Risk management entails effective and timely identification, measurement, monitoring, escalation and mitigation of risk exposures for the DTCC enterprise, its stakeholders and the global clearance and settlement system. Risk mitigation is viewed by DTCC as primary among its responsibilities and is therefore a central focus of the organization.
The globalization of financial markets, the evolving market landscape and the continued development of technology make risk management increasingly complex and critical. The commitment of DTCC to the centrality of risk management is evident in values embedded throughout the organization, from operations and business lines up through senior management. DTCC places great emphasis on risk awareness as key to company culture. DTCC has a core set of common principles and processes across its subsidiaries for identifying, assessing, measuring, monitoring, mitigating and reporting risks.
DTCC has also established a Corporate Risk Framework, pursuant to which its risk tolerances are established, communicated and monitored. The goal of the Corporate Risk Framework is to define DTCC’s risk management program and provide guidelines to manage key risks across the organization in a comprehensive, consistent and effective manner, enabling DTCC to achieve its business objectives and remain consistent with its risk tolerances.
Risk management methodologies are integrated into all significant operations of the organization. DTCC achieves this through an approach involving three lines of defense:
The First Line of Defense: The first line of defense is comprised of the various business lines and supporting functional units including Product Management, Global Operations, Information Technology and other areas critical to DTCC’s daily operations and functioning. Their mandate is to manage risk proactively on a day-to-day basis.
The Second Line of Defense: The second line of defense is comprised of DTCC’s control functions, including the Legal Department, the Privacy Office, Compliance and those areas that fall within the Group Chief Risk Office. Their mandate is to provide advice and guidance to the first line of defense for adhering to established risk standards and/or to monitor compliance with such established risk standards.
The Third Line of Defense: The third line of defense is the Internal Audit Department (IAD). IAD’s mission is to assess DTCC’s overall control environment, risk management and control framework and, in doing so, to raise awareness of control risk and promote changes for improving governance processes. IAD provides independent and objective assurance to assist in DTCC’s maintenance of effective risk management and control practices.