2018 Guide to Effective Proxies

2.16 Risk oversight | 219 6 TH EDITION | GUIDE TO EFFECTIVE PROXIES CALIFORNIA RESOURCES CORPORATION 2018 PROXY STATEMENT TheBoard’sRole inRiskOversight CALIFORNIA RESOURCES CORPORATION 27 The Board’s Role in Risk Oversight Our Company’s management is responsible for the day-to-day management of risks to the Company. The Board of Directors has broad oversight responsibility for our risk management programs. Oversees the managementof risks relating to the Company’sexecutive compensationplans andarrangements. COMPENSATION COMMITTEE BOARDOF DIRECTORS Oversees financial risksand theethical conductof the Company’sbusiness, including the steps theCompanyhas taken tomonitor andmitigate these risks,and reviews material related party transactions. AUDIT COMMITTEE Manages risks associatedwith the independenceof the BoardofDirectors andpotential conflictsof interest. NOMINATING AND GOVERNANCE COMMITTEE Responsible for overseeing the managementof risks inourCompany’s operations relating tohealth, safetyand theenvironment. HEALTH, SAFETYAND ENVIRONMENTAL COMMITTEE Informed through committee reportsandby thePresidentandCEOabout known risks to theCompany’s strategyandbusiness. Regularly reviews information regarding the Company’s credit, liquidityandoperations, including the risksassociatedwitheach. CAPITAL ONE FINANCIAL CORPORATION SECTIONI-CORPORATEGOVERNANCEATCAPITALONE The Board’s Role in Succession Planning Under the Corporate Governance Guidelines, the Board is responsible for maintaining a succession plan for the CEO. The Board has in place an effective planning process to select successors to the CEO and annually reviews the CEO succession plan. Our Board believes that the directors and the CEO should work together on succession planning and that the entire Board should be involved. Each year, as part of its succession planning process, our CEO provides the Board with recommendations on, and evaluations of, potential CEO successors. The Board reviews the senior executive team’s experience, skills, competencies and potential to assess which executives possess or can develop the attributes that the Board believes are necessary to lead and achieve the Company’s goals. Among other steps taken to promote this process throughout the year, the two levels of executives below the CEO, which include the CEO’s direct reports, often attend Board meetings and present to the Board, providing the Boardwithnumerousopportunitiestointeractwithourseniormanagementandassesstheirleadershipcapabilities. Our Board also has established steps to address emergency CEO succession planning for an unplanned CEO succession event. Our emergency CEO succession planning is intended to enable our Company to respond to an unexpected CEO transition by continuing our Company’s safe and sound operation and minimizing potential disruption or loss of continuity to our Company’s operations and strategy. There is also available, on a continuing basis as a result of the process described above, the CEO’s recommendation on a successor should the CEO become unexpectedly unable to serve. The Board also reviews annually the CEO’s emergency successor recommendations. The Board’s Role in Risk Oversight The Board believes that effective risk management and control processes are critical to Capital One’s safety and soundness, our ability to predict and manage the challenges that Capital One and the financial services industry faceand,ultimately,CapitalOne’slong-termcorporatesuccess. The enterprise-wide risk management framework defines the Board’s appetite for risk taking and enables senior management to understand, manage and report on risk. The risk management framework is implemented enterprise-wide and includes eight risk categories: compliance, credit, legal, liquidity, market, operational, reputationalandstrategic. Managementhasdevelopedriskappetitestatements withaccompanyingmetricswhich are meaningfulto theorganizationandreflect theaggregatelevelandtypesof riskCapitalOneiswillingto accept in order to achieve its business objectives, clarifying both risks the Company is actively taking and risks that are purposelyavoided. The Risk Committee is responsible for the oversight of enterprise risk management for the Company, and is responsible for reviewing and recommending to the Board for approval certain risk tolerances taking into account the Company’s structure, risk profile, complexity, activities, size, and other appropriate risk-related factors. Within management, enterprise risk management is generally the responsibility of the Chief Risk Officer, who has accountability for proposing risk tolerance and reporting levels related to all eight risk categories. The Chief Risk Officer is also responsible for ensuring that the Company has an overall enterprise risk framework and that it routinely assesses and reports on enterprise levelrisks. The ChiefRiskOfficer reports bothto theCEOandto the Risk Committee. The Audit Committee also plays an important risk oversight function, and oversees elements of compliance and legal risk. Each committee of the Board oversees reputation risk matters within the scope of their respective responsibilities. Finally the Board as a whole oversees the entire enterprise risk framework for the Company,includingtheoversightofstrategicrisk. The Board’s Role in Overseeing Cyber Risk As a financial services company entrusted with the safeguarding of sensitive information, our Board believes that a strong enterprise cyber strategy is vital to effective cyber risk management. Accordingly, our Board is actively engaged in the oversight of the Company’s cyber risk profile, enterprise cyber strategy implementation and key cyber initiatives. The Risk Committee receives regular updates from management on its cyber event preparedness efforts. The Risk Committee receives regular quarterly reports from the Chief Information Security Officer on the Company’s cyber risk profile and cybersecurity program initiatives and meets with the Chief Information Security Officer at least twice annually. The Risk Committee also meets periodically with third-party experts, as appropriate, to evaluate the Company’s cybersecurity program. The Risk Committee annually reviews and recommends the Company’s information security policy and information security program to the Board for approval. The Risk Committee is also responsible for overseeing cybersecurity and information security risk as 26 CAPITALONEFINANCIALCORPORATION 2018PROXYSTATEMENT Total of 02 pages in section CHENIERE ENERGY, INC. independentjudgment.InApril2018,theBoarddeterminedthatMr.Matherisindependent,anddoesnothavearelationshipthat mayinterferewiththeexerciseofhisindependentjudgment. Board Leadership Structure and Role in Risk Oversight BoardLeadershipStructure. Mr.BottaservesastheNon-ExecutiveChairmanoftheBoard.Mr.FuscoservesasPresidentandCEO. TheCompanyhasinplacestronggovernancemechanismstoensurethecontinuedaccountabilityoftheCEOtotheBoardandto providestrongindependentleadership,includingthefollowing: • theNon-ExecutiveChairmanoftheBoardprovidesindependentleadershiptotheBoardandensuresthattheBoardoperates independentlyofmanagementandthatdirectorshaveanindependentleadershipcontact; • eachoftheBoard’sstandingcommittees,includingtheAudit,CompensationandGovernanceandNominatingCommittees,are comprised of and chaired solely by non-employee directors who meet the independence requirements under the NYSE AmericanlistingstandardsandtheSEC; • the independent directors of the Board, along with the Compensation Committee, evaluate the CEO’s performance and determinehiscompensation; • theindependentdirectorsoftheBoardmeetinexecutivesessionswithoutmanagementpresentandhavetheopportunityto discusstheeffectivenessoftheCompany’smanagement,includingtheCEO,thequalityofBoardmeetingsandanyotherissues andconcerns;and • theGovernanceandNominatingCommitteehasoversightofsuccessionplanning,bothplannedandemergency,andtheBoard hasapprovedanemergencyCEOsuccessionprocess. TheBoardbelievesthatitsleadershipstructureassiststheBoard’sroleinriskoversight.Seethediscussiononthe“Board’sRolein RiskOversight”below. Non-Executive Chairman of the Board . The Non-Executive Chairman of the Board position is held by Mr. Botta, an independent director.TheBoardhasappointedtheindependentChairmanoftheBoardtoprovideindependentleadershiptotheBoard.The Non-ExecutiveChairmanoftheBoardroleallowstheBoardto operateindependentlyofmanagementwiththeNon-Executive Chairman of the Board providing an independent leadership contact to the other directors. The responsibilities of the Non-ExecutiveChairmanoftheBoardaresetoutinaNon-ExecutiveChairmanoftheBoardCharter.Theseresponsibilitiesinclude thefollowing: • presideatallmeetingsoftheBoard,includingexecutivesessionsoftheindependentdirectors; • call meetings of the Board and meetings of the independent directors, as may be determined in the discretion of the Non-ExecutiveChairmanoftheBoard; • work with the CEO and the Corporate Secretary regarding the schedule of Board meetings to assure that the directors have sufficienttimetodiscussallagendaitems; • preparetheBoardagendasincoordinationwiththeCEOandtheCorporateSecretary; • advise the CEO of any matters that the Non-Executive Chairman of the Board determines should be included in any Board meetingagenda; • advise the CEO as to the quality, quantity, appropriateness and timeliness of the flow of information from the Company’s managementtotheBoard; • recommendtotheBoardtheretentionofconsultantswhoreportdirectlytotheBoard; • actasprincipalliaisonbetweenthedirectorsandtheCEOonallissues,including,butnotlimitedto,relatedpartytransactions; • inthediscretionoftheNon-ExecutiveChairmanoftheBoard,participateinmeetingsofthecommitteesoftheBoard; • intheabsenceoftheCEOorasrequestedbytheBoard,actasthespokespersonfortheCompany;and • beavailable,ifrequested,forconsultationanddirectcommunicationwithmajorshareholdersoftheCompany. Board’s Role in Risk Oversight . Risks that could affect the Company are an integral part of Board and committee deliberations throughouttheyear.TheBoardhasoversightresponsibilityforassessingtheprimaryrisks(includingliquidity,credit,operations and regulatory compliance) facing the Company, the relative magnitude of these risks and management’s plan for mitigating theserisks.InadditiontotheBoard’soversightresponsibility,thecommitteesoftheBoardconsidertheriskswithintheirareasof responsibility.TheBoardanditscommitteesreceiveregularreportsdirectlyfrommembersofmanagementwhoareresponsible for oversight of particular risks within the Company. The Audit Committee discusses with management the Company’s major financial and risk exposures and the steps management has taken to monitor and control such exposures, including the Company’s risk assessment and risk management policies. For a discussion of the Compensation Committee’s risk oversight, CheniereEnergy,Inc. NoticeofAnnualMeetingofShareholdersand2018ProxyStatement 15 Total of 02 pages in section DOVER CORPORATION KeyAreasofBoardOversight Long-Term BusinessStrategy • OneoftheprimaryresponsibilitiesofourBoardisthe oversightofmanagement’s long-termstrategyandplanning .Accordingly,ourBoardmaintainsadeeplevel ofengagementwithmanagementinsettingandoverseeingDover’slong-term businessstrategy. • TheApergyspin-offannouncementwastheculminationofa comprehensive processpubliclyannouncedonSeptember12,2017todeterminethebest separationalternativetomaximizeshareholdervalue . • AspartofitsreviewofstrategicalternativesfortheseparationofApergy,ourBoard consideredanumberofoptions,includingatax-freespin-off,saleorotherstrategic combination.Uponcompletingthisassessment,ourBoarddeterminedthata tax-freespin-offwastheoptionthatwouldcreatethebestlong-term resultsforthebusinessesandthemostvalueforshareholders . • Webelieveour coreplatformbusinesses arewell-positionedfor long-term sustainablegrowthandreturns . CapitalAllocation • OurBoardisfocusedonthe efficientallocationofcapitaltodrivegrowthand providereturnstoourshareholders . • Businessesinourportfolioarecontinuallyevaluatedfor strategicfit andour acquisitionsare targetedinourkeygrowthmarkets whichincludeprintingand identification,refrigerationandfoodequipment,pumps,fuelingandtransport, hygienicandpharmaandselectenergymarkets. • Weconsistently returncashtoshareholders bypaying dividends ,which have increasedannuallyovereachofthelast62years . • Wewillalsoplantocomplete $1billionofsharerepurchases bytheendof2018 aspartofourcapitalallocationstrategy. RiskManagement • OurBoardbelievesthat riskoversight istheresponsibilityoftheBoardasawhole andnotofanyoneofitscommittees. • TheBoardperiodicallyreviewstheprocessesestablishedbymanagementto identifyandmanagerisksand communicates withmanagementaboutthese processes. • Wehaveestablishedariskassessmentteamconsistingofseniorexecutives,which annually,withtheassistanceofaconsultant,overseesariskassessmentmadeat thesegmentandoperatingcompanylevelsand,withthatinformationinmind, performsanassessmentoftheoverallrisksourcompanymayface.Eachquarter, thisteamreassessestherisksattheDoverlevel,theseverityoftheserisksandthe statusofeffortstomitigatethemand reportstotheBoard onthatreassessment. SuccessionPlanning • AnotheroftheBoard’sprimaryresponsibilitiesis overseeingasoundBoardand managementsuccessionprocess .TheBoardhasdevelopeda comprehensive plan toaddressmanagementsuccession—bothoverthelongtermandfor emergencypurposes.Theframeworkforthelong-termplanincludesthoughtful, deliberatemonitoringofmanagementbeyondourtopexecutivestoensureDover continuestobuildadeepinternalbenchoftalent. • TherecentappointmentofMr.TobinasourincomingPresidentandCEO representstheculminationofourBoard’sactiveengagementinathoughtfuland comprehensivesuccessionplanningprocess. • TheBoardhasalsofocusedonits ownsuccessionplan ,whichdrivesnotonly ourdirectorselectionefforts,butalsohowweapproachBoardandcommittee leadershipstructureandmembership,witha focusoncriticalboardskills, diversityandindependence . Cybersecurity • ThefullBoardhasbeenbriefedonenterprise-wide cybersecurityrisk management andtheoverallcybersecurityriskenvironment.TheAuditCommittee overseesmajortasksrelatedtocybersecurityriskmanagement,periodically monitorstheCompany’sresponsesystemsandmeetswiththeChiefInformation Officeronatleastanannualbasis. • DoveremploystheNationalInstituteofStandards&TechnologyFrameworkfor ImprovingCriticalInfrastructureCybersecurity( TheNISTFramework ).This voluntaryguidancedevelopedwithmuchprivatesectorinputprovidesaframework andatoolkitfororganizationstomanagecybersecurityrisk. DOVERCORPORATION – 2018ProxyStatement 23