TD Bank 2010 Annual Report Download - page 72

Download and view the complete annual report

Please find page 72 of the 2010 TD Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 152

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152

TD BANK GROUP ANNUAL REPORT 2010 MANAGEMENT’S DISCUSSION AND ANALYSIS70
Operational Risk Event Monitoring
In order to reduce our exposure to future loss, it is critical that we
remain aware of our own as well as industry risks and respond appro-
priately. Our policies and processes require that operational risk events
be identified, tracked and reported to the right level of management
to ensure that we analyze and manage them appropriately and take
suitable corrective action. We also review, analyze and benchmark TD
against industry operational risk losses that have occurred at other
financial institutions using information acquired through recognized
industry data providers.
Risk Reporting
Risk Management, in partnership with senior management, regularly
reports on risk-related measures and the status of risk throughout TD
to the senior business management and the Risk Committee. Opera-
tional risk measures are systematically tracked, assessed and reported
to ensure management accountability and attention is maintained
over current and emerging issues.
Insurance
To provide TD with additional protection from loss, Risk Management
actively manages a comprehensive portfolio of business insurance and
other risk mitigating arrangements. The type and level of insurance
coverage is continually assessed to ensure that both our tolerance for
risk and statutory requirements are met. This includes conducting
regular in-depth risk and financial analysis and identifying opportunities
to transfer our risk to third parties where appropriate.
Technology and Information
Virtually all aspects of our business and operations use technology and
information to create and support new markets, competitive products
and delivery channels and other business developments. The key risks
are associated with the operational availability, integrity and security
of our information, systems and infrastructure. These risks are actively
managed through enterprise-wide technology risk and information
security management programs using industry best practices and our
operational risk management framework. These programs include
robust threat and vulnerability assessments, as well as security and
disciplined change management practices.
Business Continuity Management
During incidents that could disrupt our business and operations,
Business Continuity Management supports the ability of senior
management to continue to manage and operate their businesses,
and provide customers access to products and services. Our robust
enterprise-wide business continuity management program includes
formal crisis management protocols and continuity strategies. All areas
of TD are required to maintain and regularly test business continuity
plans designed to respond to a broad range of potential scenarios.
Outsourcing Management
Outsourcing is any arrangement where an external supplier performs
a business activity, function or process on our behalf. The benefits of
outsourcing business activities include access to leading technology,
specialized expertise, economies of scale and operational efficiencies.
While these arrangements bring benefits to our businesses and
customers, we also need to manage and minimize any risks related to
the activity. We do this through an enterprise-level outsourcing risk
management program that guides outsourcing activities and ensures
the level of risk management and senior management oversight is
appropriate to the size and importance of the outsourcing arrangement.
Project Management
We have established a disciplined project management program of
processes and supervisory mechanisms to ensure projects are successfully
implemented in a planned and systematic manner and are monitored
by senior management. Our Enterprise Program Management Office
maintains project management standards that are continually bench-
marked against leading industry practices.
Operational Risk
Operational risk is the risk of loss resulting from inadequate or failed
internal processes, people and systems or from external sources.
Operating a complex financial institution exposes our businesses
to a broad range of operational risks, including failed transaction
processing and documentation errors, fiduciary and information
breaches, technology failures, business disruption, theft and fraud,
workplace injury and damage to physical assets as a result of internal
or outsourced business activities. The impact can result in significant
financial loss, reputational harm or regulatory censure and penalties.
Operational risk is embedded in all our business activities including
the practices for managing other risks such as credit, market and
liquidity risk. We must manage operational risk so that we can create
and sustain shareholder value, successfully execute our business
strategies, operate efficiently and provide reliable, secure and conve-
nient access to financial services. We maintain a formal enterprise-wide
operational risk management framework that emphasizes a strong
risk management and internal control culture throughout TD.
Under Basel II, we use the Standardized Approach to operational risk
regulatory capital. Work is underway to build upon TD’s operational
risk
management framework to meet the requirements of the Advanced
Measurement Approach for operational risk.
WHO MANAGES OPERATIONAL RISK
Operational Risk Management is an independent function that designs
and maintains our overall operational risk management framework.
This framework sets out the enterprise-wide governance processes,
policies and practices to identify, assess, report, mitigate and control
operational risk. Risk Management ensures that there is appropriate
monitoring and reporting of our operational risk exposures to senior
management, the Operational Risk Oversight Committee and the
Risk Committee.
We also maintain specialist groups who manage specific opera-
tional risk exposures that require dedicated mitigation and control
activities. These areas are responsible for setting policies for the entire
enterprise and maintaining appropriate oversight in specialized areas
such as business continuity, outsourcing management, financial crime,
project change management, technology risk management, and
information security.
The senior management of individual business units is responsible
for the day-to-day management of operational risk following our
established operational risk management policies. Within each business
unit and corporate area, an independent risk management function
uses the elements of the operational risk management framework
according to the nature and scope of the operational risks the area
is exposed to. The senior executives in each business unit participate
in a Risk Management Committee that oversees operational risk
management issues and initiatives.
HOW WE MANAGE OPERATIONAL RISK
Our operational risk management framework is designed to ensure
that our operational risk exposures are proactively managed and
controlled to acceptable levels consistent with TD’s risk appetite. The
framework incorporates industry best practices and meets regulatory
guidelines. Key components of the framework include:
Governance and Policy
Management reporting and organizational structures emphasize
accountability, ownership and effective oversight of each business unit’s
and each corporate area’s operational risk exposures. In addition, the
Risk Committee’s and senior management’s expectations for managing
operational risk are set out by enterprise-wide policies and practices.
Risk and Control Self-Assessment
Internal control is one of the primary lines of defence in safeguarding
our employees, customers, assets and information, and in preventing
and detecting errors and fraud. Annually, management undertakes
comprehensive assessments of their key risk exposures and the internal
controls in place to reduce or offset these risks. Senior management
reviews the results of these evaluations to ensure that our risk
management and internal controls are effective, appropriate and
comply with our policies.