The ability to quantify risks is also a key commitment of TD's risk management processes. These processes align with regulatory requirements for capital adequacy, leverage ratios, liquidity measures, stress testing, and maximum credit exposure guidelines. TD has a process in place to quantify risks to provide accurate and timely measurements of the risks it assumes.
In quantifying risk, TD uses various risk measurement methodologies, including value at risk (VaR) analysis, scenario analysis, stress testing, and limits. Other examples of risk measurements include credit exposures, provision for credit losses, peer comparisons, trending analysis, liquidity coverage, and capital adequacy metrics. TD also conducts structured Risk and Control Self-Assessment (RCSA) programs and monitors internal and external risk events. This allows TD to identify, escalate, and monitor significant risk issues as needed.
TD's Enterprise-Wide Stress Testing involves the development, application, and assessment of severe but plausible stress scenarios on earnings, liquidity, and capital of the bank. It enables senior management and the board and its committees to identify and articulate enterprise-wide risks and understand potential vulnerabilities for TD. It informs and supports risk appetite, capital adequacy, and liquidity requirements, providing a framework to assess emerging, concentration, and contagion risks.
TD's risk control processes are established and communicated through risk committees and approved policies, procedures, and control limits. Policies are used as a key risk control tool to provide consistency, predictability, and alignment with risk appetite by communicating the principles, rules, and limits to guide and determine decisions and behaviors. TD's Policy Governance Framework provides a common structure and requirements for the consistent development, implementation, approval, and management of policy at TD.
TD's approach to risk control includes risk and capital assessments to appropriately capture key risks in TD's measurement and management of capital adequacy. This involves the review, challenge, and endorsement by senior management committees of the ICAAP practices. The Internal Control Framework describes enterprise principles governing internal control and management accountability to own and manage risk across the enterprise by practicing ongoing risk and control self-assessment; designing, implementing, and monitoring the effectiveness of a comprehensive program of internal control; and responding in a timely manner to control weaknesses identified by management, governance, risk and control groups, Internal Audit, or other parties.
In recognition of the importance of technology risk control and management, TD has established the Technology Risk Management and Information Security Program, which is designed to reduce business risk with technology controls, and to protect the bank, its customers, and its employees. This enterprise-wide program
is delivered through governance and policy setting, along with the Technology Risk Assessment and Control Framework that generates awareness, communications and ongoing assessments, information security architecture and strategy, and vulnerability and incident management.