Enterprise Risk Management Organizational Structure

Presentation to the RMC

February 26, 2007

2

Table of Contents

Linking the Organization to our ERM Objectives

What do we need from the RMC?

1

2

3 Appendix

3

Linking the Organization to our ERM Objectives

Ensure ERM Program aligns with the global ERM initiative.

Establish a communication, escalation and reporting structure to “Get the right

information, to the right people, at the right time, to make the right decisions.”

In the following slides, we illustrate 5 alternative organizational structures for use in

our NA ERM initiative.

We recommend that the RMC endorse Organizational Structure 4. – Note: Organizational Structure 4 received majority support from six RMC members at the LORM meeting on February 21,

2007. These same RMC members will be asked to vet the new ERM Committee Charter.

4

Structure 1 Structure 2 Structure 3 Structure 4Current

State

Advisor

to RMC

Intermediate

Decision-making body

Reporting as a

Subsidiary to the RMC

New Structure X √

Mandate• No separate, stated mandate for ERM.

• Identifies future risk trends by reviewing results from Risk Outlook Process.• Monitors enterprise-wide risks.• Responsible for escalating key risk issues to the RMC for attention and decisioning.

• Identifies future risk trends by driving Risk Outlook Process.• Monitors enterprise-wide risks.• Responsible for identifying key risk concerns for RMC attention and decisioning.• Controls risk by acting as senior risk committee.

Membership • RMC members • Modeled Risk Owners • One representative from each RMC member (GSVP level or above)

• Modeled Risk Owners,

Audit, Compliance, Legal, HR, Finance (at GSVP level or above)

Structure 5

Decision-making

Reporting into LORM / Other Subcommittee

√ √ √

X √ √ √√

• Identifies future risk trends by driving Risk Outlook Process• Monitors enterprise-wide risks.• Responsible for identifying key risk concerns for RMC attention and decisioning.• Controls risk by acting as senior risk committee.

• Identifies future risk trends by driving Risk Outlook Process• Monitors enterprise-wide risks.• Responsible for identifying and escalating key risk concerns for LORM attention and decisioning.• Mitigates risk.

• Existing LORM members

How do we get there?

5

Structure 4: Reporting as a Subsidiary to the RMC

Disadvantages

New decision-making structure.

Negotiate information inflows from other groups.

May lack requisite power to affect transformation.

Advantages

Simple to understand structure.

At this organizational level, members may

represent “practitioners.”

Highly visible in the organizational structure.

Does not introduce a high level of bureaucracy.

Avoids introduction of new Task Forces.

Description: This structure represents ERM as a new committee or reporting subsidiary of the RMC. This

body would be similar to Structure 3 in constituency but different in terms of organizational structure

placement.

RMC

Compliance LORM ALCO BAN Credit Policy Audit ERM

Note: This is not an exhaustive list of RMC Subcommittees.

FOR: Structure 4 provides the best organizational fit and meets our regulatory commitment.

ComplianceCommittee

Local Operational Risk Management

Asset and Liability Committee

Branch and Agency Network

Risk Policy CommitteeCredit Committees

Enterprise Risk Management

6

Table of Contents

Linking the Organization to our ERM Objectives

What do we need from the RMC?

1

2

3 Appendix

7

What do we need from the RMC?

Agree and endorse ERM Organizational Structure 4

What the RMC should expect...

Develop ERM Charter (to be approved by RMC) which will promote the

control (defensive) and the strategy (offensive).

Assign members and roll-out new Committee structure.

8

Table of Contents

Linking the Organization to our ERM Objectives

What do we need from the RMC?

1

2

3 Appendix

9

Structure 1: Current State

Disadvantages

Crowded RMC agenda.

No pre-vetting or analysis of data.

Advantages

Status quo

RMC members possess the requisite

expertise needed for ERM.

Elevating the responsibility for ERM to

the RMC level should promote a high

level of visibility and commitment.

Description: This structure represents the current state (i.e. there is no change to the organizational structure.

Instead, ERM is a primary responsibility of the RMC and its members. Therefore, an additional committee is

not necessary.

RMC

Compliance LORM ALCO BAN Credit Policy Audit

Note: This is not an exhaustive list of RMC Subcommittees.

AGAINST: Structure 1 may require numerous Task Forces and may not meet our regulatory commitment.

10

Structure 2: Advisor to RMC

Disadvantages

New structure.

No decision-making authority.

Advantages

Competent professionals.

Shapes the RMC

No new committee needed.

No decision-making authority needed.

Description: This structure represents ERM as an advisor to the RMC. This structure is similar to Structure 1.

However, the ERM Advisors do not have to be the same constituency as the RMC.

RMC

Compliance LORM ALCO BAN Credit Policy Audit

ERM

Note: This is not an exhaustive list of RMC Subcommittees.

AGAINST: Structure 2 lacks impact and will not meet our regulatory commitment.

11

Structure 3: Intermediate Decision-Making Body

Disadvantages

New decision-making structure.

Boundary issues may arise with RMC and

subsidiaries.

RMC may disengage and delegate authority.

Advantages

By elevating the ERM structure above other

Risk, Compliance and Finance Committees,

ERM can address cross functional risk issues.

Enterprise-wide view of risk.

RMC

ERM

Compliance LORM ALCO BAN Credit Policy Audit

Description: This structure represents ERM as an intermediate decision-making body to RMC. This structure

establishes a new committee which sits above all other committees and shapes agenda, reviews status and

escalates issues to the RMC.

Note: This is not an exhaustive list of RMC Subcommittees.

AGAINST: Structure 3 may not provide us the best organizational fit.

12

Structure 5: Reporting into LORM / Other Subcommittees

Disadvantages

Reporting into LORM, the ERM Committee

may not have the capacity to focus on other

risk issues.

Specialization may be deep but lacks breadth.

Risks other than Operational Risk may not be

adequately covered (e.g. Market and Credit

Risk, Compliance, ALCO).

Advantages

Utilize existing structure.

Description: This structure represents ERM as a sub-committee reporting into LORM or Other Subcommittees

(e.g. Credit Policy or ALCO). The constituency may change under this model as there may be a tendency to

focus more on the type of risk governing the Subcommittee (e.g. operational risk) rather than other types of

enterprise-wide risk issues.

RMC

Compliance LORM ALCO BAN Credit Policy

ERM Operation Risk

Audit

Note: This is not an exhaustive list of RMC Subcommittees.

AGAINST: Structure 5 lacks impact and will not meet our regulatory commitment.