S&T Bancorp : Technology and Operations Committee Charter (Technology and Operations Committee Charter 2026 05 022e52)
STBA
Published on 05/15/2026 at 03:37 pm EDT
The Technology & Operations Committee ("Committee") is appointed by the Board of Directors (the "Board") of S&T Bancorp, Inc. and S&T Bank (collectively, the "Company") and is authorized to perform its functions for and on behalf of the Company and its subsidiaries (collectively, "S&T"). The Committee shall be a joint committee of S&T Bancorp, Inc. and S&T Bank (collectively and/or individually herein, as the case may be, "S&T"). This Committee Charter ("Charter") governs the operations of the Committee and identifies the Purpose, Membership, Meeting Requirements, Responsibilities and Duties, Reporting and Recommendations, and Resources and Authority of the Committee.
The primary purpose of the Committee is to assist the Board in fulfilling its oversight responsibilities with respect to the overall role of technology in executing S&T business strategy, including, but not limited to: technology strategy and trends; substantial/major technology investment; information and bank security; and operational performance and resilience. Additionally, discussion will inform Enterprise Risk Management Program conclusions related to technology and operational risks. The Committee shall also assist the Board and its other committees that oversee specific technology and operations related issues and serve as a resource to management.
Committee members are appointed annually by the Board on the recommendation of the Nominating and Corporate Governance Committee ("NCGC"). The members shall serve until their successors are duly elected and qualified by the Board or until such member's earlier resignation or removal. The Committee shall be comprised of three or more members.
The Board will appoint one of the members of the Committee to serve as its chairperson. The Committee may delegate to its chairperson such power and authority as the Committee deems to be appropriate, except such powers and authorities required by law or regulation to be exercised by the whole Committee or a subcommittee of at least two members. The Committee may also appoint a secretary, who need not be a director.
The Committee shall meet as often as it determines is necessary and appropriate but is expected to meet quarterly preceding regularly scheduled Board meetings. The Chairperson shall have the authority to call a special meeting of the Committee or seek a unanimous written consent of the Committee whenever he or she deems such a meeting or consent necessary or desirable. The Committee may meet in executive session without members of management in attendance at the Committee's discretion. Any member of the Committee may call for an executive session.
A majority of the members of the Committee shall constitute a quorum for the transaction of business, and the act of a majority of those present at any meeting at which a quorum is present, shall be the act of the Committee. Members of the Committee may participate in a meeting of the Committee by means of a conference call or similar communications equipment by means of which all persons participating in the meeting can hear each other.
Any director, officer or employee of S&T, outside counsel, independent auditor or other person may attend meetings, as the Committee deems appropriate.
The primary responsibility is oversight. In performing their responsibilities, Committee members are entitled to rely in good faith upon S&T's records and upon information, opinions, reports or statements prepared or presented by any of S&T's officers or employees, or by any other person as to matters the member reasonably believes are within such other person's professional or expert competence and who has been selected with reasonable care by or on behalf of S&T. Each
member of the Committee also may rely in good faith upon actions taken by another committee of the Board as to matters within its designated authority.
In carrying out its responsibilities, the Committee believes its policies and procedures should remain flexible to enable the Committee to react to changing conditions and circumstances. The Technology and Operations Committee shall have the following responsibilities, with all requisite power and authority, on behalf of the Board, to perform and discharge such responsibilities:
Review at least annually the Company's overall technology strategy and the annual budget for the Company's technology program; inclusive of transformational technologies and/or strategic initiatives (e.g., digital, artificial intelligence (AI), automation, and data platform).
Review existing and future trends in technology that may affect the Company's strategic plans, including monitoring of overall industry and competitive landscape.
Review high-level enterprise technology design (e.g., network strategy, cloud strategy, data architecture).
Review strategy related to data and analytics platform and the use of data to drive decision-making.
Review significant technology capital investments and expenditures at planning stage and at key milestones.
Review technology third party strategy set forth by management, in coordination with Risk Management organization.
Oversee major risks, and management efforts to mitigate those risks, to the Company including: third party risks arising from its technology strategies, its legacy systems, and its related investments and operations; technology-related business continuity and disaster recovery programs; and its security program.
Review relevant key performance metrics and performance of completed major initiatives, including but not limited to, Vulnerability Management, Recovery Time Objective ("RTO"), and Recovery Point Objective ("RPO").
Oversee management processes regarding proposed new strategic initiatives, products, services, and lines of business to ensure such activities are within S&T's risk appetite, and risks are proactively mitigated.
Oversee management's efforts to implement and maintain an effective Information Security Program to ensure compliance with laws, regulations and regulatory policy by receiving regular reporting and materials from the Chief Security Officer ("CSO") for S&T's Information Security (Physical & Cybersecurity) Program. The Information Security Program encompasses protecting information assets, customer information, ensuring confidentiality, integrity, and availability, through administrative, technical and physical safeguards. This would include prompt reporting (i.e., no more than 36 hours post-identification per FDIC's guideline) of a cybersecurity incident that could materially disrupt, degrade, or impair the following in accordance with regulatory requirements:
The ability of S&T to carry out banking operations, activities, or processes, or deliver banking products and services to a material portion of its customer base, in the ordinary course of business;
Any business line of S&T, including associated operations, services, value;
Those operations of S&T, including associated services, functions and support, as applicable, the failure or discontinuance of which would pose a threat to the financial stability of the United States.
The CSO is responsible for promptly reporting such incidents to the Chief Risk Officer ("CRO"), Executive Management, and Board. A special meeting of the Board will be held, as deemed necessary by the Chair of the Board in consultation with the Chair of the Committee.
Oversee management's effort to implement and maintain a Bank Security Program designed to prevent wrongful destruction of bank property, discourage suspected and actual criminal activities, assist in identifying and apprehending persons who commit such acts and other security matters including the safety and security of our employees and guests.
Review material reporting on appropriate topics that the Committee deems relevant including, but not limited to, third party vendor management, model risk management, data governance, incident response, business continuity/disaster recovery, and other such programs.
Key Performance Metrics: Review relevant key performance metrics and performance of completed major initiatives, including but not limited to Service Level Agreements ("SLAs") and System Availability.
At least annually, review and approve the Company's key technology and operational policies, including any material revisions, to ensure alignment with the evolving strategy, regulatory requirements, and the Company's risk appetite.
Review significant risk management reports and findings of regulators, internal auditors, and independent external auditors, as applicable to the mandate of the Committee, including management's remediation plans and progress against such plans where finding(s) deemed significant.
Receive minutes from the Executive Technology & Operations Committee ("ETOC").
Annually review and approve applicable executive management committee charters.
In addition to any other reports that may be requested by the Committee from time to time, the Committee will review quarterly updates regarding regulatory and audit matters; technology performance; security posture; business continuity and disaster recovery testing results; significant initiatives including new, expanded, or modified products and services; emerging risks; and Key Risk and Key Performance Indicator results and any corresponding Management Action Plans.
The Committee shall review and reassess the adequacy of this Charter as needed, but at least annually, and recommend to the Board any proposed changes to this Charter.
The Committee shall provide for the maintenance of minutes of its meetings and report the Committee's activities to the Board with respect to such matters as are relevant to the Committee's discharge of its responsibilities and with respect to such recommendations, as the Committee may deem appropriate.
The Committee shall have the resources and authority appropriate to discharge its duties and responsibilities, including the authority to select, retain, terminate, and approve the fees and other retention terms of independent legal, accounting or other experts and advisors, as it deems necessary or appropriate. The Committee shall also have the authority, to the extent it deems necessary or appropriate, to ask S&T to provide the Committee with the support of one or more S&T employees to assist in carrying out its duties. S&T shall provide for appropriate funding, as determined solely by the Committee, for payment of compensation to any advisors retained by the Committee and to pay for ordinary administrative expenses of the Committee.
The Committee may authorize S&T's officers to take any and all actions necessary to implement actions approved by the Committee.
Approved: S&T Bancorp Inc. and S&T Bank Board of Directors 5/12/2026
Disclaimer
S&T Bancorp Inc. published this content on May 15, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on May 15, 2026 at 19:36 UTC.