2018 Guide to Effective Proxies

6 TH EDITION | GUIDE TO EFFECTIVE PROXIES 216 ALASKA AIR GROUP Risk Oversight Air Group has adopted an enterprise-wide risk analysis and oversight program. This program is designed to: ‰ identify the various risks faced by the organization; ‰ assign responsibility for managing those risks to individual management executives who report directly to the applicable Committee; and ‰ align those management assignments with appropriate board-level oversight. The structure and reporting relationships and key areas of responsibility are shown below. Board ofDirectors Audit Committee RESPONSIBLEFORRISK OVERSIGHTPROGRAM Audit Committee OVERSEESENTERPRISE RISK Independant Accountant RiskOfficer ChiefEthics& ComplianceOfficer Chief Information Officer Compensation& LeadershipDevelopment Committee OVERSEESEXECUTIVE COMPENSATIONRISK Independant Consultant Safety Committee OVERSEESSAFETY RELATEDRISK VicePresident Safety Governance& NominatingCommittee OVERSEESBOARD& GOVERNANCERISK Corporate Secretary AirGroupRiskMatrix • Review internal controls& procedures • ReviewSEC filings • Provideaudit services for annual report • Day-to-daydesign & implementation ofprogram • Identifies risk issues foryear ahead • Reportsquarterly & reviews programannually • Corporate compliance program • CodeofConduct &Ethicspolicy • Investigates confidential complaints from Ethics& Compliance Hotline • Cybersecurity program; risk mitigationand response • IT infrastructure risk • Periodic review andassessment ofexecutive compensation program • Periodic review ofCEO development andsuccession plan • Monitorand review to reduce riskofsecurity andsafety incidents • Periodic reviewof health,safetyand environmental policiesand practices • Annual review andassessment ofboard& governance practices Under the program, a risk matrix has been developed and the organization’s most prominent risks have been identified. As shown above, responsibility has been assigned to appropriate executives, and assignments have been aligned for appropriate board oversight. Responsibility for managing these risks includes strategies related to both mitigation (acceptance and management) and transfer (insurance). The risk matrix is approved annually by the Audit Committee and regularly reviewed by the Board. The Audit Committee also receives quarterly updates regarding the program and an annual in-person review of the program’s status by the risk officer. Under the program, the Audit Committee also works with the risk officer and members of the management executive committee to annually identify the most pressing risk issues for the next year. This subset of the risk matrix is then designated for heightened oversight, including periodic presentations by the designated management executive to the appropriate board entity. Furthermore, these areas of emphasis regarding risk are specifically reviewed and discussed with executive management annually, and are incorporated into the development of the Company’s strategic plan for the coming year. 12 AMERICAN AIRLINES GROUP TowersWatsonpersonnelwhoperformedactuarialvaluationandconsultingservicesforusoperatedseparatelyand independentlyoftheWillisTowersWatsonpersonnelwhoperformedexecutivecompensation-relatedservicesforus. WhilethedecisiontoengageWillisTowersWatsonforsuchotherserviceswasmadebymanagement,theCompensation CommitteeassessedwhethertheservicesprovidedbyWillisTowersWatsonraisedanyconflictsofinterestpursuantto applicableSECandNASDAQrulesandconcludedthatnosuchconflictsofinterestexisted. Board Role in Risk Oversight TheBoardofDirectorsisresponsiblefortheoversightoftheCompany’songoingassessmentandmanagementof materialrisksimpactingourbusiness.TheBoardofDirectorsoverseestheCompany’senterprise-wideapproachtorisk management,whichisdesignedtosupporttheachievementoforganizationalobjectives,includingstrategicobjectives,to improvelong-termorganizationalperformanceandtoenhancestockholdervalue.Afundamentalpartofriskmanagement isnotonlyunderstandingtheriskswefaceandwhatstepsmanagementistakingtomanagethoserisks,butalso understandingwhatlevelofriskisappropriate.Managementisresponsibleforestablishingourbusinessstrategy, identifyingandassessingtherelatedrisksandestablishingappropriateriskmanagementpractices.TheBoardof Directors,eitherdirectlyorthroughoneormoreofitscommittees,reviewsourbusinessstrategyandmanagement’s assessmentoftherelatedriskanddiscusseswithmanagementtheappropriatelevelofrisk.TheBoardreliesoneach Boardcommitteetooverseemanagementofspecificrisksrelatedtothatcommittee’sfunction.TheCorporate GovernanceandNominatingCommitteeperiodicallyreviewstheCompany’sgovernance-relatedriskmanagement practices,andwithmanagement’sassistance,thecommitteehasdevelopedandcoordinatedtheBoard’scurrentrisk oversightprogram.TheBoardofDirectorshasnotestablishedaseparateriskcommitteebecausetheBoardofDirectors believesthatthemostsignificantriskswefacearemostproperlydirectlyoverseenbythefullBoardofDirectorsor,in certaincases,theappropriatestandingcommitteewhichconsidertheriskswithintheirareaofresponsibility. Forexample,ourmostsignificantstrategic,financialandoperationsrisksarefrequentlyreviewedbythefullBoardof Directors.TheBoardofDirectorsoverseesthemanagementofthelargestrisksweface,includingrisksassociatedwith safety,theday-to-dayoperationoftheairlineandtheinterruptionofairlineservice,revenueproduction,ourinformation technologysystems,businessrisksrelatedtocyber-security,andlaborissuesandcosts. TheAuditCommitteeoverseesourriskmanagementpoliciesthatrelatetothefinancialcontrolenvironment,financial reportinganddisclosurecontrolsandourproceduresforcompliancewithsignificantapplicablelegal,ethicaland regulatoryrequirementsthatimpactourfinancialstatements.TheAuditCommitteemeetsregularlywithourinternal auditors,independentauditors,ChiefFinancialOfficer,ExecutiveVicePresident—CorporateAffairs,SeniorVice President,GeneralCounselandChiefComplianceOfficer,VicePresidentandController,VicePresidentandDeputy GeneralCounsel,CorporateSecretary,ChiefInformationOfficer,ChiefInformationSecurityOfficer,andChiefPrivacy Officerandexternaladvisors.TheAuditCommitteereceivesregularriskandinternalcontrolsassessmentreportsfrom theindependentauditorsandinternalauditors.TheAuditCommitteealsoestablishesandmaintainsproceduresforthe receipt,retentionandtreatmentofcomplaintsreceivedbytheCompanyregardingaccounting,internalaccountingcontrols orauditingmattersandtheconfidential,anonymoussubmissionbyouremployeesofconcernsregardingquestionable accountingorauditingmatters.TheAuditCommitteealsoreviewscyber-securityandotherrisksrelevanttothe Company’scomputerizedinformationsystemcontrolsandsecurity. TheCompensationCommitteeoverseescompensationriskmanagementbyparticipatinginthecreationof,and approving,compensationstructuresthatcreateincentivesthatencourageanappropriatelevelofrisk-takingbehavior consistentwithourbusinessstrategy,asisfurtherdescribedinthesectionentitled“RiskAssessmentwithRespectto CompensationPractices”below.TheCompensationCommitteealsoworkswiththeChiefExecutiveOfficerandExecutive VicePresident—PeopleandCommunicationstooverseerisksassociatedwiththeretentionofourmostseniorexecutives. TheFinanceCommitteeoverseesfinancialriskbyworkingwithseniormanagementtoevaluateelementsofcreditrisk, advisingonfinancialstrategy,capitalstructureandliquidityneedsandreviewingourfinancialriskmanagementpolicies andpractices.OurChiefExecutiveOfficer,PresidentandChiefFinancialOfficermeetperiodicallywiththeFinance Committeetodiscussandadviseonelementsoftheserisks. Risk Assessment with Respect to Compensation Practices ManagementandtheCompensationCommittee,withthesupportofthecompensationconsultant,havereviewedthe compensationpoliciesandpracticesforouremployeesastheyrelatetoourriskmanagementand,baseduponthese reviews,webelievethatanyrisksarisingfromsuchpoliciesandpracticesarenotreasonablylikelytohaveamaterial adverseeffectonusinthefuture. 2018ProxyStatement | 33 Total of 02 pages in section AMERICAN EAGLE OUTFITTERS, INC. CORPORATE GOVERNANCE The following section discusses the Company’s corporate governance, including the role of the Board and its Committees. Additional information regarding corporate governance, including our Corporate Governance Guidelines, the charters of our Audit,CompensationandNominatingCommitteesandourCodeofEthicsthatappliestoallofourdirectors,officers(includingthe Principal Executive Officer, Principal Financial Officer and Principal Accounting Officer) and employees may be found on our Investorswebsiteat investors.ae.com .AnyamendmentsorwaiverstoourCodeofEthicswillalsobeavailableonourwebsite.A copyofthecorporategovernancematerialsisavailableinprinttoanystockholderuponrequest. The Role of the Board The Board is responsible for overseeing management, which is, in turn, responsible for the operations of the Company. The Board’s primary areas of focus are strategy, risk management, corporate governance and compliance, as well as evaluating managementandmakingchangesascircumstanceswarrant.Inmanyoftheseareas,significantresponsibilitiesaredelegatedto the Board’s Committees, which are responsible for reporting to the Board on their activities and actions. Please refer to “ Board Committees ”foradditionalinformationonourCommittees. Overseeingand Evaluating Management Strategy RiskManagement Compliance Corporate Governance TheBoard’sprimary responsibilitiesare oversight,counselingandprovidingdirection to themanagementof theCompany in the interestand for thebenefitof the Company's stockholders. Board Oversight of Risk Management TheBoardasawholehastheresponsibilityforriskoversightandmanagement,withafocusonthemostsignificantrisksfacingthe Company, including strategic, competitive, economic, operational, financial, legal, regulatory, compliance, and reputational risks. Inaddition,BoardCommitteesoverseeandreviewriskareasthatareparticularlyrelevanttotheirrespectiveareasofresponsibility and oversight. The risk oversight responsibility of the Board and its Committees is supported by our management reporting processes, which are designed to provide visibility to the Board to those Company personnel responsible for risk assessment (including our management-led Risk Management Committee), and information about management’s identification, assessment andmitigationstrategiesforcriticalrisks. The Board • AssessesmajorrisksfacingtheCompanyandreviewsoptionsforriskmitigationwiththeassistanceofManagementand theBoardCommittees • Monitors risks that have been delegated to a particular Committee through regular reports provided by the respective BoardCommittees Audit Committee Compensation Committee Nominating Committee • Assessesmajorfinancialrisk exposuresandstepstakenby managementtoaddressthesame. • Responsibleforthereviewand assessmentofinformation technologyandcybersecurityrisk exposuresandthestepstakento monitorandcontrolthoseexposures. • Reviewsrisksidentifiedduringthe internalandexternalauditors’risk assessmentprocedures. • Overseesriskmanagementrelated toemployeecompensationplans andarrangements • AssesseswhethertheCompany’s compensationplansandpractices mayincentivizeexcessiverisk- takingandtherelationshipbetween riskmanagementpoliciesand compensation.TheCompensation Committeehasdeterminedthatthe risksarisingfromtheCompany’s plansandpoliciesarenot reasonablylikelytohaveamaterial adverseeffectontheCompany. • Managesrisksassociatedwith corporategovernancepoliciesand practices. • Reviewsanyrisksandexposures relatingtodirectorandexecutive successionplanningorthe Company’sgovernanceorsocial responsibilityprograms. 2018ProxyStatement | 17 AMERICAN ELECTRIC POWER COMPANY, INC. Board Oversight The Board’s role in AEP’s risk oversight process TheBoardhastheoverallresponsibilityforoverseeingtheCompany’smanagementofrisks.Management isresponsibleforidentifyingandmanagingtheCompany’srisks.TheBoardreviewstheCompany’sprocesses foridentifyingandmanagingrisksandcommunicatingwiththeBoardaboutthoseriskstohelpensurethatthe processesareeffective. Likeothercompanies,wehaveverydiverserisks.Theseincludefinancialandaccountingrisks,capital deploymentrisks,operationalrisks,cybersecurityrisks,compensationrisks,liquidityrisks,litigationrisks, strategicrisks,regulatoryrisks,reputationrisks,natural-disasterrisksandtechnologyrisks.Somecriticalrisks havingenterprise-widesignificance,suchascorporatestrategyandcapitalbudget,requirethefullBoard’sactive oversight,butourBoardcommitteesalsoplayakeyrolebecausetheycandevotemoretimetoreviewing specificrisks.Othercommitteesoverseebothspecificandbroadtypesofrisks.Someofthecommitteeshave oversightresponsibilityforspecificrisksthatareinherentincarryingouttheirresponsibilitiessetforthintheir charters. TheBoardisresponsibleforensuringthatthesetypesofrisksareproperlydelegatedtotheappropriate committee,andthattheriskoversightactivitiesareproperlycoordinatedandcommunicatedamongtheBoard andthevariouscommitteesthatoverseetherisks.OurChiefRiskOfficerattendsAuditCommitteemeetingsand reviewsanddiscussesCompanyrisks.ManagementhaspreparedandcategorizedalistoftheCompany’smajor typesofrisks.TheAuditCommitteereviewedthatlistandproposedanassignmentofriskseithertothefull Boardortospecificcommittees.TheBoardreviewedtherecommendationsandadoptedtheproposedallocation ofresponsibilities. TheAuditCommitteeisresponsibleforoverseeingfinancialreportingrisks,andoverseestheCompany’s maintenanceoffinancialanddisclosurecontrolsandproceduresandspecificallyreviewsourlitigationand regulatoryrisksaspartoftheirreviewoftheCompany’sdisclosures.TheAuditCommitteealsodiscussesAEP’s policiesforriskassessmentandriskmanagement.OurChiefFinancialOfficer,ChiefRiskOfficer,Chief AccountingOfficerandGeneralCounselattendtheAuditCommitteemeetings. OurFinanceCommitteebroadlyoverseesourfinancialrisks,whichincludeenergytradingrisks,liquidity risksandinterestraterisks.TheFinanceCommitteereviewsandapprovestheCompany’sriskpoliciesrelating toourpowermarketingandhedgingactivitiesandalsooverseestheperformanceoftheassetsinourpension plans.OurChiefFinancialOfficer,ChiefRiskOfficerandGeneralCounselattendtheFinanceCommittee meetings. OurHRCommitteereviewstheCompany’sincentivecompensationpracticestoensuretheydonot encourageexcessiverisk-takingandareconsistentwiththeCompany’srisktolerance.TheHRCommitteealso overseesoursuccessionplanningandexecutiveleadershipdevelopment.OurChiefAdministrativeOfficer attendstheHRCommitteemeetings. TheCorporateGovernanceCommitteefocusesoncorporategovernancerisksandoverseestheCompany’s CorporateComplianceProgram,whichincludestheCompany’swhistleblowerprogram.OurGeneralCounsel attendsthemeetingsoftheCorporateGovernanceCommittee. OurNuclearOversightCommitteefocusesonthespecificrisksofoperatinganuclearplant. 21