Minutes | Meeting of the Risk Committee of the Board (BRC) | 26 February 2026

BRC Attendees: Alan Barrett, Chris Buckridge, Wes Hardaker (Chair), Byron Holland, and Miriam Sapiro

BRC Member Apologies: James Galvin and David Lawrence

ICANN Staff Attendees: Xavier Calvez (SVP, Planning and Chief Financial Officer), Franco Carrasco (Board Operations Manager), Irina Douzadjian (Risk Management and Internal Audit Senior Director), and Amy Stathos (Deputy General Counsel)

The following is a summary of discussions, actions taken, and actions identified:

1. Introduction and Opening Remarks – The Chair opened the meeting.
2. Approval of Minutes from the 8 December 2025 BRC Meeting – The BRC approved the minutes of the 8 December 2025 BRC meeting.
   • Action: Staff to publish the minutes on ICANN's webpage.
3. BRC Action Items Log – Status Review – The BRC received an update on the status of the BRC Action Items Log. Staff reported that, as of the end of the current reporting period, there are no open or outstanding action items requiring the BRC's attention. Staff noted that the Action Items Log captures ad hoc requests and discussions outside of the standard workplan cadence, while ongoing activities continue to be managed and scheduled through the BRC Workplan review.
4. Draft BRC Workplan FY26 – FY27 – The BRC received a status update on the FY26 – FY27 BRC Workplan with a focus on timeline adjustments related the implementation of the Internal Audit Function. Staff reported that the milestone for finalizing the Internal Audit Function has been extended by two months due to two primary dependencies: (1) contract negotiations; and (2) the Risk Register refresh. The BRC discussed the relationship between the Risk Register timeline and the newly enhanced Risk Taxonomy and noted that the Risk Taxonomy is a foundational element of the organization's risk architecture that serves as a common framework across multiple functions. It was noted that the BRC will continue to review the enhanced Risk Taxonomy and Risk Register, and that these reviews should not delay the progress of the Internal Audit function.
5. Risk Management Function – Risk Taxonomy – The BRC received a presentation on the enhanced ICANN risk taxonomy, which serves as the foundation for the organization's entire risk governance framework and supports the Board to establish tolerance level by risk category. Staff noted that the taxonomy provides the structure for identifying and categorizing risks, and ultimately supports the Board's oversight of ICANN's overall risk exposure. Staff outlined the approach used to enhance the taxonomy, which includes: (1) creating a consistent risk language across ICANN; (2) aligning risk categorization within ICANN's strategy and organizational objectives; (3) enabling clear delineation of roles and ownership; and (4) improving reporting and risk-informed decision-making. Staff reported that the taxonomy was developed by incorporating ICANN's current Risk Register, the previous taxonomy, ICANN's Strategic, Operating Plans, operational objectives, and cross-functional input. The discussion included illustrative examples of how strategic initiatives and operational activities may be linked to the taxonomy. Staff explained that the taxonomy is structured around three components: (1) primary risk categories; (2) sub-risk categories; and (3) standardized definitions. Primary risk categories align with the commonly accepted industry framework, while the sub-risk categories are tailored to ICANN's environment. The BRC also reviewed and discussed updated risk categories included in the taxonomy. Staff noted that some primary risk categories are newly identified, while others have been carried forward from the previous taxonomy. Staff noted that the taxonomy will continue to evolve through feedback received during the Risk Register refresh process. The BRC asked staff to assess whether certain risks arising from external factors are appropriately captured in the taxonomy.
   • Action: Staff to assess whether certain risks arising from external factors are appropriately captured in the taxonomy.