Sandy Spring Bancorp : Risk Committee Charter

SANDY SPRING BANCORP, INC.

SANDY SPRING BANK

Risk Committee Charter

Authority

The board of directors of Sandy Spring Bancorp, Inc. and Sandy Spring Bank (collectively, the "board" or "company") hereby establishes this Risk Committee ("committee") as a standing committee of the board to serve the board in overseeing the policies, procedures and practices relating to managing risk.

This charter is intended as a component of a flexible governance framework within which the board, assisted by its committees, directs the affairs of the company. It should be interpreted within the context of all applicable laws, regulations, listing requirements and the company's articles of incorporation, corporate bylaws and Corporate Governance Policy. It is not intended to establish by its own force legally binding obligations.

Purpose

The committee shall assist the board in its oversight of the Company's enterprise risk management, including the establishment of a risk appetite statement, the review and approval of significant policies and practices concerning the various risks described in this charter as well as the analysis and assessment of potential risk in order to make recommendations to the board on strategic initiatives.

It is the intention of the board to delegate to the committee the oversight of specific risks as mandated by law or regulation. The board also delegates to this Committee the power to exercise the authority of the board in the management of the affairs of the Company with regard to risk and the authority to handle unresolved issues referred to it by the board for further deliberation and recommendation.

Committee Membership

The committee shall consist of at least three (3) members of the board, a majority of whom the board has determined to be "independent" under the listing standards of the Nasdaq Stock Market and any other applicable laws, rules and regulations regarding independence as they are in effect from time to time and one of whom shall also be a member of the company's Audit Committee. Selected officers, managers or representatives of business units or operational divisions shall act as liaisons to the committee. The board, on the recommendation of the Executive and Corporate Governance Committee, shall appoint the members of the committee and designate the chair, annually.

1

Overview of Risk Management

The board and management of the Company have established a risk management oversight process that focuses on the major risks inherent to the Company. Generally, these risks are classified as:

Credit Risk is the risk of loss associated with an obligor's potential lack of capacity or unwillingness to fulfill contractual obligations. Concentration risk is an important element of credit risk and requires management discipline to avoid outsized impacts when negative economic (macro, industry, geographic) events occur.

Market Risk arises from the changes in interest rates and is composed of repricing risk, yield curve risk, basis risk, and option risk. Market risk also captures credit spread risk arising from the changes in spreads earned on loans. Failure to adequately manage market risk could have a material impact on earnings.

Liquidity Risk is the risk that the Company may be unable to generate or obtain sufficient cash or its equivalent in a timely and cost-effective manner to meet its commitments as they come due.

Operational Risk is the risk of loss or harm resulting from inadequate or failed internal processes, people and systems or from external events. This is a very broad category of risk and sub risks under Operational Risk include technology and information security, vendor, compliance, human capital, fraud, business continuity/recoverability, and critical business processes.

Strategic Risk is the risk that the enterprise or particular business areas will make

inappropriate strategic choices, or will be unable to successfully implement selected strategies or related plans necessary to hit near term/long term performance targets and expectations. Strategic risk includes risks to financial performance, capital adequacy, and exposure to strategic legal matters.

Reputational Risk is the risk that an activity undertaken by an organization or its representatives will impair its image in the community or reduce public confidence in it, resulting in the loss of business, legal action, or increased regulatory oversight.

Duties and Responsibilities

The committee is responsible for monitoring the direction and trend of all major risks relative to the business operations and strategies of the Company and it reviews and assesses the framework for managing and the actions employed by the Company to mitigate those risks in conformance with the Company's strategic objectives and risk tolerance. In furtherance of these responsibilities, the committee shall:

2

1. Have access to the chief risk officer and other management liaisons for the development, communication, and implementation and monitoring of the company's risk management processes.

1. Review management's proposed risk appetite statement for alignment to strategy and objectives and recommend the statement to the board for approval at least annually.
2. Review and approve the company's risk management structure including the establishment of the Executive Risk Committee that is responsible to review and/or approve information presented to the committee.
3. Review and approve designated enterprise policies that reflect the company's risk management philosophy, principles, and limits consistent with the risk appetite statement and may authorize management to develop and implement additional detailed policies and procedures relating to risk management.
4. Regularly receive a comprehensive report of the enterprise level risk exposures and measurements, as well as specific reports on selected risk topics, risk exposures and risk management programs necessary to fulfill the committee's responsibilities.
5. Be entitled to request such other reports and information, including relevant forecast information, as it may deem desirable and appropriate from external or internal sources and shall similarly provide access to its reports and information.
6. Meet in joint session with the Audit Committee from time to time as it deems appropriate and at least once per year to discuss areas of common interest and significant matters, such as significant fraud activity, significant regulatory enforcement actions, significant deficiencies or audit findings, and risk disclosures to be included in public filings.
7. Support the board in its corporate governance responsibilities and make recommendations regarding risk practices and policies; and at least annually, review and report to the board on current developments in the area and make such recommendations as appropriate.

Corporate Governance Responsibilities

The committee shall periodically review its own performance.

The committee shall review and reassess the adequacy of this charter annually and recommend any proposed changes to the board for approval.

The committee shall assume such other duties and responsibilities as the board, from time to time, may delegate to the committee.

3

Authorities and Management Support

The committee may, in its discretion, request and review information and reports from management to the extent that it deems appropriate or necessary. The committee may conduct or authorize investigations into any matters within the scope of its responsibilities and may meet with any employees of the company or any third parties it deems necessary in connection with such investigations.

The committee has the power and authority in its sole discretion to retain or obtain the advice of consultants, legal counsel, or other advisors (together, "advisors") as it determines necessary to carry out its duties and responsibilities under this charter. The committee shall be directly responsible for the appointment, compensation and oversight of the work of any advisor retained by the committee.

The company shall provide for appropriate funding, as determined by the committee, in its capacity as a committee of the board, for payment of (i) compensation to any advisors employed by the committee, and (ii) ordinary administrative expenses of the committee that are necessary or appropriate in carrying out its duties.

Committee Meetings and Action

A majority of the committee members will constitute a quorum for the transaction of business. The committee shall act only on the affirmative vote of at least a majority of its members present at any meeting. The committee may also act without a meeting by securing the unanimous written consent of its members. Meetings of the committee may be held telephonically or by video conference.

The committee shall keep minutes of its meetings, which will include a record of any actions taken by the committee. The chair shall report the committee's actions, recommendations or findings to the board at the next regular or special board meeting following a committee meeting.

The committee will meet at regularly scheduled times in accordance with the committee's needs and the company's master calendar prepared annually and distributed to the board. Additionally, the committee may meet at such times as may be requested by its chair.

The committee may meet in executive session without the presence of members of management as often as it deems appropriate.

The chair will set the agenda for committee meetings.

Except as expressly provided in this charter, the bylaws, or as required by law, regulation or listing standard, the committee may establish its own rules of procedure.

January 27, 2021

4