The Risk Group's mission is to help the Bank achieve its objectives while managing risks within the Bank's risk tolerance. The Group's role is to serve as the Bank's second line of defense to ensure effective risk management. We do this by performing independent assessment and oversight of the Bank's risks. We establish frameworks to improve Bank's risk management processes and practices. The scope of our work includes:

• The Bank's principal risks: operational risk, financial risk, strategic and reputational risk, and, in collaboration with the Compliance Function, compliance risk
• The Bank's key enterprise risks: risks that threaten the Bank's ability to achieve its mission
• Material risks of the Bank's major business areas

CRM TSF provides management and oversight for the CRM consolidated IT application portfolio. The primary objective is to ensure that business needs are continuously met by application functions and that application Central Business Application Functions (CBAF) are meeting pre-defined performance metrics.

The Enterprise Risk Oversight Function's primary responsibilities are to support the Bank-wide risk framework and the Bank's risk tolerance. They provide Audit and Risk Committee and Risk Subcommittee support and have a point of contact for business areas. Additional responsibilities include:

• Key enterprise risks
• Material risks of business areas
• Strategic and reputational risk
• Improvement of end-to-end risk management processes

The Financial Risk Oversight function is responsible for the financial risk framework. The three teams that comprise FRO in support of that work are:

• Market and valuation risk (includes price verification)
• Credit risk (collateral and counterparty)
• Model risk (model validation)

Group Support provides centralized support to the Risk Group in Finance, Facilities Management, Administrative Support, Information Management (automation/IT procurement, data management, Wiki configuration, external service provider management, information security liaison, and Risk Analytics support), Operational Risk (business continuity planning, risk event management, data handling, Ethics liaison), HR Management (compensation, recruiting/hiring, training), and Internal Communications.

The main responsibilities of the Operational Risk Oversight Function include:

• Operational risk framework
• Risk event reporting
• Risk and control self-assessments
• Key operational risks