Risk Management
Risk is inherent in virtually all aspects of a financial
services company's business, and sound risk management practices
are fundamental to our long-term success. Our management of
risk is a core competency supported by a strong risk culture
and an effective enterprise risk management framework. This
section covers our:
Enterprise
Risk Management Framework
Our enterprise risk management framework provides an
overview of our enterprise-wide program for identifying,
measuring, controlling and reporting on the significant risks
that face the organization. This enterprise approach ensures
that RBC (including all the legal entities under which we
operate) remains in compliance with the requirements set out
by our home regulator, OSFI and other relevant regulators
around the world. The Conduct Review and Risk Policy
Committee of our Board of Directors reviews and approves the
framework annually.
The enterprise risk management framework provides a
consolidated overview of risk management at RBC, including
risk principles and governance, risk appetite, risk profile,
risk
types, and risk management processes and tools. Within RBC,
the framework promotes a good understanding of the roles,
responsibilities and authorities for the management of risk,
and
supports the use of a common risk language. The ability to
articulate what our risks are and how they are measured and
managed is important both for internal understanding and
alignment and to ensure an accurate and consistent view of
risk
across the organization through a variety of reporting and
disclosure mechanisms.
Reputation Risk Framework
Our reputation risk framework is one of a set of risk-specific
frameworks supporting the enterprise risk management
framework. Reviewed annually by the Conduct Review and Risk
Policy Committee of our Board of Directors, the reputation
risk
framework provides an overview of our approach to the
management of reputation risk, including definitions,
principles, sources of risk, the mechanisms in place to prevent
and mitigate reputation risk and the related organizational
and
oversight responsibilities.
Effective reputation risk management requires both proactive
measures to prevent the compromise of our reputation on an
ongoing basis and reactive measures to mitigate the impact
of
issues and incidents when they arise. We have a number of
key
preventative measures in place, including our Code of Conduct
and proactive stakeholder engagement, whereby we maintain
relationships of trust with all stakeholders. We use a number
of
responsive measures to protect and enhance our reputation,
including the escalation protocols established through our
Enterprise Compliance Management program and our Business
Continuity and Crisis Management approach.
Enterprise
Compliance Management (ECM) Framework
In order to achieve worldwide compliance with governing
legislation and other applicable laws, regulations and regulatory
directives and expectations, RBC has adopted a comprehensive
ECM framework that is consistent with regulatory guidance
from OSFI and other regulators. The framework is designed
to promote the proactive, risk-based management of compliance
and regulatory risk. It applies to all of our businesses and
operations, legal entities and employees globally, and confirms
the shared accountability of all our employees to ensure we
maintain robust and effective regulatory risk and compliance
controls.
Business
Continuity and Crisis Management
We use a best-in-class Business Continuity Management
program to ensure that our businesses are adequately prepared
to deal with any disruption of service to clients. We conduct
risk assessments of all areas annually, further supported
by
contingency plans and periodic testing.
Our Enterprise Crisis Management team, comprising senior
executives from across the organization, is responsible for
ensuring continued service to our clients during any crisis/
incident or major service interruption. The Enterprise Crisis
Management team is supported by a global network of regional,
business-line and local incident management teams. These
teams are on call around the clock to address any situation
that
may pose material risk to our staff, our reputation or our
ability
to serve clients.
We conduct regular crisis simulations to test our readiness
and
timely response to all emergency situations, including but
not
limited to, a departmental disruption, building, city-wide
or
regional disruption, or a pandemic incident.
For more information, see our 2009
Annual Report to Shareholders and Management
Proxy Circular.
