Citibank 2013 Annual Report Download - page 137

Download and view the complete annual report

Please find page 137 of the 2013 Citibank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 342

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342

119
OPERATIONAL RISK
Operational risk is the risk of loss resulting from inadequate or failed internal
processes, systems or human factors, or from external events. It includes the
reputation and franchise risk associated with business practices or market
conduct in which Citi is involved. Operational risk is inherent in Citigroup’s
global business activities, as well as the internal processes that support those
business activities, and can result in losses arising from events related to the
following, among others:
•฀ fraud,฀theft฀and฀unauthorized฀activities;
•฀ employment฀practices฀and฀workplace฀environment;
•฀ clients,฀products฀and฀business฀practices;
•฀ physical฀assets฀and฀infrastructure;฀and
•฀ execution,฀delivery฀and฀process฀management.
Operational Risk Management
Citi’s operational risk is managed through an overall framework designed
to balance strong corporate oversight with well defined independent risk
management. This framework includes:
•฀ recognized฀ownership฀of฀the฀risk฀by฀the฀businesses;
•฀ oversight฀by฀Citi’s฀independent฀control฀functions;฀and
•฀ independent assessment by Citi’s Internal Audit function.
The goal is to keep operational risk at appropriate levels relative to the
characteristics of Citigroup’s businesses, the markets in which it operates,
its capital and liquidity, and the competitive, economic and regulatory
environment.
To anticipate, mitigate and control operational risk, Citigroup maintains
a system of policies and has established a consistent framework for
monitoring, assessing and communicating operational risks and the overall
effectiveness of the internal control environment across Citigroup. As part
of this framework, Citi has established a “Manager’s Control Assessment”
program to help managers self-assess key operational risks and controls and
identify and address weaknesses in the design and/or effectiveness of internal
controls that mitigate significant operational risks.
As noted above, each major business segment must implement an
operational risk process consistent with the requirements of this framework.
The process for operational risk management includes the following steps:
•฀ identify฀and฀assess฀key฀operational฀risks;
•฀ design฀controls฀to฀mitigate฀identified฀risks;
•฀ establish฀key฀risk฀and฀control฀indicators;
•฀ implement฀a฀process฀for฀early฀problem฀recognition฀and฀timely฀escalation;
•฀ produce฀a฀comprehensive฀operational฀risk฀report;฀and
•฀ ensure that sufficient resources are available to actively improve the
operational risk environment and mitigate emerging risks.
As new products and business activities are developed, processes are
designed, modified or sourced through alternative means and operational
risks are considered.
An Operational Risk Council provides oversight for operational risk across
Citigroup. The Council’s membership includes senior members of Citi’s
Franchise฀Risk฀and฀Strategy฀group฀and฀the฀Chief฀Risk฀Officer’s฀organization฀
covering multiple dimensions of risk management, with representatives of
the Business and Regional Chief Risk Officers’ organizations. The Council’s
focus is on identification and mitigation of operational risk and related
incidents. The Council works with the business segments and the control
functions (e.g., Compliance, Finance, Human Resources and Legal) with the
objective of ensuring a transparent, consistent and comprehensive framework
for managing operational risk globally.
In addition, Enterprise Risk Management, within Citi’s Franchise Risk
and฀Strategy฀group,฀proactively฀assists฀the฀businesses,฀operations฀and฀
technology and the other independent control groups in enhancing the
effectiveness of controls and managing operational risks across products,
business lines and regions.
Operational Risk Measurement and Stress Testing
As noted above, information about the businesses’ operational risk, historical
operational risk losses and the control environment is reported by each major
business segment and functional area. The information is summarized and
reported to senior management, as well as to the Audit Committee of Citi’s
Board of Directors.
Operational risk is measured and assessed through risk capital (see
“Managing Global Risk—Risk Capital” above). Projected operational risk
losses under stress scenarios are also required as part of the Federal Reserve
Board’s CCAR process.