Investor Relations

Risk and Technology Committee

Risk and Technology Committee



I. Purpose.

The purpose of the Risk and Technology Committee (the “Committee”) of the Board of Directors(the “Board”) of Fidelity National Information Services, Inc. (the “Company”)is primarily to assist the Board in its oversight of executive management’s responsibilities for the management of the Company’s overall operational, information security, strategic, reputational, technology and other risks, including, without limitation, merchant credit risk (collectively, the “Enterprise Risks”).

While the Committee has the responsibilities and duties set forth in this Charter, the Company’s management is responsible for designing, implementing and maintaining an effective Enterprise Risk management framework and technology program.

II. Composition.

The Committee shall consist of three or more directors, as determined by the Board from time to time. Each member of the Committee shall meet all applicable independence and other requirements in accordance with the requirements of applicable law and the New York Stock Exchange. The members and the chair of the Committee shall be appointed and removed by the Board, acting on the recommendation of the Corporate Governance and Nominating Committee.

III. Meetings.

The Committee shall meet at least four times per year at a time and place determined by the Committee chair, with further meetings to occur, or actions to be taken by unanimous written consent, when deemed necessary or desirable by the Committee or its chair. A majority of the members of the Committee present at a meeting shall constitute a quorum.

The chair shall preside at all meetings of the Committee and shall set the agenda. In the absence of the chair at a duly convened meeting, the Committee shall select a member of the Committee to serve as chair of the meeting. The chair shall report the Committee’s actions, recommendations and findings to the Board at the next regularly scheduled Board meeting following a Committee meeting.

All determinations of the Committee shall be made by a majority of its members present at a duly convened meeting. In lieu of a meeting, the Committee may act by unanimous written consent.

The Committee may, in its discretion, delegate all or a portion of its authority to subcommittees or individual members of the Committee as it deems appropriate. The Committee may invite such members of management and other persons to its meetings as it may deem desirable or appropriate.

The Committee chair may liaise with the chair of the Audit Committee to assist the Audit Committee in its review of the Company’s financial and compliance risks, as set forth in the Audit Committee charter, or, at their discretion, to organize and conduct joint meetings of the two committees on topics of common interest. The Committee chair also may liaise with the chair of the Compensation Committee to assist the Compensation Committee in its consideration of the Company’s Enterprise Risks as they relate to the Company’s compensation policies and practices.

The Committee will meet periodically in separate sessions with management, when and as it deems appropriate.

IV. Specific Duties and Responsibilities.

The specific duties and responsibilities of the Committee include:

1. Oversee executive management’s overall deployment of an Enterprise Risk framework and its risk measurement methodologies.

2. Review with executive management the Company’s policies, procedures and standards for identifying and managing Enterprise Risk and the Company’s compliance with, and performance against, those policies, procedures and standards.

3. Review, discuss with executive management, and oversee the Company’s data security risk strategy and data security risk policies and controls.

4. Review and discuss with executive management the Company’s Enterprise Risk strategy and Enterprise Risk policies and controls.

5. Review and discuss with executive management any material reports or inquiries from regulatory or governmental agencies of the Company related to the Enterprise Risks and remediation plans related to such risks.

6. Oversee the Company’s technology planning and strategy, including integration, investments, expenditures, innovation, modernization and response to client, competitor, market and industry trends and disruptions.

7. Review with executive management the Company’s technology program performance against financial, operational, cyber security, application compliance, regulatory, service delivery, talent and key performance objectives.

8. Review future trends in technology that may affect the Company’s strategic plans, including monitoring of overall industry trends.

9. Receive, as and when appropriate, reports from internal auditors and members of management on the results of Enterprise Risk management reviews and assessments.

10. Conduct periodic assessments of the state of the Company’s management culture.

11. Conduct an annual evaluation of the Committee’s own performance and report to the Board the results of its self-evaluation. As part of its self-evaluation process, the Committee shall assessthe adequacy ofthisCharter. The Committee may recommend amendments to this Charter at any time and submit amendments for approval to the Board.

12. Discharge any other responsibilities or duties delegated to the Committee by the Board from time to time.

The Committee’s role is one of oversight, recognizing that the Company’s management is responsible for assessing and managing the Company’s Enterprise Risks. The Company’s management is responsible for designing, implementing and maintaining an effective and appropriate Enterprise Risk management program, which is overseen by the Committee in accordance with its responsibilities and powers set forth in this Charter. The Company’s management is also responsible for providing appropriate reporting and information that will allow the Committee to perform its oversight role effectively.

The Committee has the authority to retain counsel or other advisors, in its sole discretion, and to agree to such fees and other retention terms with any provider of services to the Committee as the Committee may deem necessary. The Committee also has the authority to incur such administrative expenses as are necessary to carry out its duties.

In fulfilling its responsibilities and duties, the Committee shall consider, among other things, the potential effect of any matter on the Company’s reputation.

Last reviewed: April 18, 2023

Lisa A. Hook Brian T. Shea James B. Stallings, Jr. Vijay D’Silva
  • Member
  • Chair
  • Financial Expert
  • Independent Director

Shareholder Tools