Compliance and Information Security Committee


Envestnet, Inc.

Compliance and Information Security Committee Charter



(Last Amended by the Board of Directors – April 22, 2020)





    The Compliance and Information Security Committee (the “Committee”) was created by Envestnet’s Board of Directors (the “Board”) to provide oversight and leadership for the Company’s regulatory compliance programs and information technology security framework and to review, assess and make recommendations to the Company’s Board regarding regulatory compliance programs and information technology security framework. The Committee’s role is one of oversight, recognizing that the Company’s management is responsible for designing, implementing and maintaining the Company’s regulatory compliance programs and information technology security framework. The Committee shall have the authority and membership and shall operate according to the procedures provided in this Charter.
    1. The Committee shall have the authority (without seeking Board approval) to investigate any matter brought to its attention with full access to all books, records, facilities, and personnel of the Company and to retain special legal, accounting, forensic, information technology or other consultants to advise and assist the Committee.
    2. The Committee may request that any director, officer or employee of the Company, or the Company’s outside counsel or independent auditor, attend one or more meetings of the Committee or meet with any members of, or advisors to, the Committee.
    3. The Committee shall have available appropriate funding from the Company as determined by the Committee for payment of:
      1. compensation to any advisers employed by the Committee; and
      2. ordinary administrative expenses of the Committee that are necessary or appropriate in carrying out its duties.
    4. The Committee may form and delegate authority to subcommittees and management when appropriate, provided such delegation complies with any applicable rules of the Securities and Exchange Commission, the New York Stock Exchange (“NYSE”), the Federal Financial Institutions Examination Council, the Office of the Comptroller of the Currency or other applicable governmental or selfregulatory organization.
    1. The Committee shall consist of no fewer than three members, at least a majority of whom shall be determined by the Board to be independent within the meaning of the rules of the NYSE as such requirements are interpreted by the Board in its business judgment.
    2. The Nominating and Governance Committee shall recommend to the Board nominees for appointment to the Committee annually and as vacancies or newly created positions occur. Committee members shall be appointed by the Board and may be removed by the Board at any time. The Nominating and Governance Committee shall recommend to the Board, and the Board shall designate, the Chairman of the Committee.

    It is acknowledged that all of the areas of responsibility listed below may not be relevant to all of the matters and tasks that the Committee may consider and act upon from time to time, and the members of the Committee in their judgment may determine the relevance thereof and the attention such items will receive in any particular context. The Committee shall coordinate with the Audit Committee with respect to such matters that are within the purview of such committee. In addition, such responsibilities may also from time to time be performed by the full Board of Directors.

    The responsibilities of the Committee include:
    1. Evaluating the adequacy of the Company’s information security function, and the qualifications and background of selected information security officers.
    2. Review and approve the Company’s IT strategic plan, including its IT security strategy to protect against ongoing and emerging threats, including those related to cybersecurity.
    3. Reviewing information and data security initiatives and report to the Board from time to time regarding the sufficiency of the Company’s information and data security policies and business continuity and disaster recovery programs.
    4. Oversee and receive updates on major IT projects, IT budgets, IT priorities, and overall IT performance.
    5. Oversee the adequacy and allocation of IT resources for funding and personnel.
    6. Reviewing Company plans pertaining to information security and cyber threats, taking into account the potential for external threats, internal threats, and threats arising from transactions with trusted third parties and vendors.
    7. Reviewing and assessing the Company’s strategies and measures to identify, assess, monitor, control and mitigate information technology risks.
    8. Review and approve Company policies and frameworks relating to critical incident response plans, including escalation and reporting of significant security incidents to the board of directors, government agencies, and law enforcement, as appropriate.
    9. Overseeing processes for approving the Company’s third-party information technology service providers, including the third parties' financial condition, business resilience, and information technology security posture.
    10. Receiving reports regarding the results of reviews and assessments from the Company’s Risk Management Committee, Information Security Officers, Chief Compliance Officer, internal auditors and other internal departments as necessary to fulfill the Committee’s duties and responsibilities.
    11. Evaluating the adequacy of the Company’s regulatory compliance function, and the qualifications and background of selected compliance officers.
    12. Overseeing the Company’s selection of independent assessors for security assessments.
    13. Reviewing and making recommendations to the Board with respect to the Company’s regulatory compliance.
    14. Receiving and reviewing summaries of regulatory examination reports and management’s responses thereto.
    15. Meeting privately at least annually with each of the General Counsel, Chief Compliance Officer and Information Security Officers to discuss any matters that the Committee or such persons believe should be discussed privately with the Committee.
    1. The Committee shall keep a record of its proceedings.
    2. The Committee shall report to the Board periodically.
    3. At least annually, the Committee shall evaluate its own performance and report to the Board on such evaluation.
    4. The Committee shall periodically review and assess the adequacy of this charter and recommend any proposed changes to the Board.

    The Committee shall meet as often as it determines is appropriate to carry out its responsibilities under this charter, but not less frequently than twice per year. The Chairman of the Committee, in consultation with the other committee members, shall determine the frequency and length of the committee meetings and shall set meeting agendas consistent with this charter.
Gayle Crowell Luis A. Aguilar Valerie Mosley Anil Arora
  • Member
  • Chair
  • Financial Expert
  • Independent Director

Information is current only as of the date(s) indicated on the materials. We do not have any current intention, and expressly disclaim any obligation, to supplement, update or revise any of the information in these documents. The information contained in these documents should be considered accurate only as of the date of the relevant document. This information may change over time; therefore, visitors to this web site should not assume that the information contained in these documents remains accurate at a later time. Envestnet, Inc.'s press releases, presentations and printed remarks are included on this website for historical purposes only.

Except for historical information and discussions, statements set forth throughout this web site may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995 or other applicable laws. These statements involve a number of risks, uncertainties, and other factors that could cause actual results to differ materially, as discussed in the company's filings with the U.S. Securities and Exchange Commission.

Envestnet, Inc.'s financial performance is subject to risks and uncertainties, some of which are discussed in forward-looking statements contained in its reports filed with the U.S. Securities and Exchange Commission. Actual results may differ materially from those described in the forward-looking statements. The stock data above is presented for informational purposes only and is not intended for trading purposes. Stock information may be delayed and reflects stock splits. Historical investment performance is not an indication of future performance.

The information provided on the Investor Relations pages is hosted by a third party. Envestnet, Inc. does not control and is not responsible for any third party content and makes no representations as to the timeliness or accuracy of such content.