Citibank 2011 Annual Report Download - page 128

Download and view the complete annual report

Please find page 128 of the 2011 Citibank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 320

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320

106
OPERATIONAL RISK
Operational risk is the risk of loss resulting from inadequate or failed internal
processes, systems or human factors, or from external events. It includes the
reputation and franchise risk associated with business practices or market
conduct in which Citi is involved. Operational risk is inherent in Citigroup’s
global business activities and, as with other risk types, is managed through
an overall framework designed to balance strong corporate oversight with
well-defined independent risk management. This framework includes:
฀ recognized ownership of the risk by the businesses;
฀ oversight by Citi’s independent risk management; and
฀ independent review by Citi’s Audit and Risk Review (ARR).
The goal is to keep operational risk at appropriate levels relative to the
characteristics of Citigroup’s businesses, the markets in which it operates, its
capital and liquidity, and the competitive, economic and regulatory environment.
Notwithstanding these controls, Citigroup incurs operational losses.
Framework
To monitor, mitigate and control operational risk, Citigroup maintains
a system of comprehensive policies and has established a consistent
framework for assessing and communicating operational risk and the
overall effectiveness of the internal control environment across Citigroup.
An Operational Risk Council provides oversight for operational risk across
Citigroup. The Council’s membership includes senior members of the
Chief Risk Officer’s organization covering multiple dimensions of risk
management, with representatives of the Business and Regional Chief Risk
Officers’ organizations and the business management group (see “Managing
Global Risk—Risk Management—Overview” above). The Council’s focus
is on identification and mitigation of operational risk and related incidents.
The Council works with the business segments and the control functions
with the objective of ensuring a transparent, consistent and comprehensive
framework for managing operational risk globally.
Each major business segment must implement an operational risk
process consistent with the requirements of this framework. The process for
operational risk management includes the following steps:
฀ identify and assess key operational risks;
฀ establish key risk indicators;
฀ produce a comprehensive operational risk report; and
฀ prioritize and assure adequate resources to actively improve the
operational risk environment and mitigate emerging risks.
The operational risk standards facilitate the effective communication
and mitigation of operational risk both within and across businesses. As
new products and business activities are developed, processes are designed,
modified or sourced through alternative means and operational risks are
considered. Enterprise risk management, a newly formed organization
within Citi’s independent risk management, proactively assists the businesses,
operations and technology and the other independent control groups in
enhancing the effectiveness of controls and managing operational risks
across products, business lines and regions.
Information about the businesses’ operational risk, historical losses and
the control environment is reported by each major business segment and
functional area, and is summarized and reported to senior management
as well as the Risk Management and Finance Committee of Citi’s Board of
Directors and the full Board of Directors.
Measurement and Basel II
To support advanced capital modeling and management, the businesses
are required to capture relevant operational risk capital information. A risk
capital model for operational risk has been developed and implemented
across the major business segments as a step toward readiness for Basel II
capital calculations. The risk capital calculation is designed to qualify as an
“Advanced Measurement Approach” under Basel II. It uses a combination
of internal and external loss data to support statistical modeling of capital
requirement estimates, which are then adjusted to reflect qualitative data
regarding the operational risk and control environment.
Information Security and Continuity of Business
Information security and the protection of confidential and sensitive customer
data are a priority for Citigroup. Citi has implemented an Information Security
Program in accordance with the Gramm-Leach-Bliley Act and regulatory
guidance. The Information Security Program is reviewed and enhanced
periodically to address emerging threats to customers’ information.
The Corporate Office of Business Continuity, with the support of senior
management, continues to coordinate global preparedness and mitigate
business continuity risks by reviewing and testing recovery procedures.