USAA Marketing and Programs Committee Charter

UNITED SERVICES AUTOMOBILE ASSOCIATION MEMBER AND TECHNOLOGY COMMITTEE OF THE BOARD OF DIRECTORS CHARTER

Last Updated: August 2024

I. SCOPE AND PURPOSE

The Member and Technology Committee ("Committee") is established by the Board of Directors ("Board") of United Services Automobile Association ("USAA") to review and oversee member service and member experience and the technology, both at USAA and as provided by third parties, used to support USAA's business strategy and objectives. The Committee will: (i) review strategic programs and projects related to member experience and technology; (ii) review and approve any of USAA's technology-related (e.g. information technology ("IT"), information governance, and information security) frameworks, policies, or resources; (iii) review significant technology investments and expenditures; and (iv) review the status of member experience, solutions, and related service excellence. In executing these responsibilities, the Committee will seek the alignment of business strategy, risk appetite, and risk management.

The Committee will also review and recommend changes, where appropriate, to USAA's membership eligibility guiding principles, evaluate member and corporate performance with respect to membership, and oversee the operation of the Advisory Panel.

For the purposes of this Charter, (a) "information security" means the process by which an organization protects the creation, collection, storage, use, transmission, and disposal of information (as defined by the Federal Financial Institutions Examination Council ("FFIEC") IT Examination Handbook Information Security, September 2016); and (b) "cybersecurity" means the process within USAA of protecting consumer, member and USAA information by preventing, detecting and responding to attacks (as defined by the FFIEC IT Examination Handbook Information Security, September 2016). To the extent the FFIEC IT Examination Handbook Information Security, September 2016, is hereafter amended, the definitions of "information security" and "cybersecurity" for purposes of this charter shall also be deemed to be amended, accordingly.

Notwithstanding anything in this Charter, responsibility for oversight of the enterprise risk management framework associated with technology, security, data and privacy, shall remain with the Risk and Compliance Committee of the Board.

II. RESPONSIBILITIES

The Committee shall include the following responsibilities:

A. Strategy/Plan

Review and approve USAA's enterprise technology strategy and plan, including all critical elements of technology, internal and external, that support USAA. In doing so, consider whether USAA's technology strategy and plan aligns to its IT risk appetite metrics, IT risk governance framework capabilities and IT target operating model.
Review, at least annually, USAA's member and marketing strategies and relevant industry trends.
Review reports from members of management, as and when appropriate, on USAA's enterprise technology strategy and plans, significant technology investments and related technological progress, and trends that may affect USAA's technology strategy and plans.
Review and, as appropriate, make recommendations to the Board regarding significant technology investments in support of USAA's technology strategy and plans.
On a periodic basis, review major initiatives related to members or technology that require the assumption of critical risk to implement.
Receive, at least annually, reports from management describing the overall status of and material matters related to the enterprise information security program. Oversee and receive updates on major enterprise-wide member and technology initiatives, IT budgets, IT priorities and overall IT performance.

B. IT Risk Management

In coordination with the Risk and Compliance Committee, oversee the Enterprise IT Risk Management Framework and Policy from a first line of defense perspective.

C. Systems/Platforms

Review USAA's significant innovations and technology acquisition processes and assess whether they are consistent with sound management and USAA's enterprise technology strategy and plans.
Review information concerning USAA's significant enterprise technology infrastructure and operations, to achieve scalability, reliability, and resilience of the IT infrastructure.

D. Membership

Review the provisions of Article II of the Bylaws of USAA titled "Membership" and other related policies regarding membership eligibility and evaluate whether such provisions are consistent with USAA's mission.
As necessary, recommend changes to the Bylaws of USAA or other related policies affecting membership, for approval by the Board and, when required, by the members of USAA.

E. Member Solutions and Service Excellence

Review USAA's strategy and plan regarding interacting digitally with members and using technology to appropriately reach and serve members, including consideration of innovations and technology trends that impact such strategies.
Review member satisfaction performance results and member acquisition, marketing and engagement initiatives, and review opportunities derived from voice of member and social media feedback and actions that USAA is taking to maintain and improve the member experience and member satisfaction.
Review trends and issues identified through member complaint handling to include compliance-related complaints, regulatory agency complaints and overall complaints received through member contact channels, including through third party affiliates.

F. Resources/Staffing

Review the staffing adequacy, skills and allocation of USAA's internal technology resources.
Review the strategy, skills and utilization of third-party technology resources by USAA.

G. Information Security Program

Review and approve USAA's overall information security strategy and plans information security program and policies, including cybersecurity capabilities and plans.
Review, at least annually the quality and effectiveness of IT systems and processes that relate to or affect USAA's internal control systems, information security and related compliance requirements.

H. Data and Analytics

Review USAA's information governance framework and its alignment with business priorities.
Review the effectiveness and efficiency of USAA's information governance activities.
Review delivery of data and analytics capabilities, and initiatives that leverage these capabilities, including artificial intelligence and machine learning, for serving member and business needs.

I. Business Continuation / Enterprise Resiliency

Review and approve USAA's enterprise resiliency policy.
Receive reports from management regarding USAA's business continuation and enterprise resiliency program.

J. Committee Performance

Annually review and assess the Committee's performance and provide the results to the Board.
Annually review the Committee Charter and recommend any necessary changes for approval by the Board.
As necessary, recommend to the Board investigations into any matters under the Committee's purview.

K. Advisory Panel

Oversee and review feedback and input from the Advisory Panel, as appropriate.
At least biennially, review and, as needed, approve updates to the Advisory Panel charter.

L. Other

Perform such other duties as may be delegated to it from time to time by the Board.
The Committee may delegate its authority to subcommittees, which shall report regularly to the Committee.

III. DURATION

The Committee shall continue in existence until dissolved by the Board.

IV. CHAIR AND VICE CHAIR

The Chair and the Vice Chair of the Committee ("Committee Chair" and "Committee Vice Chair," respectively) shall be elected by the Board at least annually, or as necessary, with due consideration given to nominee(s) recommended by the Nominating and Governance Committee of the Board. In the event of the death, disability, resignation or other incapacity that prevents the Committee Chair from properly performing his or her duties, the duties of the Committee Chair shall pass to the Committee Vice Chair until a new Committee Chair is elected as provided for herein.

The Committee will, through its Chair, communicate and coordinate with the Risk and Compliance Committee, Audit Committee and other committees as needed to remain appropriately informed about technology-related matters relevant to the Committee's work, and to keep such other committees appropriately informed about technology matters relevant to their work.

V. COMMITTEE MEMBERSHIP

The Committee shall consist of at least three members, including the Chair and Vice Chair. The membership of the Committee shall be through appointment by the Board, on consideration of nominee(s) recommended by the Committee. The Board shall have the authority to fill any vacancies and to remove any Committee member for any reason.

VI. OUTSIDE CONSULTANTS

The Committee shall have the sole authority, without further approval by the Board, to select, retain, evaluate the performance of, and terminate such outside consultants or counsel as it determines appropriate to assist it in the performance of its functions, to conduct investigations in accordance with the law or to advise or inform the Committee. The Committee shall be able to approve, without further approval by the Board, any compensation payable by USAA to such consultant(s), including fees, terms, and other conditions for the performance of such services.

VII. MEETINGS

The Committee shall meet at such times and shall conduct such business as required to fulfill its responsibilities under this charter, with at least four regular meetings per year. Agendas and materials will be provided to Committee members in advance of any regular meetings. Special meetings may be held as called by the Committee Chair in consultation with the Chairman.

A majority of the members of the Committee shall constitute a quorum and the affirmative vote of a majority of the members of the Committee participating in any meeting of the Committee is necessary for the approval of any Committee business. The Committee may also act by unanimous written consent. Meetings by telephonic or video conference call are authorized, and actions taken during such meetings shall have the same force and effect as actions taken at an in-person meeting.

Meetings are to be attended only by members of the Committee, the appointed recorder, designated management, and guests approved by the Committee Chair.

VIII. MINUTES AND REPORTS

The Corporate Secretary, in collaboration with the Committee Chair, shall designate a person to record the proceedings of the Committee's meetings. The records of the Committee's meetings shall be confidential and retained in accordance with USAA's records retention schedule.

The Committee Chair may authorize the creation and distribution of reports or position papers as appropriate. The Committee shall make regular reports to the Board regarding its deliberations and actions and to make recommendations to the Board.

IX. EFFECTIVE DATE

This charter was approved by the Board on August 22, 2024, to be effective August 31, 2024 and shall govern the operation of the Committee hereafter.

Use of the term "member" or "membership" refers to membership in USAA Membership Services and does not convey any legal or ownership rights in USAA. Restrictions apply and are subject to change. To join USAA, separated military personnel must have received a discharge type of Honorable or General Under Honorable Conditions. Eligible family members may also join USAA.

USAA means United Services Automobile Association and its affiliates.

USAA Federal Savings Bank offers deposit, credit card, consumer lending, mortgage, and other banking products and services. USAA Federal Savings Bank is a Member of FDIC. Credit card, mortgage and other lending products not FDIC-insured.

Corporate Governance