Citibank 2009 Annual Report Download - page 108

Download and view the complete annual report

Please find page 108 of the 2009 Citibank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 284

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284

98
OPERATIONAL RISK
Operational risk is the risk of loss resulting from inadequate or failed internal
processes, systems or human factors, or from external events. It includes the
reputation and franchise risk associated with business practices or market
conduct in which Citi is involved. Operational risk is inherent in Citigroup’s
global business activities and, as with other risk types, is managed through
an overall framework designed to balance strong corporate oversight with
well-defined independent risk management. This framework includes:
recognized ownership of the risk by the businesses; •฀
oversight by independent risk management; and •฀
independent review by Citi’s Audit and Risk Review (ARR). •฀
The goal is to keep operational risk at appropriate levels relative to the
characteristics of Citigroup’s businesses, the markets in which the company
operates its capital and liquidity, and the competitive, economic and
regulatory environment. Notwithstanding these controls, Citigroup incurs
operational losses.
Framework
To monitor, mitigate and control operational risk, Citigroup maintains a
system of comprehensive policies and has established a consistent, value-
added framework for assessing and communicating operational risk and the
overall effectiveness of the internal control environment across Citigroup.
An Operational Risk Council provides oversight for operational risk across
Citigroup. The Council’s membership includes senior members of the
Chief Risk Officer’s organization covering multiple dimensions of risk
management with representatives of the Business and Regional Chief Risk
Officers’ organizations and the Business Management Group. The Council’s
focus is on further advancing operational risk management at Citigroup
with a focus on proactive identification and mitigation of operational risk
and related incidents. The Council works with the business segments and the
control functions to help ensure a transparent, consistent and comprehensive
framework for managing operational risk globally.
Each major business segment must implement an operational risk
process consistent with the requirements of this framework. The process for
operational risk management includes the following steps:
identify and assess key operational risks; •฀
establish key risk indicators; •฀
produce a comprehensive operational risk report; and •฀
prioritize and assure adequate resources to actively improve the •฀
operational risk environment and mitigate emerging risks.
The operational risk standards facilitate the effective communication
and mitigation of operational risk both within and across businesses. As
new products and business activities are developed, processes are designed,
modified or sourced through alternative means and operational risks are
considered. Information about the businesses’ operational risk, historical
losses, and the control environment is reported by each major business
segment and functional area, and is summarized and reported to senior
management as well as the Risk Management and Finance Committee of
Citi’s Board of Directors and the full Board of Directors.
Measurement and Basel II
To support advanced capital modeling and management, the businesses
are required to capture relevant operational risk capital information. An
enhanced version of the risk capital model for operational risk has been
developed and implemented across the major business segments as a
step toward readiness for Basel II capital calculations. The risk capital
calculation is designed to qualify as an “Advanced Measurement Approach”
under Basel II. It uses a combination of internal and external loss data to
support statistical modeling of capital requirement estimates, which are
then adjusted to reflect qualitative data regarding the operational risk and
control environment.
Information Security and Continuity of Business
Information security and the protection of confidential and sensitive
customer data are a priority for Citigroup. Citi has implemented an
Information Security Program that complies with the Gramm-Leach-Bliley
Act and other regulatory guidance. The Information Security Program
is reviewed and enhanced periodically to address emerging threats to
customers’ information.
The Corporate Office of Business Continuity, with the support of senior
management, continues to coordinate global preparedness and mitigate
business continuity risks by reviewing and testing recovery procedures.