January 17, 2008

I. AUTHORITY and PURPOSE
The Board of Directors of Financial Institutions, Inc. (“FII”) has established the Audit Committee to assist the Board in fulfilling its oversight and fiduciary responsibilities over FII and its subsidiaries (collectively, the “Company”). The Board of FII’s subsidiary, Five Star Bank, has delegated to FII’s Audit Committee all audit committee functions on behalf of Five Star Bank. The primary roles of the Audit Committee are to:

Serve as an independent and objective party to monitor the financial reporting process and system of internal controls.

Review and assess the performance of the internal audit department and the independent accountants (independent auditor).

Monitor the independent auditor’s qualifications, independence and performance.

Monitor compliance by the Company with legal and regulatory requirements.

Monitor management’s risk assessment programs and risk management policies.

Provide an open forum for communication among the independent auditor, financial and senior management, the internal audit department, and the Board of Directors.

The Audit Committee shall have the authority to fund its activities as it determines.

The Audit Committee will fulfill its roles by carrying out the duties and responsibilities as described in Section IV.

II. COMPOSITION
The Audit Committee shall be comprised of 3 or more directors as determined by the Board, each of whom shall be “independent”, as defined by the National Association of Securities Dealers (NASD) and the Securities and Exchange Commission (SEC), and free from any relationship that, in the opinion of the Board, would interfere with the exercise of his or her independent judgment as a member of the Committee. All members of the Committee must be financially literate at the time of appointment. At least one member of the Committee shall be deemed an “audit committee financial expert”, or the Company will provide the required disclosure that the Committee does not include such an expert, as required by the SEC.

III. MEETINGS
The Audit Committee will meet at least four times annually, or more frequently as circumstances warrant. Meetings shall allow for independent and separate discussions with the independent auditor, senior management and the internal audit personnel as deemed necessary to ensure candid and open communication.

IV. DUTIES and RESPONSIBILITIES
The following are the specific areas and actions that the Audit Committee is responsible for:

The selection, evaluation, replacement, compensation and oversight of the work of the independent auditor, considering its independence and effectiveness.

The evaluation of the independent auditor’s adherence to independence requirements, partner rotation requirements and lead partner performance.

The evaluation of permissibility of all services to be performed by the independent auditor, as well as pre-approval of those engagements deemed to be allowable, including the fees and other compensation to be paid (for both audit and non audit services), in accordance with the established pre-approval procedures.

The review and approval of the scope of the annual audit with the independent auditor.

Providing oversight of management and the Risk Management Committee with respect to Sarbanes – Oxley certifications and reports regarding internal controls over financial reporting.

The review and discussion with management and the independent auditor of the quarterly financial statements and earnings releases prior to filing of its Form 10-Q, including the results of the independent auditor’s review of the quarterly financial statements.

The review and discussion with management and the independent auditor of the annual audited financial statements, including disclosures to be made in management’s discussion and analysis, and recommendations to the Board as to whether the audited financial statements should be included in the Form 10-K.

Periodically reviewing and discussing the adequacy and effectiveness of the disclosure controls and procedures and management’s reports thereon.

Reviewing and discussing with management critical accounting policies and critical accounting estimates.

Preparing a report for inclusion in the proxy statement that confirms that the committee has:

• Reviewed and discussed with management the annual financial statements, including any report, opinion or review rendered by the independent auditor.
• Discussed the matters that are required to be communicated by Statement on Auditing Standards No. 114 (SAS 114), “The Auditor’s Communication With Those Charged With Governance” with the independent auditor.
• Received the written disclosures and the letter from the independent auditor on independence matters as required by Independence Standards Board Standard Number 1.
• Discussed independence issues with the independent auditor.
• Recommended to the Board of Directors that the audited financial statements be filed with the SEC.

The review and update of the Committee’s charter annually, and publication of the charter in the proxy statement at least every three years, or in the next proxy statement after any significant amendment to the charter.

The review of recommendations made by regulators and independent auditors and the monitoring of management’s response to such recommendations.

Discussion of the coordination of audit effort with the internal auditor and independent auditor to assure completeness of coverage, reduction of redundant work, and the effective use of audit resources.

The review and approval of the scope of the internal audit activities, the audit plan and personnel needs, on an annual basis.

The review of internal audit reports and management’s remedial responses as warranted.

The review and approval of the scope of the internal loan review program.

The review of the reports issued by the internal loan review department along with any management responses to such reports.

The review and pre-approval of the engagement and compensation of any other public accounting firm, technology experts, or similar consultants employed for the purpose of the issuance of audit reports, risk management tests, or related work, considering their independence and effectiveness, as well as the approval of the fees and other compensation to be paid. Authority may be delegated to the committee chairperson to grant pre-approvals within an approved limit, provided that decisions shall be presented to the full Audit Committee at its next scheduled meeting.

As required by the listing standards, approve and communicate policies prohibiting related party transactions unless they are first reviewed and approved by the Audit Committee.

The review with management and the Risk Management Committee of the relevant risk exposures faced by the Company, including those related to legal and regulatory compliance, and the procedures and policies in place to manage these exposures.

Reviewing codes of conduct applicable to officers, directors and employees and monitoring disclosure of all waivers.
Establishing procedures for receiving, retaining and handling complaints regarding accounting, internal accounting controls or auditing matters, and the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters.

Seeking, in the Committee’s sole discretion and authority, appropriate third party expert advice and approving the related fees and terms; including legal counsel opinions, when matters of a significant and material nature arise that cannot be resolved in the normal course of business.

Reporting Committee activities/actions to the Board of Directors at each meeting of the Board following a Committee meeting, and reviewing annually its charter and the Committee’s performance, and reporting the results to the Board of Directors.

Performing any other activities consistent with this charter, by-laws and governing law, as the Committee or the Board of Directors deems necessary or appropriate.