TD Bank 2006 Annual Report Download - page 69

Download and view the complete annual report

Please find page 69 of the 2006 TD Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 130

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130

TD BANK FINANCIAL GROUP ANNUAL REPORT 2006 Management’s Discussion and Analysis 65
WHO MANAGES OPERATIONAL RISK
Risk Management is responsible for the design and maintenance
of the Bank’s overall operational risk management framework
that sets out the enterprise level governance processes, policies
and practices to identify, assess, report, mitigate and control
operational risk. Risk Management facilitates appropriate moni-
toring and reporting of the Bank’s operational risk exposures to
senior management, the Operational Risk Oversight Committee
and the Risk Committee of the Board.
The Bank also maintains specialist groups who focus exclusive-
ly on managing specific operational risk exposures that require
targeted mitigation activities. These areas are responsible for
setting enterprise-level policies and maintaining appropriate
oversight in particular areas such as business continuity,
outsourcing management, technology risk management and
information security.
The senior management of individual business units have pri-
mary accountability for the ongoing management of operational
risk in accordance with the Bank’s operational risk management
policies. Each business unit and corporate area has an independ-
ent risk management function that implements the operational
risk management framework consistent with the nature and
scope of the operational risks to which the area is exposed. Each
business unit has a Risk Management Committee comprising the
senior executives in the unit, providing oversight on operational
risk management issues and initiatives.
HOW WE MANAGE OPERATIONAL RISK
Through the operational risk management framework, the Bank
maintains a system of comprehensive policies, processes and
methodologies to manage operational risk to acceptable levels
and emphasize proactive management practices. Key operational
risk management practices include:
Risk and Control Self-Assessment
Internal control serves as one of the primary lines of defense in
safeguarding the Bank’semployees, customers, assets, informa-
tion and preventing and detecting errors and fraud. The Risk and
Control Self-Assessment is a process adopted by each of our
businesses to proactively identify key operational risks to which
they are exposed and assess whether there are appropriate
internal controls in place to mitigate these risks. Management
also uses the results of this process to ensure their businesses
maintain effective internal controls in compliance with the
Bank’s policies.
Operational Risk Event Monitoring
Operational risk event monitoring is important to maintain our
awareness of the risks we encounter and to assist management
in taking constructive action to reduce our exposure to future
losses. The Bank uses a centralized reporting system to monitor
and report on internal and external operational risk events. This
event data is analyzed to determine trends for benchmarking,
and to gain an understanding of the types of risks our businesses
and the Bank as a whole face.
Risk Reporting
Risk Management, in partnership with business management,
facilitates regular reporting of risk-related metrics up to senior
management and the Boardof Directors that provides transpar-
ent indicators regarding the level and direction of risk
throughout the Bank. Significant operational risk issues and
action plans are systematically tracked and reported to ensure
management accountability and attention is maintained.
Insurance
Risk Management actively manages a broad portfolio of insur-
ance and other risk financing instruments to provide additional
protection from loss. Risk Management assesses the type and
level of corporate and third-party insurance coverage that is
required to ensure it meets our tolerance for risk and statutory
requirements. This includes conducting in-depth risk and finan-
cial analysis and identifying opportunities to transfer our risk
where appropriate.
Technology and Information
Managing the operational risk exposures related to our use of
technology and information is of significant importance to the
Bank. Technology and information is used in virtually all aspects of
our business and operations including creating and supporting new
markets, competitive products and delivery channels. Technology
and information risk exposures associated with the operational
integrity and security of our information, systems and infrastructure
are actively managed through the implementation of enterprise-
level technology risk and information security management
programs that are patterned on industry best practices and the
Bank’soperational risk management framework. These manage-
ment programs include robust threat and vulnerability assessments,
security and disciplined change management practices.
Business Continuity Management
Business Continuity Management is a vital and integral part of
the Bank’soperational risk management framework. It includes
maintaining enterprise-wide business continuity management
practices, which allows the executive and senior management
to continue to manage and operate their business under adverse
conditions, by the execution of resilient strategies, recovery
objectives, business continuity and crisis management plans and
communication protocols.All areas of the Bank maintain and
regularly test business continuity plans to address the loss or
failure of any component on which critical functions depend.
Outsourcing Management
Outsourcing is any arrangement where a service provider per-
forms a business activity, function or process on behalf of the
Bank, that a bank could normally be expected to perform itself.
Outsourcing business activities are beneficial to the Bank by
providing access to leading technology, specialized expertise,
economies of scale and operational efficiencies. While these
arrangements bring benefits to our businesses and customers,
we recognize that there are attendant risks that need to be man-
aged. To minimize our exposure to risks related to outsourcing,
we maintain an enterprise-level outsourcing risk management
program that includes specifying minimum standards for due
diligence and ongoing monitoring of service providers, according
to significance of the particular outsourcing arrangement.
Regulatory and Legal Risk
Regulatory risk is the risk of non-compliance with applicable
legislation, regulation and regulatory directives. Legal risk is the
risk of non-compliance with legal requirements, including the
effectiveness of preventing and handling litigation.
Financial services is one of the most closely regulated indus-
tries, and the management of a financial services business, such
as ours, is expected to meet high standards in all business deal-
ings and transactions. As a result, we are exposed to regulatory
risk in virtually all of our activities. The Bank and its subsidiaries
arealso involved in various legal actions in the ordinary course of
business, many of which are loan-related. Failure to meet regula-
tory requirements not only poses a risk of regulatory censure or