risk Management Committee.