The Professional Risk Managers International Association (PRMIA) Building a Risk Appetite Framework at TD January 31, 2013

Transcription

1 The Professional Risk Managers International Association (PRMIA) Building a Risk Appetite Framework at TD January 31, 2013 Clare Gaudet, VP Enterprise Risk Governance, TD Bank Group

2 Building a Risk Appetite Framework (RAF) Getting Started in 2009 The 2008 financial crisis revealed that risk within many financial institutions was not properly understood, communicated, monitored or incented The Senior Supervisors Group s Risk Management Lessons from the Global Banking Crisis of 2008 report was one of many concluding that, to remediate this risk management weakness, financial institutions needed to make demonstrable improvement in articulating a clearly defined risk appetite to guide strategic decisions While TD fared well throughout the crisis, we recognized that increased formalization and clear articulation of a financial institution s documented risk appetite was desired by all stakeholders In 2009, we began the work to formalize our RAF and engaged external consultants To assist and conduct an industry benchmarking analysis To help identify existing risk appetite practices and expectations To provide a basis for developing the Bank s initial risk appetite framework during the first half of

3 Building a Risk Appetite Framework TD Benchmarking Themes The main themes that emerged from our benchmarking analysis were: Risk appetite is an area of increasing focus for global banks, regulators and rating agencies Continuous development and increased formalization are desired by all stakeholders Boards require continuing education to have meaningful discussion and challenge Explicit linkage of risk appetite to strategy, capital attribution, risk limits and business decisions needs to be improved Banks should not rely just on a single measure or purely quantitative measures Work needs to continue on stress testing, scenario analysis, and on improving the use of quantitative measures for non-financial risks Consolidated reporting and monitoring around risk appetite needs to be improved 3

4 Building a Risk Appetite Framework 2009: Early Days TDBG s Initial RAF Our vision, mission, risk capacity and constraints, and our strategy and risk philosophy guided the definition of our Risk Appetite Through the development of our initial RAF, we identified and addressed several key elements: Use of both qualitative statements and quantitative metrics to express our risk appetite Alignment of strategy and capital management with our risk appetite Governance that provides for annual review and approval of the RAF originally by the Risk Committee of the Board, and currently by the full Board on the recommendation of the Risk Committee of the Board and the Chief Risk Officer and the Enterprise Risk Management Committee (ERMC), chaired by our President and CEO Clarification that business line heads are responsible for setting business level risk appetite and managing risk within these approved risk limits Clarification that Risk Management is responsible for aggregating and reporting risk information on the approved risk measures Assessment of enterprise and segment performance against TD s risk appetite in a formal scorecard and use of this scorecard as an input to our compensation process The resulting RAF, approved by the Risk Committee of the Board in October 2009, combined our insights from the benchmarking with the key elements identified above to produce a robust document that defined our appetite in each major risk area 4

5 Building a Risk Appetite Framework 2010: Evolution of our RAF Over the course of the next year, we realized our RAF was not resonating with the Board and not easily communicated across the Bank In 2010, Risk Management worked with the CEO, the Senior Executive Team and the Board to distill the RAF into simple and understandable terms We focused on conveying the basic risk principles that inform how we make strategic decisions and manage risk We clearly separated our Risk Appetite Statements, our key risks and corresponding measures and the governance protocols applicable to the RAF Risk Management worked closely with the business segments to define the meaning of the RAF and how it is measured for each segment The Enterprise and Business Segment Risk Appetite Statements now include metrics and measures that align to TD s three core risk principles The resulting TD Risk Appetite Statement has become the basic yardstick against which we measure how much risk we are willing to take to generate shareholder value 5

6 The Risk Appetite Statement The Risk Appetite Statement is comprised of 3 core principles and is critical component of the TD Framework We take risks required to build our business, but only if those risks: Fit our business strategy and can be understood and managed Do not expose the enterprise to any significant single loss events; we don t bet the bank on any single acquisition, business or product Do not risk harming the TD brand As we apply the Risk Appetite, we think about both current conditions in which we operate and the impact that emerging risks will have on TD s Strategy & Risk Profile 6

7 TD RAF s First Risk Principle 1. We only take risks that fit our business strategy and can be understood and managed We focus on taking risks that support our franchise businesses We have a bias in our business mix to businesses that generate predictable earnings because earnings provide a buffer even more powerful than capital We pursue the lowest risk means to deliver consistent financial results and to achieve our target rate of return We avoid products and businesses that rely heavily on a high degree of specialized knowledge; we only operate those where we have the expertise, infrastructure, and the people, to understand and run them We have a prudent and disciplined approach to liquidity management We design compensation to foster behaviours consistent with our RAF We maintain an adequate level of capital based on our risk profile and regularly run stress tests to ensure it remains adequate 7

8 TD RAF s Second Risk Principle 2. We only take risks that don t expose the enterprise to any significant single loss events; we don t bet the bank on any single acquisition, business or product We follow a rigorous due diligence process for acquisitions; we make sure the companies we acquire are not so big that if we get it wrong it would have catastrophic consequences for TD We ensure our portfolios are properly diversified and managed by setting appropriate concentration and trading limits across all businesses We avoid tail risk (i.e. low probability events that result in extremely large or unquantifiable losses); we exited exotic (complex long dated) derivatives etc. We maintain consistent underwriting standards through an economic cycle; we don t make bad loans in good times so we can make good loans in bad times While business segments may have losses during a severe but plausible stress event, net income will always be positive at the consolidated TD level 8

9 TD RAF s Third Risk Principle 3. We only take risks if there s no risk of harming the TD brand Our brand is extremely valuable to us. Operating with excellence and applying a disciplined approach to risk management, governance and control help protect our reputation We strive to do the right thing in the right way for all our stakeholders, i.e. customers, shareholders, communities we avoid mistakes, but when they happen, we move quickly to communicate, escalate and correct them We strive to maintain the highest level of integrity in customer relationships we only sell to our customers what we believe is appropriate 9

10 Measuring Risk Appetite Major Risk Areas In defining key metrics for our risk appetite we asked ourselves: Which major risks can ultimately bring down a Bank? At TD, we believe the following major risks can ultimately bring down a Bank: Catastrophic Credit and/or Market Risk losses Negative Impact of Significant Acquisitions A Significant Operational or Reputational Risk Event A Liquidity Crisis Inadequate Capital During a Stress Event We also believe that the business segment that generates the risk owns the risk This means the business is responsible for putting appropriate controls in place so that we don t exceed our risk appetite 10

11 Measuring Risk Appetite Policies and Metrics The key policies and metrics established over the years to safeguard against these major risks include: Credit Concentration Limits - Country, Industry and Single Name Peer Credit Loss Experience Comparison Trading Risk Stress Test Limits - to ensure TD Securities does not incur an annual loss Rigorous Due Diligence Acquisition Requirements including Stress Testing Liquidity Risk Limits Capital Adequacy Limits based on Enterprise Stress Testing Limit risk-based capital outside of Retail and Commercial Business Operational Risk and Internal Audit Control Dashboards These key metrics, and related segment-specific metrics, are reported to Senior Management and the Risk Committee of the Board in the TDBG Risk Dashboard Any excesses or overages of Risk Appetite metrics are reported to Senior Management and the Risk Committee as appropriate 11

12 Governance of the TD RAF Risk Appetite metrics are monitored and reported by the business and Risk Management to the ERMC, the Risk Committee and the Board The Enterprise and the Business Segments are assessed against the RAF in an annual scorecard This assessment impacts compensation At least annually, the RAF and Metrics are reviewed and updated RAF Review/ Update TD Risk Appetite Scorecard reported to ERMC, Risk and HR Committees of the Board TD Risk Dashboard reported to Risk Committee of the Board and the Board TD Risk Dashboard consolidate by Risk Management and reported to the Enterprise Risk Management Committee (ERMC) Ongoing tracking/monitoring of Risk Appetite metrics at the Enterprise and Business Segment level as appropriate 12

13 Major Risks Major Risks Major Risks Major Risks Alignment Major Risks TD s Risk Appetite Framework Enterprise-Wide Alignment Governing Objectives Risk Capacity and Constraints Enterprise Strategy and Objectives Risk Philosophy Enterprise Risk Appetite Statement We take risks required to build our business, but only if those risks: Fit our business strategy and can be understood and managed Don t expose the enterprise to any significant single loss events; we don t bet the bank on any single acquisition, business or product Don t risk harming the TD brand Implementation Enterprise Credit Risk / Market Risk Strategic Risk / Operational Risk Insurance Risk / Reputational Risk Liquidity Risk / Capital Adequacy Risk Principle in Practice Control Policy, Metric or Process Monitoring and Reporting Regulatory and Legal Risk Performance Compensation Credit Risk / Market Risk Credit / Market Risk Credit / Market Risk Strategic Risk Credit / Operational / Market Risk Risk Strategic / Acquisition Risk Strategic / Acquisition Risk Insurance Strategic Risk / Reputational / Acquisition Risk Risk Operational Reputational Risk Operational / Reputational Risk Liquidity Operational Risk / Capital / Reputational Adequacy Risk Risk Liquidity Risk Liquidity Risk Regulatory Liquidity and Legal Risk Risk Capital Risk Capital Risk Capital Risk Implementation Business Segments Implementation Implementation Implementation Business Business Segments Business Segments Segments Principle Principle Control Principle Control Policy, Principle Control Policy, Control Policy, in Metric Policy, in Metric or in Metric or Practice Metric or Practice Process or Practice Process Practice Process Process Performance Compensation Monitoring Monitoring Monitoring Monitoring and and Reporting and Reporting and Reporting Reporting 13

14 Communicating the TD RAF We believe the RAF should be widely communicated as taking risk is a basic part of our business and we need everyone in the organization to be an informed risk taker In 2011, we held a Risk Awareness Week on the TDBG Intranet with the objective of increasing employee awareness and understanding of the Risk Appetite Statement The Week highlighted messages from the CRO and senior business heads and featured an employee video contest asking participants to explain why the Risk Appetite Statement is importantthis allowed us to talk about Risk Appetite again when the best videos were posted We received a terrific response to the contest with some very high quality submissions Since the contest, we have received numerous requests, both internal and external, to show the winning video to reinforce the Risk Appetite message Ongoing communication is fundamental to building and maintaining the risk culture of the Bank; the Risk Appetite Statement and background materials are featured prominently on the TDBG Intranet Home Page for all employees to access The RAF is also being communicated across the Bank through existing training programs 2012 featured additional Risk Appetite themed communication, focusing on Risk Appetite in Action, demonstrating how the Risk Appetite has impacted people across the Bank The statement is also factored into external messaging, particularly our Annual Report and commentary on How We Manage Risk 14

15 The Great Risk Appetite Employee Video Contest 15

16 Key Factors in Successful RAF Implementation TD s Risk Appetite journey started three years ago It has been a road marked by many iterations and strong CEO and Board support to get it right. There was little guidance available when we started and we have learned a lot along the way Strong CEO support Close cooperation required among CEO, CRO, Board and business lines Engaged Board with clear expectations; active iteration process working with Management The Bank s Risk Appetite Statement is effectively communicated across the Enterprise Strategic decisions and right-sizing of risk profile driven by the RAF Business line strategy aligned with TD s desired risk profile Empower employees to challenge and escalate when they believe we are operating outside the Risk Appetite Common language used across the Bank Through the use of qualitative statements and suitable metrics 16

17 Key Factors in Successful RAF Implementation Multiple metrics to monitor risk performance Metrics reporting meets different needs of each audience E.g. for Board, high level metrics that reflect key vulnerabilities Accountability for implementation translated into clear incentives Compensation tied to enterprise and business performance measured against the RAF Promote open communication and transparency with the Board on all aspects of the RAF and key metrics Any excesses or overages of metrics are reported to Senior Management and the Board as appropriate The Risk Appetite Statement remains relevant and appropriately aligned with the Bank s strategy 17