ENTERPRISE RISK MANAGEMENT
ERM AT TD
TD as a regulated financial institution is a strong advocate and practitioner of ERM.
Regulators, such as OSFI (Canada), FSA (UK), SEC (USA) demand financial institutions employ
advanced risk management practices.
TD manages all its key risks through ERM framework
Risks identified, ownership is determined and centralized risk management (oversight) is
Key risks include strategic, credit, market, operational, insurance, regulatory/legal, reputational
Who is responsible for risk at TD ?
Board of Directors
Risk Committee of Board
Approves enterprise risk policies, monitors management, performs strategic analysis of
Senior Executive Team
Identifies key risk, monitors, evaluates and responsible for managing across the Bank
Executive Committees (e.g. Repuational, A/L, Operational)
Audit (independent assurance)
Compliance (independent review)
Risk Management (enterprise level policies and standards) Monitors and reports
Business Units (owns and manages risk). Sets and implements policies for business
consistent with enterprise-level polices)
Key Aspects of TD’s ERM
• Ownership of risk by business units
• Centralized oversight
• Strong risk culture (Starts with the Board/ CEO, with risk having a meaningful role
in all decisions which have significant risk impact)
• Empowered, credible risk group/respected by the business units.
• Policy framework ( at least one policy and sometimes many for each major risk)
• Transparency of risk discussions
• Strong analytic approach. Quantification where feasible/desirable
• Rigorous approval process for exceptions and overages
• Multi-level review (e.g. audit monitors risk management processes)
TD’s Energy Trading Business-Applicable Policies
New business policies (do we have the proper systems, regulatory approval,
legal, accounting etc to support a new business/product.)
Reputational risk (risk of negative publicity will cause a decline in TD’s value,
liquidity or customer base)
Credit policies. Limits for the business and for its counterparties.
Market risk policies (establish market risk tolerance)
Valuation policies (models, reserves, independent price validation)
Business recovery policies (failure of systems, pandemics, etc)
Security (security of systems, confidential information)
Know your customer and anti-money laundering
Personal trading policies
TD Energy-Market Risk Policies
• Establishes market risk tolerance for the business
• Approved products (e.g. robust option models, calibration to market prices,
sufficient trader knowledge, independent pricing, verifiable parameters)
• Approved locations (liquidity, independent pricing, trader knowledge)
• Term to maturity limits
• Greek limits (Delta, Vega) and notional limits (aggregate and by location/time
• VaR limits (commodity, interest rate, fx, aggregate)
• Stop loss limits (one day, five day) for energy. Aggregate limits for Bank
• Stress limit for energy. Measures impact of severe but plausible shocks to market
TD Energy Risk Management Process
Extensive daily reporting of market risk (p&l attribution by book, commodity
price changes, volatility surfaces, delta, strike maps, gamma ladders, VaR, stress,
risk limits, backtest etc.) and credit risk (exposure/availability by counterparty)
Daily review of business/investigation by Risk Management (profitability, market
conditions, positions, price volatility, liquidity, etc.) and discussions with Front
Office as warranted.
Overage reporting-escalation based on level of overage
Independent price validation
Market Risk Committee meets bi-weekly to discuss risk issues and policies
Market risk policies updated regularly to reflect new products/locations/market
Continuous improvement of systems and processes
Why does ERM fail?
•While most financial institutions and many hedge funds and corporates have implemented
ERM, we continue to experience periodic massive risk failures (sub-prime, asset based
commercial paper, SocGen, Amaranth, etc.)
•Most ERM programs appear to be very similar (at least as to form) , but outcomes are
Reasons for ERM Failure
Form over substance. Many ERM programs are implemented to satisfy external
requirements (e.g. regulators, ratings agencies, auditors) and are not necessarily
driven by the senior leadership team.
Risk management team is not credible with respect to the operating business units
(risk as overhead). Lack of industry/market knowledge, inexperience, a theoretical
vs. practical mindset may all contribute to diminished credibility.
Greed (either at the corporate or at the individual level) outweighs risk concerns.
Operational risk is neglected. Poor systems and sloppy processes allows the rogue
trader to assume unwarranted risks.
Over reliance on third party risk assessments (e.g. asset backed commercial paper,
Risk falls between silos (e.g.credit default swaps-where credit/market risk mix)
Occasionally-poor risk metrics (valuation models, VaR models)
Risks change over time and new risks emerge. Risk tends to place limits on
yesterday’s risks-not tomorrow’s.
Reasons for Success
ERM fully supported by senior leadership team and the overall corporate culture
Credible, knowledgeable and experienced risk staff who are able to effectively
interface with senior line executive
Risk processes must be transparent and Risk must have a seat at the table when
major decisions impacting the institution’s or corporation’s risk profile
Risk managers from all disciplines (market, credit, legal, operations ) must be able
to communicate effectively with each other.
Risk systems must be robust and effective.
Don’t neglect operational risk.
Learn from mistakes (your own and others)