Citibank 2008 Annual Report Download - page 82

Download and view the complete annual report

Please find page 82 of the 2008 Citibank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 252

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252

OPERATIONAL RISK MANAGEMENT PROCESS
Operational risk is the risk of loss resulting from inadequate or failed
internal processes, systems or human factors, or from external events. It
includes the reputation and franchise risk associated with business practices
or market conduct in which the Company is involved. Operational risk is
inherent in Citigroup’s global business activities and, as with other risk types,
is managed through an overall framework designed to balance strong
corporate oversight with well-defined independent risk management. This
framework includes:
recognized ownership of the risk by the businesses;
oversight by independent risk management; and
independent review by Audit and Risk Review (ARR).
The goal is to keep operational risk at appropriate levels relative to the
characteristics of our businesses, the markets in which we operate, our
capital and liquidity, and the competitive, economic and regulatory
environment. Notwithstanding these controls, Citigroup incurs operational
losses.
Framework
To monitor, mitigate and control operational risk, Citigroup maintains a
system of comprehensive policies and has established a consistent, value-
added framework for assessing and communicating operational risk and the
overall effectiveness of the internal control environment across Citigroup. An
Operational Risk Council has been established to provide oversight for
operational risk across Citigroup. The Council’s membership includes senior
members of the Chief Risk Officer’s organization covering multiple
dimensions of risk management with representatives of the Business and
Regional Chief Risk Officers’ organizations and the Business Management
Group. The Council’s focus is on further advancing operational risk
management at Citigroup with focus on proactive identification and
mitigation of operational risk and related incidents. The Council works with
the business segments and the control functions to help ensure a
transparent, consistent and comprehensive framework for managing
operational risk globally.
Each major business segment must implement an operational risk
process consistent with the requirements of this framework. The process for
operational risk management includes the following steps:
identify and assess key operational risks;
establish key risk indicators;
produce a comprehensive operational risk report; and
prioritize and assure adequate resources to actively improve the
operational risk environment and mitigate emerging risks.
The operational risk standards facilitate the effective communication and
mitigation of operational risk both within and across businesses. As new
products and business activities are developed, processes are designed,
modified or sourced through alternative means and operational risks are
considered. Information about the businesses’ operational risk, historical
losses, and the control environment is reported by each major business
segment and functional area, and summarized for Senior Management and
the Citigroup Board of Directors.
Measurement and Basel II
To support advanced capital modeling and management, the businesses are
required to capture relevant operational risk capital information. An
enhanced version of the risk capital model for operational risk has been
developed and implemented across the major business segments as a step
toward readiness for Basel II capital calculations. The risk capital
calculation is designed to qualify as an “Advanced Measurement Approach”
(AMA) under Basel II. It uses a combination of internal and external loss
data to support statistical modeling of capital requirement estimates, which
are then adjusted to reflect qualitative data regarding the operational risk
and control environment.
Information Security and Continuity of Business
Information security and the protection of confidential and sensitive
customer data are a priority of Citigroup. The Company has implemented an
Information Security Program that complies with the Gramm-Leach-Bliley
Act and other regulatory guidance. The Information Security Program is
reviewed and enhanced periodically to address emerging threats to
customers’ information.
The Corporate Office of Business Continuity, with the support of Senior
Management, continues to coordinate global preparedness and mitigate
business continuity risks by reviewing and testing recovery procedures.
76