FIRN CAPIPAR : Risk Committee Charter (Risk Committee Charter 2026 05 13 c679fc)

Published: 2026-05-13 16:57:14 ET FSUN

Published on 05/13/2026 at 04:57 pm EDT

The Boards of Directors (collectively, the "Board") of FirstSun Capital Bancorp (the "Company") and Sunflower Bank, National Association (the "Bank") have established the Risk Committee (the "Committee") for the purpose of overseeing the Company's and the Bank's enterprise-wide risk management framework and corporate risk function, including the strategies and supporting systems established by management to manage the major risks facing the Company and the Bank. The Committee shall ensure that risk processes are supported by both a risk governance structure that includes Board oversight, policies, risk limits, and delegated management risk committees and a culture that supports risk management objectives and reflects a model of shared accountability between delegated management committees, senior leadership, lines of business, and support functions. The Committee shall assist the Board and its other committees that oversee specific risk-related issues and serve as a resource to management by overseeing risk across the entire organization and risk universe. The Committee shall function as a joint committee of the Company and the Bank. References to the Company in this charter also include the Bank and all other subsidiaries of the Company.

The Committee shall consist of three or more members, each of whom shall be a member of the Board. At least a majority of the members of the Committee shall satisfy the independence requirements of The Nasdaq Stock Market ("Nasdaq") and any other laws, rules or regulations regarding independence applicable to the Company. At least one member of the Committee (as determined by the Board) shall have experience in identifying, assessing, and managing risk exposures of large, complex financial firms. The members of the Committee shall be appointed by the Board based on recommendations from the Nominating and Governance Committee of the Board, and the Board shall designate the Committee chair, who shall be an independent director under Nasdaq rules. The members of the Committee shall serve for such term or terms as the Board may determine or until earlier resignation, removal or death. The Board may remove any member from the Committee at any time with or without cause.

The Committee shall have the following duties and responsibilities:

Compliance Oversight

The Committee shall ensure that the Company is taking appropriate measures to address all applicable regulatory requirements, including those under the Bank Holding Company Act, Title 12 of the Code of Federal Regulations, the Patriot Act, the Bank Secrecy Act, the Community Reinvestment Act, and similar laws, rules and regulations.

The Committee shall review the terms and conditions of any and all orders, memoranda of understanding, written agreements, other agreements, supervisory letters or similar actions of any banking regulator (each, an "Order"), and monitor management's progress in taking the appropriate steps within acceptable timeframes, to comply with the requirements of the terms of any such Order.

The Committee shall work with the Audit Committee of the Board to ensure that any and all compliance audit-related deficiencies identified in any audit or Order are properly addressed and that the Audit Committee is informed of management's progress in responding to any audit or Orders.

The Committee shall review and approve those policies submitted by management pursuant to the Company's Policy Management Policy that are applicable to enterprise risk management, designed to comply with the terms of any Orders, or applicable laws, rules and regulations or under the Company's enterprise risk management framework.

Risk Management

Periodically, the Committee shall review and approve the Bank's risk management framework, including overseeing the development of appropriate risk capacity, risk appetite, risk tolerances, risk targets and risk limits.

The Committee shall ensure that the Bank is taking appropriate measures to apply consistent methodologies for identifying, assessing, managing, monitoring and reporting risk to the Company including key risk indicators, key performance indicators, and the risk categories developed pursuant to the Company's enterprise risk management framework and enterprise risk management program.

The Committee shall review and approve the adequacy of significant insurance coverages.

From time to time, the Committee shall review any material regulatory or legal risk to the Company.

Credit

The Committee shall oversee the administration and effectiveness of, and compliance with, the Bank's credit risk management framework and policies through the review of such processes, reports and other information as it deems appropriate, which may include reports relating to the following:

the Bank's loan-quality rating and examination review process;

the organizational structure and resources of the credit risk function;

adherence to credit risk appetite metrics and compliance with the Bank's guidelines and regulatory requirements regarding customer credit risk aggregation, concentration limits and credit quality and trends;

the Bank's management of new problem assets and non-performing assets, and the frequency and reasons for credit policy exceptions;

the Bank's international country exposures;

the credit stress testing framework and related stress test results; and

trends in the economy in general and in the lending industry in particular.

The Committee shall oversee management's significant judgements and estimates pertaining to the determination of an appropriate allowance for credit losses (ACL). This oversight includes:

Reviewing management's assessment and justification that the loan review system is sound and appropriate for the size and complexity of the institution;

Reviewing and approving management's assessment and justification for the amounts estimated and reported each period for the provision for ACL;

Reviewing reports regarding material matters addressed by the Allowance for Credit Losses Committee; and

Requiring management to periodically validate and, when appropriate, revise the ACL methodology.

The Committee shall oversee the Bank's internal loan review function. This oversight includes:

Annual review of the Bank's internal loan review plan, budget and staffing requirements and any plans to outsource internal loan review work to any third party;

Reviewing the status of the loan review plan and timeliness of completion, any significant plan changes, including the rationale for such changes, and any significant gaps in the loan review plan, including strategies management has developed to address deficiencies;

Reviewing any significant open issues arising out of internal and independent loan reviews, including corrective actions taken or underway and the schedule for resolving such open matters appropriate for the risk presented; and

Receiving, reviewing and discussing reports from the Bank's internal loan review function.

Information Security

The Committee shall oversee the administration and effectiveness of, and compliance with, the Company's information security program, which may include the following:

Reviewing policies established to ensure the effectiveness of the Company's information security program; and

Reviewing reports regarding material matters addressed by the Information Security Committee.

General

The Committee may exercise its authority to conduct or authorize examinations into any matters within its scope of responsibility.

To perform such other activities and functions as may be assigned to the Committee from time to time by the Board.

The Committee shall have the authority, in its sole discretion, to select, retain and obtain the advice and assistance of outside counsel and such other advisors as it deems necessary to fulfill its duties and responsibilities under this Charter. The Committee shall set the compensation and oversee the work of its outside counsel and any other advisors. The Committee shall receive appropriate funding from the Company, as determined by the Committee in its capacity as a committee of the Board, for the payment of compensation to its outside counsel and any other advisors.

The Committee shall have access to the books, records and facilities of the Company. The Committee may meet with employees of the Company and the Company's internal and external auditors, legal counsel, and consultants as and when it deems appropriate.

The Committee shall meet as often as it deems appropriate to carry out its responsibilities under this Charter, but not less frequently than quarterly. The Committee shall meet in executive session without the presence of management when the Committee determines, in its sole discretion. The Committee chairperson shall communicate with the Company's Chief Risk Officers with regard to any significant risk issues that arise between Committee meetings, including issues raised by management's Enterprise Risk Management Committee.

The Committee shall maintain minutes of meetings, which shall be approved by the Committee, and will report regularly to the Board regarding its actions and make recommendations to the Board as appropriate. The Committee is governed by the same rules regarding meetings (including meetings in person or by telephone or other similar communications equipment), action without meetings, notice, waiver of notice, and quorum and voting requirements as are applicable to the Board.

The Committee shall conduct an annual evaluation of the performance of its duties under this Charter and shall present the results of the evaluation to the Board. The Committee shall conduct this evaluation in such manner as it deems appropriate.

The Committee shall also review and assess the adequacy of this Charter at least annually and recommend any proposed changes to the Board for its consideration.

The Committee shall have the authority to delegate any of its responsibilities, along with the authority to take action in relation to such responsibilities, to one or more subcommittees as the Committee may deem appropriate in its sole discretion. Any subcommittee operating under delegated authority of the Committee shall report any decisions to the Committee at its next scheduled meeting.

Approved by the Risk Committee May 12, 2026 & Board as of May 13, 2026

Page

Disclaimer

Firstsun Capital Bancorp published this content on May 13, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on May 13, 2026 at 20:56 UTC.