ENTERPRISE RISK MANAGEMENT

1. ENTERPRISE RISK MANAGEMENT June 2008

2. ERM AT TD • TD as a regulated financial institution is a strong advocate and practitioner of ERM. • Regulators, such as OSFI (Canada), FSA (UK), SEC (USA) demand financial institutions employ advanced risk management practices. • TD manages all its key risks through ERM framework • Risks identified, ownership is determined and centralized risk management (oversight) is established. • Key risks include strategic, credit, market, operational, insurance, regulatory/legal, reputational and liquidity.

3. Who is responsible for risk at TD ? Board of Directors • Provides oversight Risk Committee of Board • Approves enterprise risk policies, monitors management, performs strategic analysis of trends Senior Executive Team • Identifies key risk, monitors, evaluates and responsible for managing across the Bank • Executive Committees (e.g. Repuational, A/L, Operational) • Audit (independent assurance) • Compliance (independent review) • Risk Management (enterprise level policies and standards) Monitors and reports • Business Units (owns and manages risk). Sets and implements policies for business consistent with enterprise-level polices)

4. Key Aspects of TD’s ERM • Ownership of risk by business units • Centralized oversight • Strong risk culture (Starts with the Board/ CEO, with risk having a meaningful role in all decisions which have significant risk impact) • Empowered, credible risk group/respected by the business units. • Policy framework ( at least one policy and sometimes many for each major risk) • Transparency of risk discussions • Strong analytic approach. Quantification where feasible/desirable • Rigorous approval process for exceptions and overages • Multi-level review (e.g. audit monitors risk management processes)

5. TD’s Energy Trading Business-Applicable Policies • New business policies (do we have the proper systems, regulatory approval, legal, accounting etc to support a new business/product.) • Reputational risk (risk of negative publicity will cause a decline in TD’s value, liquidity or customer base) • Credit policies. Limits for the business and for its counterparties. • Market risk policies (establish market risk tolerance) • Valuation policies (models, reserves, independent price validation) • Business recovery policies (failure of systems, pandemics, etc) • SOX policies • Security (security of systems, confidential information) • Know your customer and anti-money laundering • Personal trading policies

6. TD Energy-Market Risk Policies • Establishes market risk tolerance for the business • Approved products (e.g. robust option models, calibration to market prices, sufficient trader knowledge, independent pricing, verifiable parameters) • Approved locations (liquidity, independent pricing, trader knowledge) • Term to maturity limits • Greek limits (Delta, Vega) and notional limits (aggregate and by location/time bucket) • VaR limits (commodity, interest rate, fx, aggregate) • Stop loss limits (one day, five day) for energy. Aggregate limits for Bank • Stress limit for energy. Measures impact of severe but plausible shocks to market parameters.

7. TD Energy Risk Management Process • Extensive daily reporting of market risk (p&l attribution by book, commodity price changes, volatility surfaces, delta, strike maps, gamma ladders, VaR, stress, risk limits, backtest etc.) and credit risk (exposure/availability by counterparty) • Daily review of business/investigation by Risk Management (profitability, market conditions, positions, price volatility, liquidity, etc.) and discussions with Front Office as warranted. • Overage reporting-escalation based on level of overage • Independent price validation • Market Risk Committee meets bi-weekly to discuss risk issues and policies • Market risk policies updated regularly to reflect new products/locations/market conditions. • Continuous improvement of systems and processes

8. Why does ERM fail? • While most financial institutions and many hedge funds and corporates have implemented ERM, we continue to experience periodic massive risk failures (sub-prime, asset based commercial paper, SocGen, Amaranth, etc.) • Most ERM programs appear to be very similar (at least as to form) , but outcomes are dramatically different. • Why?

9. Reasons for ERM Failure • Form over substance. Many ERM programs are implemented to satisfy external requirements (e.g. regulators, ratings agencies, auditors) and are not necessarily driven by the senior leadership team. • Risk management team is not credible with respect to the operating business units (risk as overhead). Lack of industry/market knowledge, inexperience, a theoretical vs. practical mindset may all contribute to diminished credibility. • Greed (either at the corporate or at the individual level) outweighs risk concerns. • Operational risk is neglected. Poor systems and sloppy processes allows the rogue trader to assume unwarranted risks. • Over reliance on third party risk assessments (e.g. asset backed commercial paper, sub-prime) • Risk falls between silos (e.g.credit default swaps-where credit/market risk mix) • Occasionally-poor risk metrics (valuation models, VaR models) • Risks change over time and new risks emerge. Risk tends to place limits on yesterday’s risks-not tomorrow’s.

10. Reasons for Success • ERM fully supported by senior leadership team and the overall corporate culture • Credible, knowledgeable and experienced risk staff who are able to effectively interface with senior line executive • Risk processes must be transparent and Risk must have a seat at the table when major decisions impacting the institution’s or corporation’s risk profile • Risk managers from all disciplines (market, credit, legal, operations ) must be able to communicate effectively with each other. • Risk systems must be robust and effective. • Don’t neglect operational risk. • Learn from mistakes (your own and others)