DATA RISK Data risk is the risk, whether direct or indirect, that arises from reliance on data to support our ability to make informed decisions and develop accurate reporting and analytics for senior management, our Board of Directors, regulators, or customer facing and/or marketing purposes. Potential risks can relate to data management, data taxonomy, metadata, governance, access, or data that is incomplete, inaccurate, untimely and/or inaccessible, misuse and/or misinterpretation of data. Data is considered a key strategic asset. As data is produced and consumed by different business lines and geographies across CWB, an effective, collaborative, and holistic approach to data risk management has been implemented to minimize reputation, regulatory and financial risk. Our Data Governance framework and supporting protocols reflect a risk-based approach to support oversight and management of critical data elements to enable greater coordination and consistency of our data. We continue to enhance and mature our data remediation processes and data quality monitoring tools. Our ongoing programs related to data protection and access management also ensure that data is only accessible when directly relevant to the team member’s role. MODEL RISK Model risk is the risk of adverse financial and reputational consequences arising from the use of an inappropriate model or from using a model inappropriately. Model risk can originate from inappropriate specifications, incorrect parameter estimates, flawed hypotheses and/or assumptions, mathematical computation errors, inaccurate, inappropriate or incomplete data, inappropriate, improper or unintended usage and inadequate monitoring and/or controls. The Model Risk Committee provides oversight of model risk. Our Model Risk Management policy and standard describe the overarching principles and procedures that provide the framework for managing model risk. The policy and standard also define roles and responsibilities for key stakeholders involved in the Model Risk Management cycle. All models, whether developed internally or vendor-supplied, are covered by this framework.
LEGAL AND REGULATORY RISK
Legal and regulatory risk is the potential for loss or harm resulting from a failure to comply with laws, meet regulatory requirements, or satisfy contractual obligations. This includes the risk arising from any failure to meet applicable standards of care, implement practices to meet new or evolving legal or regulatory requirements, enforce or comply with contractual terms, or effectively manage litigation and other disputes. Legal and regulatory risk does not include risk arising from non- conformance with ethical standards. The financial services industry is highly regulated and subject to strict enforcement of legal and regulatory requirements by various authorities, including federal and provincial governments and regulators. Failure to manage these risks or comply with applicable legal and regulatory requirements may result in legal proceedings including civil or criminal litigation, regulatory fines and other sanctions, enforcement actions, criminal convictions and penalties, administrative penalties, financial loss, restricted business activities, increased regulatory supervision or intervention or supervisory findings, the imprisonment or regulatory examination of officers and directors, an inability to execute our strategic direction, a decline in client and investor confidence, and damage to our reputation. Management of these risks and ensuring compliance with legal and regulatory requirements are key priorities for us, and we do so in accordance with our three lines of defence framework. Changes to applicable legal and regulatory requirements, including changes in their interpretation or implementation, could adversely affect us, and we anticipate ongoing scrutiny from our regulators and strict enforcement of such requirements as reforms continue at the federal and provincial levels to strengthen the stability of the financial system and protect stakeholders. Over the past several years, the intensity of supervisory oversight of all federally regulated Canadian financial institutions has increased in both requirements and new standards. This includes amplified supervisory activities, an increase in the volume of regulation, more frequent data and information requests from regulators, and shorter implementation timeframes for new requirements. Further, new regulatory regimes have or are being introduced for areas including privacy and data management, consumer protection, third-party risk management, climate risk management, and cybersecurity and technology risk oversight which enhance the complexity of compliance. Certain requirements may also impact our ability to compete against both federally regulated and non-federally regulated entities. We actively monitor these developments and implement required changes to systems and processes. We have implemented a robust Regulatory Compliance Risk Management standard and developed supporting protocols to manage regulatory compliance risk across the enterprise. Our Legal Services and Regulatory Compliance groups work together to maintain enterprise-wide protocols that set out the steps to be taken to identify, assess, manage, monitor and report on legal and regulatory issues. We identify applicable laws and regulations and potential risks, recommend mitigation measures and strategies, conduct internal investigations, and oversee legal proceedings and enforcement actions, including civil claims and litigation, criminal charges, and regulatory examinations and audits. Failure to comply with applicable legal and regulatory requirements may result in legal proceedings, financial losses, regulatory fines and other sanctions, enforcement actions, criminal convictions and penalties, an inability to execute our strategy, a decline in investor and client confidence, and damage to our reputation. We are subject to legal proceedings, including investigations by regulators, arising in the ordinary course of business. The unfavourable resolution of any such legal proceedings could have a material adverse effect on our business, reputation, financial condition, cash flows, capital position or credit ratings, or require material changes in our operations. The volume of legal proceedings and the amount of damages and penalties assessed in such legal proceedings could grow in the future. We are required to disclose material litigation to which we are party. In assessing the materiality of litigation, factors considered include a case-by-case assessment of specific facts and circumstances, our past experience and the opinions of legal experts.
54 | CWB Financial Group 2023 Annual Report
Powered by FlippingBook