Risk Governance Structure
TD's risk governance structure emphasizes and balances strong central oversight and control of risk with clear accountability for, and ownership of, risk within each business unit. Under TD's approach to risk governance, the business owns the risk that it generates and is responsible for assessing risk, designing and implementing controls, and monitoring and reporting its ongoing effectiveness to safeguard TD from exceeding its risk appetite.
TD's risk governance model includes a senior management committee structure to support transparent risk reporting and discussion with overall risk and control oversight provided by the board and its committees. The CEO and Senior Executive Team determine TD's long-term direction within the bank's risk appetite and apply it to the businesses. Risk Management, headed by the Group head and chief risk officer (CRO), sets enterprise risk strategy and policy and provides independent oversight to support a comprehensive and proactive risk management approach for TD.
TD employs a "three lines of defense" model that describes the roles of the business, governance, risk, and oversight groups in managing TD Bank's risk profile. The first line of defense is the business and corporate line of accountabilities and includes the following:
• Managing and identifying risks in day-to-day activities
• Ensuring that activities are within TD's risk appetite and risk management
• Designing, implementing, and maintaining effective internal controls
• Monitoring and reporting on the risk profile
The second line of defense deals with setting standards and challenging business assumptions to improve governance, risk, and control groups' responsibilities and accountability. These include the following:
• Establishing enterprise governance, risk, and control strategies and practices
• Providing oversight and independent challenge to the first line through review, inquiry, and discussion
• Developing and communicating governance, risk, and control policies
• Providing training, tools, and advice to support policy compliance
• Monitoring and reporting on compliance with risk appetite and policies
The third line of defense is independent assurance through the internal audit department, which allows for the following:
• Verifying independently that TD's ERF is operating effectively
• Validating the effectiveness of the first and second lines of defense in fulfilling their mandates and managing the risk profile
The RCoB oversees TD's risk direction and the implementation of an effective risk management culture and internal control framework across the enterprise. In support of this oversight, the RCoB reviews, challenges, and approves certain risk policies while also reviewing and approving TD's Risk Appetite Statement.
TD's executive committees provide oversight at the most senior level and support management by guiding, challenging, and advising executive decision makers. The following committees oversee governance, risk, and control activities relating to the bank's key risks, and review and monitor the risk strategies and associated risk activities and practices:
• The Enterprise Risk Management Committee oversees the management of major enterprise governance and risk and control activities.
• The Asset/Liability and Capital Committee (ALCO) oversees the management of TD's nontrading market risk and each of its consolidated liquidity, funding, investments, and capital positions.
• The Operational Risk Oversight Committee oversees the strategic assessment of TD's governance, control, and operational risk structure.
• The Disclosure Committee ensures that appropriate controls and procedures are in place and operating to permit timely accurate, balanced, and compliant disclosure to regulators, shareholders, and the market.
• The Reputational Risk Committee ensures that corporate or business initiatives with significant reputational risk profiles have received adequate review for reputational risk implications prior to implementation.
The Risk Management function, headed by the CRO, provides independent oversight of risk governance and control, and is responsible for establishing risk management strategy, policies, and practices. Risk Management's primary objective is to support a comprehensive and proactive approach to risk management that promotes a strong risk management culture. Risk Management works with the business segments and other corporate oversight groups to establish policies, standards, and limits that align with TD's risk appetite, and monitors and reports on existing and emerging risks and compliance with TD's risk appetite.
Each business segment has an embedded risk management function that reports directly to a senior risk executive, who in turn reports to the CRO. This structure supports an appropriate level of central oversight while emphasizing ownership and accountability for risk within the business segment. Business management is responsible for recommending the business-level risk appetite and metrics, which are reviewed and challenged as necessary by Risk Management and ultimately approved by the CEO.
TD's audit function provides independent assurance to the board of the effectiveness of risk management, control, and governance processes, employed to ensure compliance with TD's risk appetite. Internal Audit reports on its evaluation to management and the RCoB. The Compliance group establishes risk-based programs and standards to proactively manage known and emerging compliance risks across TD to provide independent oversight and delivers operational control processes to comply with the applicable legislation and regulation requirements.
The Global Anti Money Laundering (AML) group establishes a risk-based program and standards to proactively manage known and emerging money laundering compliance risks across TD. The AML group provides independent oversight and delivers operational control processes to comply with the applicable legislation and regulatory requirements. The Treasury and Balance Sheet Management (TBSM) group manages, directs, and reports on TD's capital and investment positions, interest rate risk, liquidity and funding risks, and the market risks of TD's nontrading bank activities. The Risk Management function oversees TBSM's capital and investment activities.