Risk Management
Risk is inherent in virtually all aspects of our business,
and sound risk management practices are fundamental to our
long-term success. Our management of risk is a core competency
supported by a strong risk management culture and an effective
enterprise risk management framework. This section covers
our:
Enterprise
Risk Management Framework
RBC's enterprise risk management framework provides an overview
of our enterprise-wide program for identifying, measuring,
controlling, and reporting on the significant risks that face
the organization. This enterprise approach ensures that RBC
remains in compliance with the requirements set out by our
main regulator, the Office of the Superintendent of Financial
Institutions (OSFI) as well as other relevant laws and regulations.
The Conduct Review and Risk Policy Committee of our Board
of Directors reviews and approves the framework annually.
The enterprise risk management framework provides a consolidated
overview of risk management at RBC, including risk principles,
risk appetite, risk types, and risk management processes and
tools. Within RBC, the framework promotes a good understanding
of the roles, responsibilities and authorities for the management
of risk, and supports the use of a common risk language. The
ability to articulate what our risks are and how they are
managed is important both for internal understanding and alignment
and to ensure an accurate and consistent RBC view of risk
through a variety of reporting and disclosure mechanisms.
Reputation Risk Framework
Our reputation risk framework is one of a set of risk-specific
frameworks supporting the enterprise risk management framework.
Reviewed annually by the Conduct Review and Risk Policy Committee
of our Board of Directors and most recently in October 2008,
the reputation risk framework provides an overview of our
approach to the management of reputation risk, including definitions,
principles, sources of risk, the mechanisms in place to prevent
and mitigate reputation risk and the related organizational
and oversight responsibilities.
Effective reputation risk management requires both proactive
measures to prevent the compromise of our reputation on an
ongoing basis and reactive measures to mitigate the impact
of issues and incidents when they arise. We have a number
of key preventative measures in place including our Code of
Conduct and proactive stakeholder engagement whereby we maintain
relationships of trust with all stakeholders. We use a number
of responsive measures to protect and enhance our reputation
including the escalation protocols established through our
Enterprise Compliance Management program and our Business
Continuity and Crisis Management approach.
Enterprise
Compliance Management (ECM) Framework
In order to achieve worldwide compliance with governing legislation
and other applicable laws, regulations and regulatory directives
and expectations, RBC has adopted a comprehensive ECM Framework
that is consistent with regulatory guidance from OSFI and
other regulators. The framework is designed to promote the
proactive, risk-based management of regulatory risk. It applies
to all our businesses and operations, legal entities and employees
globally and confirms the shared accountability of all employees
across the organization for ensuring we maintain robust and
effective regulatory risk and compliance controls.
Business
Continuity and Crisis Management
RBC uses a best-in-class Business Continuity Management program
to ensure that our businesses or units are adequately prepared
to deal with any disruption of service to clients. We conduct
risk assessments of all areas annually, further supported
with contingency plans and periodic testing.
RBC's Enterprise Crisis Management team, comprised of senior
executives from across the organization, is responsible for
ensuring continued service to our clients during any crisis/incident
or major interruption. The RBC Enterprise Crisis Management
team is supported by a global network of regional, business-line
and local incident management teams. These teams are on call
round the clock to address any situation that may pose material
risk to staff, corporate reputation or our ability to serve
clients.
RBC conducts regular crisis simulations to test the readiness
and timely response to all emergency situations including
but not limited to a departmental disruption, building, city-wide
or regional disruption, or a pandemic incident.
For more information, see our 2008
Annual Report to Shareholders and Management
Proxy Circular.