TD Bank 2009 Annual Report Download - page 82

Download and view the complete annual report

Please find page 82 of the 2009 TD Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 158

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158

TD BANK FINANCIAL GROUP ANNUAL REPORT 2009 MANAGEMENT’S DISCUSSION AND ANALYSIS78
WHO MANAGES OPERATIONAL RISK
Risk Management designs and maintains our overall operational risk
management framework. This framework sets out the enterprise-wide
governance processes, policies and practices to identify, assess, report,
mitigate and control operational risk. Risk Management ensures that
there is appropriate monitoring and reporting of our operational risk
exposures to senior management, the Operational Risk Oversight
Committee and the Risk Committee of the Board.
We also maintain specialist groups who manage specific operational
risk exposures that require dedicated mitigation and control activities.
These areas are responsible for setting policies for the entire Bank and
maintaining appropriate oversight in specialized areas such as business
continuity, outsourcing management, financial crime, project change
management, technology risk management, and information security.
The senior management of individual business units is responsible
for the day-to-day management of operational risk following our
established operational risk management policies. Within each business
unit and corporate area, an independent risk management function
uses the elements of the operational risk management framework
according to the nature and scope of the operational risks the area
is exposed to. The senior executives in each business unit participate
in a Risk Management Committee that oversees operational risk
management issues and initiatives.
HOW WE MANAGE OPERATIONAL RISK
Our operational risk management framework is designed to ensure that
our operational risk exposures are proactively managed and controlled
to acceptable levels. It incorporates industry best practices and meets
regulatory guidelines. Key components of the framework include:
Governance and Policy
Management reporting and organizational structures emphasize
accountability, ownership and effective oversight of each business unit’s
and each corporate area’s operational risk exposures. In addition, the
Risk Committee of the Board’s and senior management’s expectations
for managing operational risk are set out by enterprise-wide policies.
Risk and Control Self-Assessment
Internal control is one of the primary lines of defence in safeguarding
our employees, customers, assets and information, and in preventing
and detecting errors and fraud. Annually, management undertakes
comprehensive assessments of their key operational risk exposures and
the internal controls in place to reduce or offset these risks. Senior
management reviews the results of these evaluations to ensure that
our risk management and internal controls are effective, appropriate
and comply with our policies.
Operational Risk Event Monitoring
In order to reduce our exposure to future loss, it is critical that we
remain aware of our own as well as industry risks and respond appro-
priately. Our policies and processes require that operational risk events
be identified, tracked and reported to the right level of management
to ensure that we analyze and manage them appropriately and take
suitable corrective action. We also review, analyze and benchmark the
Bank against industry operational risk losses that have occurred at
other financial institutions using information acquired through recog-
nized industry data providers.
Risk Reporting
Risk Management, in partnership with senior management, regularly
reports on risk-related measures and the status of risk throughout
the Bank to the senior business management and the Risk Committee
of the Board. Operational risk measures are systematically tracked,
assessed and reported to ensure management accountability and
attention is maintained over current and emerging issues.
Insurance
To provide the Bank with additional protection from loss, Risk Manage-
ment
actively manages a comprehensive portfolio of business insurance
and other risk mitigating arrangements. The type and level of insurance
coverage is continually assessed to ensure that both our tolerance for
risk and statutory requirements are met. This includes conducting
regular in-depth risk and financial analysis and identifying opportunities
to transfer our risk to third parties where appropriate.
Technology and Information
Virtually all aspects of our business and operations use technology and
information to create and support new markets, competitive products
and delivery channels and other business developments. The key risks
are associated with the operational availability, integrity and security
of our information, systems and infrastructure. These risks are actively
managed through enterprise-wide technology risk and information
security management programs using industry best practices and our
operational risk management framework. These programs include
robust threat and vulnerability assessments, as well as security and
disciplined change management practices.
Business Continuity Management
During incidents that could disrupt our business and operations,
Business Continuity Management supports the ability of senior
management to continue to manage and operate their businesses, and
provide customers access to products and services. Our robust enter-
prise-wide business continuity management program includes formal
crisis management protocols and continuity strategies. All areas of
the Bank are required to maintain and regularly test business continuity
plans designed to respond to a broad range of potential scenarios.
Outsourcing Management
Outsourcing is any arrangement where an external supplier performs
a business activity, function or process on our behalf. The benefits of
outsourcing business activities include access to leading technology,
specialized expertise, economies of scale and operational efficiencies.
While these arrangements bring benefits to our businesses and
customers, we also need to manage and minimize any risks related to
the activity. We do this through an enterprise-level outsourcing risk
management program that guides outsourcing activities and ensures
the level of risk management and senior management oversight is
appropriate to the size and importance of the outsourcing arrangement.
Project Change Management
We have established a disciplined project management program of
processes and supervisory mechanisms to ensure projects are success-
fully implemented in a planned and systematic manner and are
monitored by senior management. Our Implementation Management
Office maintains project management standards that meet or exceed
industry recognized best practices used to identify and guide change.
Financial Crime
Safeguarding our customers, employees, assets, information and
preventing and detecting fraud and other forms of financial crime
are very important to us. To do this, we maintain extensive security
systems, protocols and practices to detect and prevent financial crime.
This includes regular employee training to ensure compliance with
crime prevention policies and practices.
Insurance Risk
Insurance risk is the risk of loss due to actual insurance claims
exceeding the insurance claims expected in product pricing. Further-
more, underwriting risk is defined as the risk of financial loss resulting
from the inappropriate product design, selection and pricing of
risks to be insured. Claims risk is defined as the risk of loss due to
unforeseen increases in the size and frequency of claims and time-
to-payment expenses.
Insurance by nature involves the distribution of products that transfer
individual risks to the issuer with the expectation of a return built into
the insurance premiums earned. We are exposed to insurance risk in
our property and casualty insurance business, and in our life and
health insurance and reinsurance businesses.
WHO MANAGES INSURANCE RISK
Senior management within the insurance business units has primary
responsibility for managing insurance risk with oversight by the Chief
Risk Officer for Insurance who reports into Risk Management. The
Audit Committee of the Board acts as the Audit and Conduct Review
Committee for the Canadian Insurance company subsidiaries. The
Insurance company subsidiaries also have their own boards of directors,
as well as independently appointed actuaries who provide additional
risk management oversight.