Citibank 2013 Annual Report Download - page 87

Download and view the complete annual report

Please find page 87 of the 2013 Citibank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 342

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342

69
MANAGING GLOBAL RISK
Risk Management—Overview
Citigroup believes that effective risk management is of primary importance to
its overall operations. Accordingly, Citi’s risk management process has been
designed to monitor, evaluate and manage the principal risks it assumes
in conducting its activities. Specifically, the activities that Citi engages
in—and the risks those activities generate—must be consistent with Citi’s
underlying commitment to the principles of “Responsible Finance.” For
Citi, “Responsible Finance” means conduct that is transparent, prudent and
dependable, and that delivers better outcomes for Citi’s clients and society.
In order to achieve these principles, Citi establishes and enforces
expectations for its risk-taking activities through its risk culture, defined
roles and responsibilities (the “Three Lines of Defense”), and through its
supporting policies, procedures and processes that enforce these standards.
Citi’s Risk Culture. Citi’s risk management framework is designed to
balance business ownership and accountability for risks with well defined
independent risk management oversight and responsibility. Citi’s risk
management framework is based on the following principles established by
Citi’s Chief Risk Officer:
•฀฀a defined risk appetite, aligned with business strategy;
•฀฀accountability through a common framework to manage risks;
•฀฀risk decisions based on transparent, accurate and rigorous analytics;
•฀฀a common risk capital model to evaluate risks;
•฀฀expertise, stature, authority and independence of risk managers; and
•฀฀risk managers empowered to make decisions and escalate issues.
Significant focus has been placed on fostering a risk culture based on
a policy of “Taking Intelligent Risk with Shared Responsibility, without
Forsaking Individual Accountability”:
•฀฀“Taking intelligent risk” means that Citi must identify, measure and
aggregate risks, and it must establish risk tolerances based on a full
understanding of concentrations and “tail risk.”
•฀฀“Shared responsibility” means that all individuals collectively bear
responsibility to seek input and leverage knowledge across and within the
“Three Lines of Defense.”
•฀฀“Individual accountability” means that all individuals must actively
manage risk, identify issues, and make fully informed decisions that take
into account all risks to Citi.
Roles and Responsibilities. While the management of risk is the collective
responsibility of all employees, Citi assigns accountability into three lines
of defense:
•฀฀First line of defense: The business owns all of its risks, and is responsible
for the management of those risks.
•฀฀Second line of defense: Citi’s control functions (e.g., Risk, Compliance,
etc.) establish standards for the management of risks and effectiveness
of controls.
•฀฀Third line of defense: Citi’s Internal Audit function independently provides
assurance, based on a risk-based audit plan approved by the Board
of Directors, that processes are reliable, and governance and controls
are effective.
The Chief Risk Officer, with oversight from the Risk Management and
Finance Committee of the Board of Directors, as well as the full Board of
Directors, is responsible for:
•฀฀establishing core standards for the management, measurement and
reporting of risk;
•฀฀identifying, assessing, communicating and monitoring risks on a
company-wide basis;
•฀฀engaging with senior management on a frequent basis on material
matters with respect to risk-taking activities in the businesses and related
risk management processes; and
•฀฀ensuring that the risk function has adequate independence, authority,
expertise, staffing, technology and resources.
Risk Management Organization
As set forth in the chart below, the risk management organization is
structured so as to facilitate the management of risk across three dimensions:
businesses, regions and critical products.
Each of Citi’s major business groups has a Business Chief Risk Officer who
is the focal point for risk decisions, such as setting risk limits or approving
transactions in the business. The majority of the staff in Citi’s independent
risk management organization report to these Business Chief Risk Officers.
There are also Chief Risk Officers for Citibank, N.A. and Citi Holdings.
Regional Chief Risk Officers, appointed in each of Asia, EMEA and
Latin America, are accountable for all the risks in their geographic areas
and are the primary risk contacts for the regional business heads and
local regulators.