|
Regulatory compliance risk |
Regulatory compliance risk is the risk of potential non-conformance with laws, rules, regulations and prescribed practices in any jurisdiction in which we operate. Issues regarding compliance with laws and regulations can arise in a number of areas in large complex financial institutions, such as ourselves, and are often the result of inadequate or failed internal processes, controls, people or systems. We currently are, and may be at any given time, subject to a number of legal and regulatory proceedings and subject to numerous governmental and regulatory examinations, investigations and other inquiries.
Laws and regulations are in place to protect the financial and other interests of our clients, investors and the public. As a large-scale global financial institution, we are subject to numerous laws and extensive and evolving regulation by governmental agencies, supervisory authorities and self-regulatory organizations in Canada, the U.S., the U.K., Europe and other jurisdictions in which we operate. Such regulation continues to become increasingly extensive and complex. In addition, regulatory scrutiny and expectations in Canada, the U.S., the U.K., Europe and other jurisdictions for large financial institutions with respect to, among other things, governance, risk management practices and controls, and conduct, as well as the enforcement of regulatory compliance matters, has intensified. Failure to comply with these regulatory requirements and expectations or to resolve any identified deficiencies could result in increased regulatory oversight and restrictions. Resolution of such matters can also result in the payment of substantial penalties, agreements with respect to future operation of their business, actions with respect to relevant personnel, admission of wrongdoing, and guilty pleas with respect to criminal charges.
Operating in this increasingly complex regulatory environment and intense regulatory enforcement environment, we are and have been subject to a variety of legal proceedings, including civil claims and lawsuits, criminal charges, regulatory scrutiny, examinations and proceedings, investigations, audits and requests for information by various governmental regulatory agencies and law enforcement authorities in various jurisdictions, and we anticipate that our ongoing business activities will give rise to such matters in the future. The global scope of our operations also means that a single issue may give rise to overlapping regulatory investigations, regulatory proceedings and or civil litigation claims in different jurisdictions. RBC can be subject to such proceedings due to alleged violations of law or, if determined by regulators, allegedly inadequate policies, procedures, controls or remediation of deficiencies. Changes to laws, including tax laws, regulations or regulatory policies, as well as the changes in how they are interpreted, implemented or enforced, could adversely affect us, for example, by lowering barriers to entry in the businesses in which we operate, increasing our costs of compliance, or limiting our activities and ability to execute our strategic plans. In addition, the severity of the remedies sought in legal and regulatory proceedings to which RBC is subject have increased. Further, there is no assurance that we always will be, or be deemed to be, in compliance with laws, regulations or regulatory policies or expectations. Accordingly, it is possible that we could receive a judicial or regulatory enforcement judgment or decision that results in significant fines, damages, penalties, and other costs or injunctions, criminal convictions, or loss of licenses or registrations that would damage our reputation, and negatively impact our earnings and ability to conduct some of our businesses. We are also subject to litigation arising in the ordinary course of our business and the adverse resolution of any litigation could have a significant adverse effect on our results or could give rise to significant reputational damage, which in turn could impact our future business prospects.
Our Regulatory Compliance Management Framework outlines how we manage and mitigate the regulatory compliance risks associated with failing to comply with, or adapt to, current and changing laws and regulations in the jurisdictions in which we operate.
Regulatory compliance risk includes the regulatory risks associated with financial crimes (which include, but are not limited to, money laundering, bribery, and sanctions), privacy, market conduct, consumer protection, business conduct, as well as prudential and other generally applicable non-financial requirements. Specific compliance policies, procedures and supporting frameworks have been developed to manage regulatory compliance risk.
Strategic risk is the risk that the enterprise or particular business areas will make inappropriate strategic choices, or will be unable to successfully implement selected strategies or achieve the expected benefits. Business strategy is a major driver of our risk appetite and consequently the strategic choices we make in terms of business mix determine how our risk profile changes.
Responsibility for selecting and successfully implementing business strategies is mandated to the individual heads of each business segment. Oversight of strategic risk is the responsibility of the heads of the business segments and their operating committees, the Enterprise Strategy group, the GE, and the Board. The Enterprise Strategy group supports the management of strategic risk through the strategic planning process, articulated within our Enterprise Strategic Planning Policy, ensuring alignment across our business, financial, capital and risk planning.
Our annual business portfolio review and project approval request processes help to identify and mitigate strategic risk by ensuring strategies for new initiatives, lines of business, and the enterprise as a whole align with our risk appetite and risk posture. GRM provides oversight of strategic risk by providing independent reviews of these processes, establishing enterprise risk frameworks, and independently monitoring and reporting on the level of risk established against our risk appetite metrics in accordance with the three lines of defence governance model.
For details on the key strategic priorities for our business segments, refer to the Business segment results section.
Reputation risk is the risk of an adverse impact on stakeholders’ perception of the bank due to i) the actions or inactions of the bank, its employees, third-party service providers, or clients, ii) the perceived misalignment of these actions or inactions with stakeholder expectations of the bank, or iii) negative public sentiment towards a global or industry issue. Our reputation is rooted in the perception of our stakeholders, and the trust and loyalty they place in us is core to our purpose as a financial services organization. A strong and trustworthy reputation will generally strengthen our market position, reduce the cost of capital, increase shareholder value, strengthen our resiliency, and help attract and retain top talent. Conversely, damage to our reputation can result in reduced share price and market capitalization, increased cost of capital, loss of strategic flexibility,
Management’s Discussion and Analysis Royal Bank of Canada: Annual Report 2021 93