Sample Risk Library

Operational Risk - Operational risk is defined as the potential for loss resulting from inadequate or
failed internal processes, systems, human error or from external events not related to credit, market or
liquidity risks. Operational Risk includes fiduciary risk, legal risk & business risk due to operational
failure, but excludes business risks of a strategic nature such as business risk due to earnings volatility.
It also includes Internal, xternal !raud, mployment "ractices and #orkplace $afety, "rofessional
"ractices, %amage to "hysical &ssets, 'usiness %isruption and $ystem !ailures, (ransaction rrors.
&ccounting & !inancial )anagement Risk - Risk of loss or error resulting from incorrect or
inadequate reporting of financial information. (Examples below)
1. !e risk t!at financial information is incomplete" not properly #alued" didn$t occur" do not !a#e
t!e rig!t or obligation to t!at transaction (i.e. transaction in source system are complete and
accurate).
%. Risk t!at t!e L&' !as not communicated to (inance a new product or transaction.
). Risk of untimely completion and filing of financial reporting.
*. Risk of inaccurate or incomplete posting of transactions to t!e +eneral Ledger w!ic! could
ad#ersely effect t!e financial statement.
,. (ailure to properly control" reconcile" monitor +-L$s and internal suspense accounts.
.. !e risk t!at forward/looking information is inaccurate or misleading (e.g. expectations around
meeting targets) and-or does not accurately or completely outline t!e risks associated wit!
future outlook.
0. !e risk t!at financial information is prepared using ot!er t!an t!e 'ank$s official financial
systems.
1. !e risk t!at performance measures (key performance indicators) defined by you are not
interpreted or calculated correctly by key financial people" do not support t!e 'ank$s goals"
strategies and-or ob2ecti#es" or do not pro#ide rele#ant information to e#aluate t!e goal.
&nti )oney *aundering Risk - Risk t!at dirty money or assets produced t!roug! criminal acti#ities are
disguised and transformed into clean money t!ereby protecting t!e criminal origin and making it difficult
to trace or associate as proceeds of crime. (Examples below)
1. Risk of loss to t!e 'ank t!roug! fines and penalties by failing to adequately train employees to
understand 3nti 4oney Laundering regulations and guidelines.
%. Risk of loss t!roug! t!e failure to update 34L policies and procedures to reflect current
legislation and to communicate t!ese c!anges to t!e respecti#e areas and personnel wit!in t!e
enterprise.
). Risk of loss t!roug! t!e failure to apply t!e 5now 6our 7ustomer Rules as it applies to 34L
requirements.
*. Risk of loss and non/compliance wit! regulations t!roug! failure to ascertain identification by
making reference to and recording appropriate identification as articulated in policies and
procedures.
,. Risk of loss and non/compliance wit! regulations t!roug! failure to maintain records as outlines
in policies and procedures.
.. Risk of loss t!roug! failure to report prescribed transactions as required by 898 including Large
7as! ransactions" :ire 8ayments" Suspicious ransactions and 7ross 'order ransactions.
0. Risk of loss t!roug! failure to monitor customer transactions in order to detect suspicious
be!a#ior.
'usiness +ontinuity Risk , %isaster Risk - Risk of loss t!roug! lack of adequate business continuity
plans. (Examples below)
1. Risk of loss t!roug! lack of adequate business continuity plans.
%. Risk of loss t!roug! t!e failure to test 'usiness 7ontinuity 8lans ensuring t!at t!ey reflect t!e
current business structure and en#ironment.
). Risk of inappropriate classification of systems - business functions - tec!nology - data w!ic!
ensures t!at critical resources are protected.
!raud Risk - Risk of loss t!roug! any intentional act committed to secure an unlawful gain. (Examples
below)
1. Risk t!at management does not apply effecti#e o#ersig!t of antifraud programs and controls.
%. Risk t!at t!e code of et!ics as it pertains to conflict of interest" related party transactions" illegal
acts etc. is not annually re#iewed by employees w!o fully understand t!eir responsibilities under
t!is code.
). Risk of loss w!en employees are not fully cogni;ant of t!e w!istleblower program and its usage.
Version 3.6 Page 1 of 11
Sample Risk Library
*. Risk of loss t!roug! t!e failure to execute background in#estigations for indi#iduals considered
for employment.
,. Risk of loss t!roug! inadequate processes to respond to allegations of suspicions of fraud.
.. Risk of loss w!en employees are not trained regarding possible fraudulent practices" code of
conduct" information tec!nology and in day/to/day operations.
-uman Resources Risk - Risk of loss resulting from management failure-inadequate staffing.
(Examples below)
1. Risk of an inadequate resource pool of di#erse !uman capital to meet t!e organi;ation$s current
and future requirements" t!us #acancies are not filled wit! t!e best qualified a#ailable
indi#iduals and support t!e ac!ie#ement of business ob2ecti#es.
%. Risk t!at t!e 'ank appro#ed strategies and practices related to c!anging or se#ering employee
relations!ips due to business needs are not ad!ered to and on a best efforts basis" alternate
placement wit!in t!e organi;ation for t!ese employees is not soug!t.
). Risk t!at 'ank 'enefits 8rograms" 7ompensation programs" <ob e#aluations and +rading
systems are inappropriately applied t!us impairing t!e 'ank$s ability to attract and retain !ig!ly
quality people.
*. Risk of inadequate learning opportunities to continually upgrading t!e knowledge and skills of
employees" particularly in t!e 'ank$s competencies" and to enable all employees to ac!ie#e
personal excellence t!roug! continuous learning in support of business ob2ecti#es.
,. Risk t!at Employees do not recei#e fair and t!oroug! assessment" feedback and action
planning to de#elop t!e required competencies for t!e ac!ie#ement of career goals and
business results.
.. Risk of inadequate supply of current and future qualified leaders from di#erse backgrounds to
execute its business strategies.
0. Risk of inadequate leaders!ip capabilities to create and sustain a positi#e and supporti#e work
en#ironment to en!ance employee commitment" satisfaction and retention.
1. Risk of not retaining a di#erse pool of skilled" capable and experienced resources t!at matc!
present and future business needs.
=. Risk t!at a di#erse workforce and an equitable" supporti#e workplace" reflecti#e of t!e
communities and markets we ser#e is not ac!ie#ed.
1>. Risk of inadequate maintenance of employee information and systems to support planning"
decision/making and reporting and to facilitate timely" accurate and complete processing of
employee (acti#e and pensioned-retired) information including payroll and benefits t!us creating
non ad!erence to legal and regulatory requirements.
11. Risk t!at t!e 'anks ?uman Resources policies" procedures" programs and practices are not in
compliance - ad!ered to" wit! t!e requirements of regulators and go#ernment aut!orities in
2urisdictions in w!ic! t!e 'ank operates.
1%. 4anagers fail to make t!e appropriate Sensiti#e 8osition determination. (@S Requirement.)
1). Sensiti#e 8osition employees do not take t!e prescribed 1> consecuti#e business days off wit!
t!e surrender of any remote access pri#ileges" and ot!ers do not take , consecuti#e business
days. (@S Requirement.)
Information $ecurity Risk , (echnology $ystems Risk - Risk of not protecting info resources against
ad#erse or unwanted conditions. (Anfo resources are t!e information 9 tec!nology/based systems"
applications" computing 9 network facilities t!at are used in t!e mgmt" processing 9 communication of
information.) (Examples below)
1. Risk of loss t!roug! inadequate systems integrity (computer programs and records being
altered" misused" or incorrect including unaut!ori;ed program c!anges)" failure to pro#ide
ser#ices required by t!e client on a timely basis" may impact profitability of organi;ation"
production system integrity - a#ailability may be ad#ersely affecting resulting in financial or
reputation damage.
%. Anability to maintain system at an acceptable le#el of performance and resol#e problems in a
timely" effecti#e and efficient manner" unnecessary system down time" ser#ice disruption 9
problem recurrence due to ineffecti#e problem management process.
). (ailure of networks or telecommunications c!annels (including t!e internet).
*. Risk of loss t!roug! inability to adequately anticipate" plan for" monitor and escalate potential
failures because of increased complexity in our data and communications systems" risk t!at
ser#ice system una#ailability or poor response time from inadequate resources 9 capacity to
meet future requirements.
Version 3.6 Page 2 of 11
Sample Risk Library
,. Running obsolescent tec!nology beyond its effecti#e life span.
*egal Risk - Risk of Loss resulting from a #iolation of law or breac! of legal requirements in t!e
respecti#e 2urisdiction" including situations arising out of 8atents" 7opyrig!t or rademark registration or
infringements. (Examples below)
1. Risk of loss t!roug! non/compliance of legal or contractual obligations.
%. Bew laws will be enacted" w!ic! unfa#orably affect business operations.
). Laws or contractual obligations will c!ange and procedures will not be updated to reflect
c!anges.
*. 3ppropriate personnel do not re#iew or understand legal agreements.
,. Anadequate legal documentation or contracts.
*ogical $ecurity Risk - Risk of loss of 'ank assets" customer assets" documentation" accounting and
management information and processing and processing systems as well as t!roug! inadequate logical
protection. (Examples below)
1. Risk t!at managementCs strategies for firewall logical security including t!e rele#ant policies"
standards" guidelines" or directi#es used to communicate t!ese strategies are not effecti#e.
%. Risk of improper-unaut!ori;ed access to t!e companyCs networks and systems and related
utilities as a result of improper account c!aracteristics.
). Risk of improper-unaut!ori;ed access to t!e companyCs networks and systems and related
utilities as a result of inappropriate assignment of pri#ileges to general users.
*. Risk of improper-unaut!ori;ed access to t!e companyCs networks and systems and related
utilities as a result of lack of or inadequate access to t!e admin function.
,. Risk of improper-unaut!ori;ed access to t!e companyCs networks and systems and related
utilities as a result of inadequate or ineffecti#e use of network design principles and-or network
security features.
.. Risk of improper-unaut!ori;ed access to t!e companyCs networks and systems and related
utilities as a result of failure to detect unaut!ori;ed access to company networks" related
systems" and information (data or programs) may result in unaut!ori;ed knowledge and use of
confidential information.
0. Risk of improper-unaut!ori;ed access to t!e companyCs networks and systems and related
utilities as a result of una#ailability or unaut!ori;ed disclosure of confidential information" w!ic!
may t!reaten t!e continuity of critical operations and processes.
1. Risk of loss t!roug! unaut!ori;ed use of super#isory or administrati#e rig!ts.
=. Risk of loss t!roug! unaut!ori;ed access to locations" in#entory" equipment and-or systems
used in business acti#ity and-or documents and-or management information.
)odel Risk - Risk of loss resulting from t!e inappropriate use of a model or t!e use of an inappropriate
model. (Examples below)
1. Risk of loss w!en inappropriate calculation due to improper estimation or calibration of
parameters suc! as #olatility.
%. Risk of loss w!en measurement errors produced #ia inappropriate inputs to t!e model.
). Risk of loss from inadequate modeling of complex structures or of complex market be!a#ior"
including liquidity" bid/ask spread considerations.
*. Risk of loss from use of missing and-or inadequate risk factors.
,. Risk of undetected modeling analytics errors resulting in incorrect solutions" including incorrect
cur#e construction.
.. Risk of loss from undetected bugs and errors in coding of models for implementation.
0. Risk of loss from inadequate #ersion and c!ange control in implementation.
1. Risk of loss w!en exceeding t!e model$s known and unknown limitations.
=. Risk of loss due to incorrect model assessment" selection and use" including misinterpretation
of results" use of stale models and use not originally intended.
Operations +ontrol Risk - Risk of loss resulting from a breakdown in controls around front" middle and
back office acti#ities including" unidentified limit excesses" unaut!ori;ed acti#ities by employees lack of
control around t!e accounting and processing of transactions. (Examples below)
1. Anadequate" inaccurate or untimely control reports resulting in flawed management reporting.
%. (ailure to properly define roles-responsibilities between #arious units" and wit! business
partners and to understand t!e reporting structure across entities and Lines of 'usiness.
). @nidentified limit excesses or failing to monitor limits.
*. rades not executed wit!in t!e specified guidelines-ob2ecti#es as per client-broker agreement.
Version 3.6 Page 3 of 11
Sample Risk Library
,. Andependent sources are not used for prices and rates and manual in !ouse prices and
independent modes are not re#iewed.
.. 4anual trade tickets are not signed and date stamped as per regulatory guidelines.
0. Bot confirming transactions independently of t!e trading function wit! t!e trading counterparty
on t!e trade date.
1. Bot obtaining an indemnity from counterparties w!o do not wis! to confirm transactions.
=. Reconciliations are not performed independent of t!e trading and processing function" including
suspense and inter/company accounts.
1>. Bot segregating customerCs securities from t!at of t!e bank.
11. Bot !a#ing or monitoring limits to restrict t!e maximum amount of risk across business units.
1%. Bot capturing and monitoring all market risks in!erent in products.
1). &#er/pledging or under/pledging collateral.
1*. Bot !a#ing netting agreements in place prior to netting or settlement of trades.
Outsourcing Risk - Risk of Loss due to interruption of ser#ice resulting from a reduction in control o#er
an outsourced function and an outsourcer not ad!ering to t!e same le#el of business disciplines"
controls w!ic! would apply if t!e 'ank performed t!e function. (Examples below)
1. Risk of financial loss 9-or loss of reputation to t!e 'ank w!en t!ere is a failure to complete a
t!oroug! assessment of t!e outsourcing opportunity and proper due diligence is not
undertaken.
%. Risk of financial loss 9-or loss of reputation to t!e 'ank w!en t!ere is a failure in monitoring t!e
outsource arrangement t!roug!out t!e life cycle of t!e outsourcing arrangement.
). Risk of financial loss 9-or loss of reputation to t!e 'ank w!en t!ere is a failure of t!e sponsor to
complete t!eir responsibilities" becomes embroiled in a negati#e public contro#ersy" are no
longer competiti#e or can no longer support needs or products.
*. Risk t!at SL3s are not in place between outsourcing owners" users and ser#ice pro#ider or do
not address all aspects of t!e outsourcing arrangement to protect t!e 'ank$s interest.
,. Risk of Loss due to lack of - inadequate 'usiness 7ontinuity 8lan or t!roug! defaults and
termination of t!e ser#ice pro#ider.
"hysical $ecurity Risk - Risk of loss of 'ank assets" customer assets" documentation" accounting and
management information and processing and processing systems as well as customer and employee
safety t!roug! inadequate p!ysical protection. (Examples below)
1. Risk of unaut!ori;ed access to 'ank premises resulting in t!e destruction" loss or damage of
assets" in#entory" equipment or systems used in business acti#ity. Loss" destruction or
unaut!ori;ed access to management and-or customer information inadequate protection of
customers and employees.
%. Risk of inadequate measures to protect against in2ury to customers and employees" destruction"
loss or damage of assets" in#entory" equipment or systems used in business acti#ity due to
potential en#ironmental !a;ards suc! as fire and water damage.
). Risk t!at unaut!ori;ed personnel !a#e access to assets" in#entory" equipment" or systems used
in business acti#ities or documents" customer or management information.
"rivacy Risk - Risk of loss due to organi;ationCs failure to meet t!e pri#acy promise it !as made to its
clients" t!e failure to appropriately safeguard t!e information it maintains about its customers" and" t!e
failure to comply wit! pri#acy laws 9 regulations. (Examples below)
1. Risk of #iolating t!e terms of t!e organi;ationCs 8ri#acy 8olicy and increasing t!e litigation and
reputation risks.
%. Risk of non/compliance wit! pri#acy legislation" including unaut!ori;ed s!aring of customer
information.
). Risk t!at t!e +roup does not comply wit! customer opt out-opt in election or do/not/call" do/not/
mail or do/not/email preferences.
*. Risk of unaut!ori;ed disclosure of confidential-personal information to t!ird parties (indi#iduals
or ser#ice pro#iders).
,. Risk t!at employees are not properly trained to comply wit! pri#acy and information security
policies" directi#es" procedures" laws or regulations.
.. Risk t!at assets" equipment" systems" in#entory" documents or management information are
lost" misdirected or destroyed or t!at documentation is not properly retained or destroyed
depending on current business need or regulatory requirement.
0. Risk t!at unaut!ori;ed personnel !a#e access to in#entory" equipment or systems used in
business acti#ity" !ard-soft copy documents or management information t!at is not necessary
Version 3.6 Page 4 of 11
Sample Risk Library
for t!e employeeCs 2ob responsibilities" access to locations including t!ose locations containing
customer information suc! as buildings" computer facilities and records storage facilities.
1. Risk of inadequate encryption of customer information w!ile in transit or storage on networks or
systems" w!ic! includes external e/mails" inadequate system integrity (computer programs and
records being altered" misused or incorrect including unaut!ori;ed program c!anges).
=. Risk of errors in t!e de#elopment of computer programs and systems containing customer
information because procedures are not consistent wit! t!e 'ankCs Anformation Security
program" inadequate monitoring systems and procedures t!at would detect unaut!ori;ed
access to customer information systems" lack of adequate response programs t!at specify
actions to be taken w!en t!e bank suspects or detects t!at unaut!ori;ed indi#iduals !a#e
gained access to customer information systems" including appropriate reports to Senior
4anagement regulatory and law enforcement agencies.
1>. Risk of inadequate measures to protect against destruction" loss" or damage of customer
information due to potential en#ironmental !a;ards" suc! as fire and water damage or
tec!nological failures.
11. Risk of inadequate monitoring systems and procedures to re#alidate indi#iduals continued need
to access data - information.
Regulatory Risk - Risk of loss resulting from an inability to meet regulatory requirements including"
breac!ing existing capital requirements" failure to anticipate fort!coming regulatory requirements" failure
to comply wit! pri#acy and ot!er regulations. (Examples below)
1. Risk of loss t!roug! non/compliance wit! regulatory requirements.
%. Risk of loss w!en regulations c!ange and procedures are not updated to reflect t!ose c!anges.
$hift in +redit Ratings - Risk of Loss resulting from downgrade/induced inability to raise funds at
acceptable cost or access markets and as well as resulting general loss of business. (Bo examples)
$trategic Risk - Risk of loss or sub/optimi;ing s!are!older #alue due to ad#erse business decisions"
policy gaps or breakdown in mgmt processes including inappropriate allocations of strategic resources
across t!e 'anks Lines &f 'usiness or wit!in an indi#idual Line of 'usiness. (Examples below)
1. Risk of inconsistent application of strategy de#elopment standards.
%. Risk of strategies based on inaccurate or incomplete information.
). Risk t!at strategies are not linked to financial commitments.
*. Risk t!at !ig! #alue issues-opportunities are not identified in a timely fas!ion.
(axation Risk - Risk of Loss resulting from c!anges in tax laws" inaccurate assessment or
unanticipated taxation. (Examples below)
1. Risk of loss resulting from c!anges in tax laws.
%. Risk of loss from unanticipated taxation.
). Risk of not collecting and-or remitting taxes (including domestic 9 international) correctly or on a
timely basis.
*. Risk of not preparing prescribed tax forms (including payroll" capital and corporate tax returns)
correctly and on a timely basis.
,. Risk of failure to consider t!e tax consequences of transactions" including normal business
acti#ities or c!anges in acti#ity.
.. Risk of failure to assess t!e consequences in t!e e#ent of a c!ange in tax rules.
0. Risk of non/compliance wit! legislated requirements.
1. Risk of not knowing w!ic! tax form to use for filing purposes (i.e. for tax 9 income reporting).
=. Risk t!at t!ere are foreign tax requirements t!at pertain to customers residing in anot!er
country t!at t!e @nit !as not properly noted.
1>. Risk t!at incorrect tax forms mailed to t!e client are not being amended and re/filed in a timely
manner.
11. Risk t!at t!e @nit engages in business acti#ities or c!anges t!e acti#ity wit!out being aware of
t!e tax consequences" or t!e @nit acts on incorrect or incomplete information.
1%. Risk of improper interpretation of 7anadian or (oreign tax rules.
1). Risk of a c!ange in administrati#e practices of 7anadian or (oreign ax aut!orities.
1*. Risk of failure to pro#ide appropriate detailed documentation (suc! as R9D deductions"
Donations" etc.) to enable a quality tax pro#ision or tax filing.
1,. Risk of failure to properly remit property taxes and related business le#ys.
1.. Risk of failure to produce prescribed ax forms (e.g.," )) t!at must be mailed to t!e client and
filed wit! t!e go#ernment by t!e due dates.
Version 3.6 Page 5 of 11
Sample Risk Library
10. Risk of failure to collect and remit wit!!olding tax (payroll" +S" 8S" ?S" non/resident" RRA("
RRS8 wit!drawals" (oreign 7ontent 7!arges" etc.).
11. Risk of failure to report taxable benefits for employees.
1=. Risk of failure to properly act in accordance wit! policy 0)>/, w!en issued a tax lien by 7anada
Re#enue 3gency (7R3).
%>. Risk of failure to pro#ide axation Department wit! details of costs t!at could !a#e tax
consequences. (i.e. An#estment tax credit for system de#elopment costs.).
%1. Risk t!at for donations E F%,">>> (7anadian)" t!e 'anking +roups do not properly appro#e and
securely maintain tax receipts as back up to obtain t!e 'anks tax credit for donations to
registered c!arities.
%%. Risk of performing an inaccurate tax assessment.
%). Risk of failure to self/assess taxes (+S" 8S) from non/residents.
%*. Risk of not retaining appropriate documentation supporting inter/company and inter/branc!
transactions (i.e. sale of goods 9 ser#ices" license of intangibles" financial transactions including
global trading" etc.) t!at maybe required by go#ernment aut!orities.
%,. Risk of failure to wit!!old and remit tax payments correctly.
(ransaction "rocessing Risk - Risk of loss resulting from errors in processing transactions.
(Examples below)
1. Risk of loss from processing unaut!ori;ed transactions" duplicate transactions" aut!ori;ed
transactions in an accurate" complete and-or timely manner" errors in t!e execution of
trades-transactions" settlement of trades-transactions" booking trades-transactions.
%. Risk of errors resulting from t!e complexity of products and inability for existing systems and
processes to cater to t!em.
). Risk of loss from improper-missing legal documentation and contracts.
*. Risk of loss from failure to properly process and !andle exceptions and in#estigations including
compensation.
,. Risk of inaccurate" untimely and-or incomplete record keeping" account set/up-closure and-or
balancing.
.. Risk of loss from failure to ac!ie#e required ser#ice le#els in support of business ob2ecti#es" to
operate at optimum performance-efficiency" t!ereby putting system integrity and reliability at
risk.
+redit Risk - Risk of loss of principal or interest or revenues due to the obligor.s inability or failure to
repay a financial obligation. (he financial obligation may be formally defined /e.g. a loan0 or informal
/e.g. an overdraft0.
*oan *oss Risk - Risk of loss w!en &bligor" Endorser" guarantor or surety fails to repay a debt
obligation w!en due. (Examples below)
1. Risk of loss w!en &bligor" Endorser" guarantor or surety fails to repay a debt obligation w!en
due.
%. Risk of loss w!en t!e quality of purc!ased loans is inferior to loans originated in/!ouse
(syndications" et al).
). Risk of loss t!roug! improper or inadequate underwriting or structuring of t!e credit.
*. Risk of loss t!roug! inadequate or incomplete documentation collaterali;ation. 7ould result in
improper lien perfection" reduced 'ank rig!ts and-or remedies or" in general" afford insufficient
protection w!ere t!e 'ankCs interests are concerned" t!ereby diminis!ing collectability of 'ank
assets.
,. Risk of loss t!roug! ineffecti#e monitoring of financial performance of borrowers.
.. Risk caused by industry or ot!er concentration (including geograp!ical)" co#ariance" migration.
0. Risk of loss w!en t!e &bligor fails to !onor a margin obligation.
1. Risk of loss due to deterioration in t!e assets t!at !a#e been securiti;ed.
=. Risk of loss t!roug! 'rokersC Daylig!t &#erdrafts.
Replacement Risk - Replacement risk (RR) is t!e potential amount due to t!e 'ank from a
counterparty" in t!e e#ent of t!at counterparty defaulting" estimated to a gi#en confidence le#el. At is t!e
type of credit risk t!at may be present at t!e inception of a contract" but is specifically identified by t!e
fact t!at c!anges in t!e le#el of credit exposure post inception are dri#en primarily by c!anges in market
rates. &7 deri#ati#es" in particular" gi#e rise to RR as t!e #alue of t!e contract and !ence t!e amounts
due to t!e 'ank c!ange wit! c!anging underlying parameters suc! as interest rates" foreign exc!ange
Version 3.6 Page 6 of 11
Sample Risk Library
rates" equity prices. Bon/deri#ati#e contracts may also gi#e rise to RR" (e.g. repos and re#erse repos)
w!ereby market c!anges in t!e #alues of securities-cas! lent or borrowed may go out of line wit!
market c!anges in t!e #alue of collateral. (Examples below)
1. Risk t!at counterparty fails to perform as contractually agreed.
%. Risk t!at t!e issuance of credit is granted wit!out receipt of requisite appro#al.
). Risk of disagreement wit! counter/party o#er terms or mec!anics of transaction.
*. Risk t!at replacement risk measurement met!odologies and replacement risk factors do not
accurately reflect t!e correct exposure of counterparties to t!e 'ank.
,. Risk of loss t!roug! inadequate or incomplete documentation (ASD3). 7ould cause t!e 'ank to
!a#e reduced rig!ts relati#e to termination" ability to net and potentially leading to litigation.
$ettlement Risk - 3rises w!en" during an agreed concurrent exc!ange of #alues" t!e 'ank makes a
payment or gi#es ot!er #alue before it is certain t!at t!e agreed upon counter/#alue !as been recei#ed
irre#ocably from t!e counterparty. 3 form of below t!e line risk w!ic! excludes 'rokersC Daylig!t
&#erdrafts. (Examples below)
1. 8ayments Risk G !e amount of w!ic! intra/day debit balances in Hostro (a Due to 'anks
account) or ot!er accounts wit! t!e 'ank exceed credit balances at any time during t!e day.
8ayment Risk may also arise as a result of transactions executed t!roug! Bostro (3 demand
account maintained by one bank in anot!er bank and denominated in foreign currency)
accounts carried by t!e 'ank wit! ot!er banks.
%. (oreign Exc!ange Settlements/!e exposure created w!en one currency is paid out prior to
receipt of equi#alent #alue in anot!er currency as a result of cas!" spot or forward exc!ange
transactions including cross currency interest rate swaps.
). Securities Settlements Risk G As incurred w!en securities are deli#ered prior to an irre#ocable
payment being recei#ed" and can occur w!en t!e 'ank acts as Assuing 3gent for s!ort term
notes" w!en maturing notes are presented for payment prior to receipt of funds from sale of new
notes and t!e 'ankCs exposure is not co#ered by standby letters of credit.
*. 'ilateral Limits Restriction on t!e maximum net amount of payment orders t!e 'ank is prepared
to recei#e from anot!er bank t!roug! a specific payment system at any time during t!e day.
,. Risk t!at counterparty fails to perform as contractually agreed.
.. Risk of disagreement wit! counter/party o#er terms or mec!anics.
0. Risk of exceeding appro#ed credit lines wit!out appropriate prior appro#al.
$overeign Risk - Risk arising from Loans t!at are direct obligations of" or guaranteed by" a foreign
go#ernment" (or an organi;ation or agency controlled by suc! a go#ernment" including public sector
banks and foreign debt registries" w!ic! are directly c!arged wit! carrying out t!e gi#en go#ernment$s
national policies)" ransactions wit! residents of t!e So#ereign State and 7ross/border claims and t!e
associated currency risks" including t!e possibility t!at ser#ice of an asset may not be possible due to
non/a#ailability of freely con#ertible foreign currency. (Examples below)
1. Risk of cross border transactions and t!e associated currency risks (if any)" including t!e
possibility t!at ser#ice of an asset may not be possible due to non/a#ailability of freely
con#ertible foreign currency.
%. Risk t!at a go#ernmentCs action may pre#ent repayment of a debt.
Insurance Risk - !e probability of loss arising from committing to a group or t!e probability of loss
arising from t!e 'ank committing to a group of policy !olders (or beneficiaries) to make fixed or
determinable payments w!ic! exceed in aggregate" w!en actually paid" t!e net present #alue of t!e
sum of premiums or ot!er fees recei#ed or to be recei#ed from t!e policy !older (I8olicy AncomeJ)K
in#estment income recei#ed on t!e 8olicy AncomeK net reco#eries from t!ird parties from disposals of
assets (including settlement of legal or ot!er actions) acquired as a result of paying a claim to a policy
!older. (Examples below)
1. Risk of loss due to t!e amount of claims paid (including catastrop!ic e#ents) exceeding t!e
amount of re#enue (e.g. Risk 8remium portion) recei#ed.
%. Risk of in#estment returns being less t!an expected.
). 8roduct design and pricing risk" being exposure to financial loss resulting from engaging in t!e
business of insurance w!ere t!e costs and claims assumed in respect of a product exceed t!e
expectation in pricing t!e product (including t!e inability to sell enoug! policies to co#er fixed
costs). (our key assumptions in product pricing and design are underwriting risk" persistency"
expense assumptions" and in#estment returns.
Version 3.6 Page 7 of 11
Sample Risk Library
*. @nderwriting and liability risk being exposure to financial loss resulting from t!e selection and
appro#al of risks to be insured" t!e ad2udication of claims and t!e management of contractual
and non/contractual product options.
,. 3nti/selection risk" w!ic! is t!e risk t!at more customers w!o are likely to claim will purc!ase
t!e product.
.. Ansufficient policies sold to ac!ie#e t!e spread of risk necessary for t!e actuarial pro2ections to
be correct or to ac!ie#e t!e expected critical mass to co#er t!e price for unit expenses.
0. Risk of loss due to external factors (legislation" courts" social norms etc.) forcing t!e company to
expand allowable claims (refer to &perations Risk G Legal Risk)
+lash Risk - Risk of insuring a single life under multiple co#erages wit! t!e total amount of insurance
co#erage greater t!an corporate policy limits (or company retention limits). (Bo examples)
)arket Risk - )arket Risk /also often referred to as "osition Risk0, is the risk of a potential negative
impact on the 'ank1s balance sheet and income statement resulting from adverse changes in the price
or value of open or unhedged market positions.
+redit $pread Risk - !e risk arising from mo#ements in t!e spread of a particular issuer relati#e to a
riskless (default/free) benc!mark. Spread risk is most commonly associated wit! corporate debt
securities" credit deri#ati#es" and some structured products. (Examples below)
1. Risk of t!e mo#ement in t!e credit spread on a security or transaction. !e risk can be dri#en
by spreads eit!er widening or narrowing" depending on t!e position being taken.
%. Risk t!at a particular issuer will migrate to a new credit rating. !is can lead to large c!anges in
credit spreads.
). Risk t!at an issuer defaults on a security.
'asis Risk - !e risk arising from negati#e c!anges in #aluation between off/setting positions arising
from mismatc!ed pricing indices and-or cas! flow timing. !e mismatc! may be caused by t!e position
and its !edge !a#ing different pricing sources or by t!e timing of t!e pricing e#ents. (Examples below)
1. Risk of mismatc!ed positions.
%. Risk of incorrect pricing met!ods" contract pro#isions" unwinding process-strategies. !is
seems like operational risk.
!oreign xchange,+ommodities, quities Risk - !e risk of #alue impairment and-or income loss to
t!e 'ank w!en on and-or off/balance s!eet assets and liabilities in foreign currencies-commodities" or
equities are mismatc!ed resulting in net long or s!ort positions and are t!erefore exposed to ad#erse
price mo#ements. (Examples below)
1. Risk of mismatc!ed transactions" including parallel s!ifts in price cur#es or implied #olatility
surfacesK and steepening" flattening or twisting of price cur#es or implied #olatility surfaces.
%. Risk of incorrect pricing of products" contract pro#isions and-or prepay options.
). !e risk of loss to t!e 'ank w!en on and-or off/'alance S!eet assets and liabilities in foreign
currencies are mismatc!ed and exposed to mo#ements in currency.
*. Risk of loss due to un!edged positions.
,. Risk of loss as certain stocks may not be sufficiently liquid to ac!ie#e desired !edge.
.. Risk of loss due to ad#erse mo#es in equity prices.
0. Risk of loss w!ere market parameters are not obser#ed for &7 equity options" loss from
mispricing may occur.
Interest Rate Risk - !e risk of loss to t!e 'ank w!en on and-or off/balance s!eet assets and liabilities
are mismatc!ed wit! respect to repricing or maturity dates and as suc! are exposed to ad#erse
mo#ements in interest rates. (Examples below)
1. !e risk of taking larger positions t!an t!e 'ank !as an appetite for.
%. !e risk t!at traders will take unaut!ori;ed positions in markets and or financial instruments.
). Risk of loss t!roug! mismatc!ed assets and liabilities" including parallel s!ifts in interest rate
cur#es or implied #olatility surfaces and steepening" flattening or twisting of interest rate cur#es
or implied #olatility surfaces.
*. !e risk t!at market risk exposures are not completely and accurately measured" reported and
monitored.
(rading Risk & 2nder3riting Risk - @nderwriting 9 rading Risk / 4arket risk in t!is category arises
out of business acti#ities t!at entail acti#ely buying and selling on 9off balance s!eet products in t!e
course of ser#icing customer requirements" market making" proprietary trading" and underwriting.
Version 3.6 Page 8 of 11
Sample Risk Library
rading and @nderwriting encompasses all positions t!at are accounted for on a mark to market basisK
t!ose positions t!at are not accounted for on a mark to market basis but t!at" for risk management
purposes" are considered as trading positions. (Examples below)
1. Risk of loss t!roug! 4arket #olatility.
%. Risk of loss t!roug! rating c!anges.
). Risk of loss t!roug! mispricing.
*. Risk t!at trading losses exceed tolerance le#els t!at management is comfortable wit!.
,. Risk t!at traders assume more market risk or incur greater losses on an intra/day basis t!an
management !as delegated limits for.
.. Risk t!at traders enter into positions in illiquid instruments or markets" w!ic! could result in
substantial losses due to inability to unwind t!e positions expeditiously wit!out undue price
concession to t!e market.
0. Risk t!at non/typical transactions entered into and falling outside t!e normal framework for
market risk controls could a#oid proper risk capture and result in unexpected losses.
+urve Risk - Represents t!e potential c!ange in #alue of an interest rate position based on c!anges to
t!e s!ape of t!e relati#e yield cur#e. (Examples below)
1. !e risk of loss due to inappropriate measures" or absence of measures" of Icur#e riskJ" w!en
traders !a#e offsetting long and s!ort positions at different parts of t!e yield cur#e to take
ad#antage of c!anges in t!e s!ape of t!e cur#e.
$tructural )arket Risk - Risk t!at a business unit takes structural market risk t!at is not aligned wit! its
appro#ed business strategies and mandate. (Examples below)
1. Risk t!at a business unit takes structural market risk t!at is not aligned wit! its appro#ed
business strategies and mandate.
%. Risk of incorrect pricing of embedded options.
). Risk of loss if market conditions deteriorate rapidly (e#ent risk) causing extraordinary le#els of
price #olatility or ad#erse liquidity.
*. Risk of loss if consumer be!a#ior de#iates from expectations. !is could result in losses in
excess of t!ose predicated by risk parameters in t!e structural market risk reporting models.
,. Risk t!at structural market risk exposures are not completely and accurately identified"
monitored" measured and reported.
.. Risk t!at structural market risk reporting is not timely or frequent enoug! to be of any #alue to
management.
0. Risk of loss if market parameters" consumer be!a#ior assumptions and correlation matrices
contained in t!e structural market risk reporting systems are not updated regularly enoug! to
properly reflect current market conditions.
1. Risk t!at structural market risk limit excesses and related material ad#erse trends are not
identified" escalated and appropriately resol#ed.
Issuer Risk - (he potential change in the market value of a debt instrument attributable to credit spread
risk, as measured by the Issuer Risk model. /4o sub-risks5 no examples0
*iquidity & !unding Risk - (he potential for loss if the 'ank is unable to meet financial commitments in
a timely manner at reasonable prices as they fall due. !inancial commitments include liabilities to
depositors and suppliers, and lending and investment commitments. /4o sub-risks5 examples belo30
1. Risk t!at t!e le#el of customer deposit wit!drawals" credit facility drawdowns and collateral
requirements exceeds t!e le#el of liquidity a#ailable to t!e 'ank under normal and stressed
en#ironments.
%. Risk t!at liquid assets cannot be quickly sold-pledged at reasonable prices w!en required.
). Risk t!at t!e 'ank !as insufficient collateral a#ailable to meet pledging requirements.
*. Risk t!at t!e 'ankCs forecast of daily cas! flows is incorrect resulting in undue reliance on t!e
'ank of 7anada to meet t!e 'ankCs funding needs.
,. Risk t!at t!e 'ank !as not sufficiently di#ersified its financial commitments" bot! on and off
balance s!eet to mitigate concentration risk" w!ic! could impact t!e stability and capacity of t!e
'ankCs funding base.
.. Risk t!at t!e w!olesale funding requirements of t!e 'ank (e.g. growt! strategies) are not
managed effecti#ely" resulting in w!olesale funding needs t!at exceed w!olesale funding
Version 3.6 Page 9 of 11
Sample Risk Library
capacity or create a reliance on w!olesale funding beyond target le#els in support of t!e 'ankCs
target credit rating.
0. Risk t!at liquidity and funding positions are not completely and accurately identified" measured"
reported and monitored.
1. Risk t!at liquidity and funding reporting is not timely or frequent enoug! to be of any #alue to
management.
=. Risk of loss if key liquidity and funding assumptions contained in liquidity and funding
measurement systems are not updated regularly enoug! to properly reflect current market
conditions.
1>. Risk t!at liquidity and funding limit and guideline excesses and related material ad#erse trends
are not identified" escalated and appropriately resol#ed.
Reputation Risk - (he risk of negative impacts resulting from the deterioration of the nterprise1s
Reputation 3ith key stakeholders. xamples of negative impacts include revenue loss, decline in the
customer , client base, costly litigation, regulatory sanctions, and decline in the share price.
6$takeholders6 is defined as customers , clients, employees, shareholders, the Investor +ommunity,
regulators, rating agencies, 'usiness "artners and the public. /4o sub-risks5 examples belo30
1. Risk of ad#erse marketplace and-or product image.
%. Risk of inappropriate actions by employees.
). Risk of poor performance in t!e marketplace.
*. Risk of #iolating statutes or regulations.
,. Risk of #iolating t!e terms of t!e organi;ations 8ri#acy 8olicy and increasing t!e reputation risk.

.. (ailing to apply Lknow your clientL principles to client - business partners!ips" resulting in
association wit! customers - clients and business partners t!at could damage t!e Enterprise$s
Reputation.
0. 'reac!ing t!e terms of key organi;ational policies for managing relations!ips wit! in#estors"
s!are!olders" customers - clients" business partners" regulators" rating agencies and t!e public.
Examples of topics wit! key 8olicies and Standards supporting t!ese relations!ips includeM
8!ilosop!y" 8rinciples and 7onduct of Lending 3cti#ityK 8ri#acyK Social ResponsibilityK
&utsourcingK 7!ange 4anagementK 8rocurementK En#ironmentalK 4edia &perating Directi#eK
Disclosure Standard.
1. 'reac!ing t!e terms of key organi;ational policies for managing internal operations. Examples
of rele#ant 8olicy and Standard topics includeM Risk 4anagement" 7orporate 7ompliance"
Legal" Anternal 7ontrol - 3udit" &perations +o#ernance" Anformation Security" (inancial
4anagement 9 7ontrol" 3nti/4oney Laundering" Anformation 4anagement" and 'usiness
7ontinuity 4anagement.
=. (ailing to undertake appropriate analysis and due diligence in respect of all business
operations" business relations!ips" product offerings and complex - structured transactionsK and"
failing to ensure t!at t!e results of analysis and due diligence for t!ese acti#ities are integrated
into business decision/making processes.
1>. 3cti#ities wit! medium to !ig! in!erent risk t!at may not be sufficiently mitigated to pre#ent
situations wit! t!e potential to result in reputation risk.
!iduciary Risk,%uties of +are - (he risk of loss to 3hich the institution is exposed, 3hether directly or as
a result of adverse effects on its reputation, that is attributable to the possibility that the institution or
any of its subsidiaries 3ill breach their duties or obligations in the course of holding, administering,
managing or investing assets on behalf of other persons, or in the course of providing investment
advice to other persons. /4o sub-risks5 examples belo30
1. Risk t!at duty of care in!erent in a particular business acti#ity is not well understood.
%. Risk of introducing products-ser#ices significantly different from existing products-ser#ices wit!
respect to duties of care wit!out an appropriate risk assessment or commensurate staff training.
). Risk t!at duties of care are not appropriately managed in processes w!ere t!ere are in!erent
duties of care. 8rinciples to consider in deciding w!ere t!ere are duties of care areM
appropriateness" transparency" conflicts of interest" in#estment performance monitoring and
communication. Selected examples of acti#ities w!ere t!ese need to be considered relati#e to
Version 3.6 Page 10 of 11
Sample Risk Library
businesses w!ere duties of care are in!erent include t!e following. !ese acti#ities typically
arise in deli#ering wealt! management products. Example 8roxy #oting" Selection and
monitoring outside managers" Researc! and security selection" 3sset 3llocation 4odels" rade
allocation practices - best execution" Anternal and t!ird party referrals" 7onstruction and offering
of financial planning ser#ices" 7reation and use of client profiling tools.
*. !e risk t!at processes and decisions in#ol#ing duties of care are inadequately documented.
,. (iduciary duties are a special subset of duties of care and s!ould be understood w!ere t!ey
apply. :!ile fiduciary duties can arise in many situations" t!ey are most often imposed on
persons acting as trustees" agents" guardians etc. 3ctual duties will depend on t!e specific
nature of t!e relations!ip and t!e facts and circumstances of t!e situation. 5ey elements to
e#aluate relati#e to fiduciary risk areM 8rudent An#estor-8rudent 4an RuleM Duty to Exercise
Reasonable 7are and Skill" Duty of Loyalty" Duty of Ampartiality" Duty not to Delegate" Duty to
3dminister rusts by its erms" Duty to 5eep 3ccounts and Records" Duty to 5eep rust
8roperty Separate.
Version 3.6 Page 11 of 11