search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Operational Risk


Operational risk is the risk of loss resulting from inadequate or failed internal processes or technology or from human activities or from external events.


Operating a complex financial institution exposes the Bank’s businesses to a broad range of operational risks, including failed transaction processing, documentation errors, fiduciary and information breaches, technology failures, business disruption, theft and fraud, workplace injury, and damage to physical assets as a result of internal or outsourced business activities. The impact can result in significant financial loss, reputational harm, or regulatory censure and penalties. Operational risk is embedded in all of the Bank’s business activities, including the practices for managing other risks such as credit, market, and liquidity risk. The Bank must mitigate and manage operational risk so that it can create and sustain shareholder value, successfully execute the Bank’s business strategies, operate efficiently, and provide reliable, secure, and convenient access to financial services. The Bank maintains a formal enterprise-wide operational risk management framework that emphasizes a strong risk management and internal control culture throughout TD.


WHO MANAGES OPERATIONAL RISK


Operational Risk Management is an independent function that designs and maintains the Bank’s overall operational risk management framework. This framework sets out the enterprise-wide governance processes, policies, and practices to identify and assess, measure, control, monitor, escalate, and report operational risk. Operational Risk Management ensures that there is appropriate monitoring and reporting of the Bank’s operational risk profile and exposures to senior management through the OROC, the ERMC, and the Risk Committee. The Bank also maintains groups who oversee specific enterprise wide operational risk policies. These policies govern the activities of the corporate functions responsible for the management and appropriate oversight of business continuity and crisis/incident management, third party supplier management, financial crime and fraud management, project management, technology, information and cyber security management.


The senior management of individual business units is responsible for the day-to-day management of operational risk following the Bank’s established operational risk management policies and three lines of defence model. An independent risk management function supports each business segment and corporate area, and monitors and challenges the implementation and use of the operational risk management framework programs according to the nature and scope of the operational risks inherent in the area. The senior executives in each business unit participate in a Risk Management Committee that oversees operational risk management issues and initiatives. Ultimately, every employee has a role to play in managing operational risk. In addition to policies and procedures guiding employee activities, training is available to all staff regarding specific types of operational risks and their role in helping to protect the interests and assets of the Bank.


HOW TD MANAGES OPERATIONAL RISK


The Operational Risk Management Framework outlines the internal risk and control structure to manage operational risk and includes the risk appetite for operational risk, limits, governance, policies, and processes. The Operational Risk Management Framework is maintained by Risk Management and supports alignment with TD’s ERF and risk appetite. The framework incorporates sound industry practices and meets regulatory requirements. Key components of the framework include:


Governance and Policy


Management reporting and organizational structures emphasize accountability, ownership, and effective oversight of each business unit and each corporate area’s operational risk exposures. In addition, the expectations of the Risk Committee and senior management for managing operational risk are set out by enterprise-wide policies and practices.


Risk and Control Self-Assessment


Internal controls are one of the primary methods of safeguarding the Bank’s employees, customers, assets, and information, and in preventing and detecting errors and fraud. Management undertakes comprehensive assessments of key risk exposures and the internal controls in place to reduce or offset these risks. Senior management reviews the results of these evaluations to ensure that risk management and internal controls are effective, appropriate, and compliant with the Bank’s policies.


Operational Risk Event Monitoring


In order to reduce the Bank’s exposure to future loss, it is critical that the Bank remains aware of and responds to its own and industry operational risks. The Bank’s policies and processes require that operational risk events be identified, tracked, and reported to the appropriate level of management to ensure that the Bank analyzes and manages such risks appropriately and takes suitable corrective and preventative action. The Bank also reviews, analyzes, and benchmarks TD against operational risk losses that have occurred at other financial institutions using information acquired through recognized industry data providers.


Scenario Analysis


Scenario Analysis is a systematic and repeatable process to assess the likelihood and loss impact of low frequency, high impact operational risk events. The Bank applies this practice to meet risk measurement and risk management objectives. The process includes the use of relevant external operational loss event data that is assessed considering the Bank’s operational risk profile and control structure. The program raises awareness and educates business owners regarding existing and emerging risks, which may result in the identification and implementation of risk mitigation action plans to minimize tail risk.


Risk Reporting


Risk Management, in partnership with senior management, regularly monitors risk-related measures and the risk profile throughout the Bank to report to senior business management and the Risk Committee. Operational risk measures are systematically tracked, assessed, and reported to ensure management accountability and attention are maintained over current and emerging issues.


Insurance


Operational Risk Management includes oversight of the effective use of insurance aligned with the Bank’s risk management strategy and risk appetite. To provide additional protection from loss, the Bank manages a comprehensive portfolio of insurance and other risk mitigating arrangements. The insurance terms and provisions, including types and amounts of coverage in the portfolio, are continually assessed to ensure that both the Bank’s tolerance for risk and, where applicable, statutory requirements are satisfied. The management process includes conducting regular in-depth risk and financial analysis and identifying opportunities to transfer elements of TD’s risk to third parties where appropriate. The Bank transacts with external insurers that satisfy TD’s minimum financial rating requirements.


Technology, Information and Cyber Security Virtually all aspects of the Bank’s business and operations use technology and information to create and support new markets, competitive products, delivery channels, as well as other business operations and opportunities. The Bank needs to manage risks to ensure adequate and proper day-to-day operations; and only authorized access of the Bank’s technology, infrastructure, systems, information, or data. To achieve this, the Bank actively monitors, manages, and continues to enhance its ability to mitigate these technology and information security risks through enterprise-wide programs using industry best practices and robust threat and vulnerability assessments and responses. Together with the Bank’s operational risk management framework, technology, information and cyber security programs also include enhanced resiliency planning and testing, as well as disciplined change management practices.


88 TD BANK GROUP ANNUAL REPORT 2016 MANAGEMENT’S DISCUSSION AND ANALYSIS


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100  |  Page 101  |  Page 102  |  Page 103  |  Page 104  |  Page 105  |  Page 106  |  Page 107  |  Page 108  |  Page 109  |  Page 110  |  Page 111  |  Page 112  |  Page 113  |  Page 114  |  Page 115  |  Page 116  |  Page 117  |  Page 118  |  Page 119  |  Page 120  |  Page 121  |  Page 122  |  Page 123  |  Page 124  |  Page 125  |  Page 126  |  Page 127  |  Page 128  |  Page 129  |  Page 130  |  Page 131  |  Page 132  |  Page 133  |  Page 134  |  Page 135  |  Page 136  |  Page 137  |  Page 138  |  Page 139  |  Page 140  |  Page 141  |  Page 142  |  Page 143  |  Page 144  |  Page 145  |  Page 146  |  Page 147  |  Page 148  |  Page 149  |  Page 150  |  Page 151  |  Page 152  |  Page 153  |  Page 154  |  Page 155  |  Page 156  |  Page 157  |  Page 158  |  Page 159  |  Page 160  |  Page 161  |  Page 162  |  Page 163  |  Page 164  |  Page 165  |  Page 166  |  Page 167  |  Page 168  |  Page 169  |  Page 170  |  Page 171  |  Page 172  |  Page 173  |  Page 174  |  Page 175  |  Page 176  |  Page 177  |  Page 178  |  Page 179  |  Page 180  |  Page 181  |  Page 182  |  Page 183  |  Page 184  |  Page 185  |  Page 186  |  Page 187  |  Page 188  |  Page 189  |  Page 190  |  Page 191  |  Page 192  |  Page 193  |  Page 194  |  Page 195  |  Page 196  |  Page 197  |  Page 198  |  Page 199  |  Page 200  |  Page 201  |  Page 202  |  Page 203  |  Page 204  |  Page 205  |  Page 206  |  Page 207  |  Page 208  |  Page 209  |  Page 210  |  Page 211  |  Page 212