TD Bank 2003 Annual Report Download - page 43

Download and view the complete annual report

Please find page 43 of the 2003 TD Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 108

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108

TD BANK FINANCIAL GROUP ANNUAL REPORT 2003 Managements Discussion and Analysis 41
Assessing, on a continuous basis, the Banks insurable risk
exposures, developing and implementing appropriate risk man-
agement solutions. These include managing a broad portfolio
of insurance coverage combined with other risk transfer vehi-
cles that protect the Bank from the adverse impact of internal
and external events in the course of doing business; and
Managing a comprehensive Business Recovery Planning
program, which includes standard policies and management
oversight to minimize risk, duration and cost arising from
unexpected disruptions affecting our operations.
Each of the Banks business units has defined an independent
risk management function that:
Oversees the implementation of enterprise-wide risk manage-
ment practices within their business unit;
Coordinates the completion of proactive Risk and Control Self
Assessments in the business units and monitors the implemen-
tation of any required additional risk mitigation strategies;
Identifies, measures and reports on the operational risk
exposures of their business; and
Works with business unit management to identify, develop
and implement risk management practices specific to their
business, including comprehensive business recovery plans.
Our focus in 2004 is on the further integration of the qualitative
and quantitative aspects of our Operational Risk Management
program as well as the implementation of improved operational
risk reporting to the Board and to all levels of management.
REGULATORY RISK
Regulatory risk is the risk of non-compliance with applicable
legislation, regulation and regulatory directives.
Due to the highly regulated nature of our businesses and the
high standards that management of a financial services business
is expected to meet, we are exposed to regulatory risk in virtu-
ally all of our business activities. Regulatory risk differs from
other banking risks, such as credit risk or liquidity risk, because
it is typically not a risk actively and consciously taken or
assumed by management in return for an expected reward. It
occurs as part of the normal course of operation of our busi-
nesses. Failure to meet applicable regulatory requirements
poses a risk of reputational loss to the Bank, as well as a risk
of regulatory penalty or censure.
Who manages regulatory risk
Proactive management of regulatory risk is a key objective of the
Bank. It is carried out primarily through the operation of an
enterprise-wide regulatory risk management framework called
the Legislative Compliance Management Framework(LCMF).
Compliance department in Legal is responsible for the effective
operation of the LCMF.
The LCMF establishes two levels of controls through which
regulatory risk is managed: controls to meet day-to-day regulatory
requirements; and independent oversight controls.
Day-to-day responsibility for regulatory risk lies with business
unit management. Each business unit makes compliance an
integral part of their business operations and demonstrates
compliance to regulatory authorities.
To assist the business units in discharging their responsibilities,
they receive advice and assistance from corporate oversight
functions. The corporate oversight functions also provide an
independent review of controls in the business unit and escalate
significant issues to senior management and the Board.
Through monitoring, testing and reporting, the Compliance
and Audit departments report to business unit management,
senior management and the Audit Committee of the Board on
the extent to which business units adhere to the regulatory
requirements, and on the effectiveness of the internal controls.
The Compliance department reports to the Audit Committee
of the Board on the LCMF and advises them of any material
compliance-related issues twice a year.
How we manage regulatory risk
The business units manage the day-to-day regulatory risk primarily
by educating and training their employees about regulatory
requirements, and establishing and maintaining appropriate
policies and procedures to promote compliance and monitoring
for compliance.
The corporate oversight functions promote a compliance
culture within the Bank by:
Advising and communicating the regulatory requirements
to each business;
Ensuring the businesses have appropriate policies and proce-
dures in place, and are appropriately training their staff to
meet regulatory requirements;
Independently monitoring the businesses for adherence to
the policies, procedures and requirements; and
Tracking and escalating issues and findings.
Documentation of adherence to regulatory requirements is also
carried out regularly through a formal business unit management
certification process. In addition to processes throughout the
year, on an annual basis, Canadian business units review regula-
tory requirements relating to the Banks governing legislation
and update their risk assessments and the controls that they have
in place to mitigate those risks. The higher the risk, the more
rigorous the control process must be to minimize the risk of non-
compliance. The Compliance department reviews the assessments
to determine the effectiveness of the business unit controls. Once
the annual review process is completed, senior management of
the business units certify in writing whether they are in compliance
with applicable regulatory requirements, or whether any gaps
or weaknesses exist. In the latter case, an action plan must be
established and implemented to remedy the gap or weakness.
REPUTATIONAL RISK
Reputational risk is the risk to earnings, capital or brand
arising from negative public or employee opinion.
A solid corporate reputation is essential to optimizing shareholder
value. Reputational risk is not managed in isolation of other types
of risk. Be it credit, market, operational, liquidity, investment or
regulatory risk, all these elements must be managed effectively in
order to mitigate any negative impact to the Banks reputation. In
light of the events of the last few years and as business practices
evolve to address new operating paradigms with respect to repu-
tational risk, we, like others in our industry, have enhanced our
existing focus on this issue. Managing reputational risk is necessary
in order to avoid negative impact to the brand, earnings or capital.
Who manages reputational risk
While the ultimate responsibility for the Banks reputation lies
with the Senior Executive Team and the executive committees
that examine reputational risk as part of their ongoing mandate,
anyone who is employed by the Bank has a responsibility to
contribute in a positive way to the Banks reputation. This means
ensuring that ethical practices are maintained at all times, that
interactions with our stakeholders are positive and that all policies,
legislation and regulations are adhered to. Reputational risk is
most effectively managed when everyone is working to enhance
and protect the Banks reputation.