TD Bank 2014 Annual Report Download - page 89

Download and view the complete annual report

Please find page 89 of the 2014 TD Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 228

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228

TD BANK GROUP ANNUAL REPORT 2014 MANAGEMENT’S DISCUSSION AND ANALYSIS 87
WHO MANAGES OPERATIONAL RISK
Operational Risk Management is an independent function that designs
and maintains the Bank’s overall operational risk management frame-
work. This framework sets out the enterprise-wide governance
processes, policies and practices to identify and assess, measure,
control, and monitor and report operational risk. Risk Management
provides reporting of the Bank’s operational risk exposures to senior
management through the Operational Risk Oversight Committee,
the ERMC and the Risk Committee of the Board.
The Bank also maintains program groups who oversee specific enter-
prise wide operational risk policies that require dedicated mitigation
and control activities. These policies govern the activities of the corpo-
rate functions responsible for the management and appropriate over-
sight of business continuity and crisis/incident management, supplier
risk management, financial crime risk management, project change
management, technology risk management, and information security.
The senior management of individual business units is responsible
for the day-to-day management of operational risk following the
Bank’s established operational risk management policies. Within each
business segment and corporate area, an independent risk manage-
ment function uses the elements of the operational risk management
framework according to the nature and scope of the operational risks
inherent in the area. The senior executives in each business unit partici-
pate in a Risk Management Committee that oversees operational risk
management issues and initiatives.
Ultimately, every employee has a role to play in managing opera-
tional risk. In addition to policies and procedures guiding employee
activities, training is available to all staff regarding specific types of
operational risks and their role in helping to protect the interests and
assets of the Bank.
HOW TD MANAGES OPERATIONAL RISK
The Operational Risk Management Framework outlines the internal
risk and control structure to manage operational risk and includes risk
appetite, limits, governance, policies, and processes. The Operational
Risk Management Framework is maintained by Risk Management and
supports alignment with TD’s risk appetite for operational risk. The
framework incorporates sound industry practices and meets regulatory
requirements. Key components of the framework include:
Governance and Policy
Management reporting and organizational structures emphasize
accountability, ownership, and effective oversight of each business
unit, and each corporate area’s operational risk exposures. In addition,
the expectations of the Risk Committee of the Board and senior
management for managing operational risk are set out by enterprise-
wide policies and practices.
Risk and Control Self-Assessment
Internal control is one of the primary lines of defense in safeguarding
the Bank’s employees, customers, assets, and information, and in
preventing and detecting errors and fraud. Annually, management
undertakes comprehensive assessments of key risk exposures and
the internal controls in place to reduce or offset these risks. Senior
management reviews the results of these evaluations to ensure that
risk management and internal controls are effective, appropriate,
and compliant with the Bank’s policies.
Operational Risk Event Monitoring
In order to reduce the Bank’s exposure to future loss, it is critical that
the Bank remains aware of and responds to its own and industry oper-
ational risks. The Bank’s policies and processes require that operational
risk events be identified, tracked, and reported to the appropriate level
of management to ensure that the Bank analyzes and manages such
risks appropriately and takes suitable corrective and preventative
action. The Bank also reviews, analyzes, and benchmarks TD against
industry operational risk losses that have occurred at other financial
institutions using information acquired through recognized industry
data providers.
Risk Reporting
Risk Management, in partnership with senior management, regularly
monitors risk-related measures and the status of risk throughout the
Bank to report to senior business management and the Risk Committee
of the Board. Operational risk measures are systematically tracked,
assessed, and reported to ensure management accountability and
attention are maintained over current and emerging issues.
Insurance
Operational Risk Management includes oversight of the effective use
of insurance aligned with the Bank’s risk management strategy and risk
appetite. To provide the Bank with additional protection from loss, Risk
Management manages a comprehensive portfolio of insurance and
other risk mitigating arrangements. The insurance terms and provisions,
including types and amounts of coverage in the portfolio, are continu-
ally assessed to ensure that both the Bank’s tolerance for risk and,
where applicable, statutory requirements are satisfied. The manage-
ment process includes conducting regular in-depth risk and financial
analysis and identifying opportunities to transfer elements of TD’s risk
to third parties where appropriate. The Bank transacts with external
insurers that satisfy the Bank’s minimum financial rating requirements.
Technology, Information and Cyber Security
Virtually all aspects of the Bank’s business and operations use technol-
ogy and information to create and support new markets, competitive
products and delivery channels, and other business developments.
The key risks are associated with the operational availability, integrity,
confidentiality, and security of the Bank’s information, systems, and
infrastructure. These risks are actively managed through enterprise-
wide technology risk and information security management programs
using industry best practices and the Bank’s operational risk manage-
ment framework. These programs include robust threat and vulnerabil-
ity assessments, as well as security and disciplined change
management practices.
Business Continuity and Crisis/Incident Management
During incidents that could disrupt the Bank’s business and operations,
Business Continuity Management supports the ability of senior manage-
ment to continue to manage and operate their businesses, and provide
customers access to products and services. The Bank’s robust enter-
prise-wide business continuity management program includes formal
crisis management protocols and continuity strategies. All areas of the
Bank are required to maintain and regularly test business continuity
plans designed to respond to a broad range of potential scenarios.
Supplier Management
A third party supplier/vendor is an entity that supplies a particular
product or service to or on behalf of the Bank. The benefits of leverag-
ing third parties include access to leading technology, specialized
expertise, economies of scale, and operational efficiencies. While these
relationships bring benefits to the Bank’s businesses and customers,
the Bank also needs to manage and minimize any risks related to the
activity. The Bank does this through an enterprise-level third-party risk
management program that guides third-party activities throughout
the life cycles of the arrangements and ensures the level of risk
management and senior management oversight is appropriate
to the size, risk, and importance of the third-party arrangement.
Project Management
The Bank has established a disciplined approach to project manage-
ment across the enterprise coordinated by the Bank’s Enterprise Project
Management Office (EPMO). This approach involves senior manage-
ment governance and oversight of the Bank’s project portfolio and
leverages leading industry practices to guide TD’s use of standardized
project management methodology, defined project management
accountabilities and capabilities, and project portfolio reporting and
management tools to support successful project delivery.