|
Operational risk is the potential for loss resulting from events involving people, processes, technology, external events, execution, legal, compliance and regulatory matters, and reputation. Successful operational risk management is particularly important to a diversified financial services company like ours because of the very nature, volume and complexity of our various businesses.
In keeping with our management governance structure, the lines of business are responsible for all the risks within the business including operational risks. Such risks are managed through corporate- wide or line of business specific policies and procedures, controls and monitoring tools. Examples of these include personnel management practices, data reconciliation processes, fraud management units, transaction processing monitoring and analysis, business recovery planning, and new product introduction processes.
The Corporate Operational Risk Executive and the Compliance Risk Executive, reporting to the Chief Risk Officer, provide oversight to facilitate the consistency of effective policies, "best industry practices", controls and monitoring tools for managing and assessing operational risks across the company. These executives also work with the business segment executives and their risk counterparts to implement appropriate policies, processes and assessments at the line of business level. Compliance and operational risk awareness is also driven across the company through training and strategic communication efforts.
Operational risks fall into two major classifications, business specific and corporate-wide risks affecting all business lines. At the business segment level, there are Business Segment Risk Executives that are responsible for oversight of all operational risks in the business segments they support. In their management of these specific risks, they utilize corporate-wide operational risk policies, processes and assessments. For business specific risks, operational and compliance risk management work with the business segments to drive consistency in policies, processes, assessments and use of "best industry practices."
With respect to corporate-wide risks, such as information security, business recovery, legal and compliance, operational and compliance risk management assess the risks, develop a consolidated corporate view and communicate that view to the line of business level. To help assess and manage corporate-wide risks, we also utilize specialized support groups, such as Legal, Information Security, Business Recovery, Supply Chain Management, Finance, and Technology and Operations. These groups assist the lines of business in the development and implementation of risk management practices specific to the needs of the individual businesses.
Operational and compliance risk management, working in conjunction with senior business segment executives, have developed key tools to help manage, monitor and summarize operational risk. One such tool the businesses and executive management utilize is a corporate-wide quarterly self-assessment process, which helps to identify and evaluate the status of risk issues, including mitigation plans, if appropriate. The goal of this process, which originates at the line of business level, is to continuously assess changing market and business conditions. The self-assessment process also assists in identifying emerging operational risk issues and determining how they should be managed - at the line of business or corporate level. The risks identified in this process are also integrated into our quarterly financial forecasting process. In addition to the self-assessment process, key operational risk indicators have been developed and are used to help identify trends and issues on both a corporate and a line of business level.
|
