Identifying and understanding risks and their impacts allows CIBC to frame its risk appetite and risk management practices. Defining acceptable levels of risk and establishing sound principles, policies and practices for managing risks is fundamental to achieving consistent and sustainable long-term performance, while remaining within our risk appetite.

Risk management framework

Our risk management framework sets out the key principles and framework that underpin CIBC’s approach to risk management, including our risk appetite, policies and limits, risk organization structure, and governance framework.

The Risk Appetite Statement (RAS) is the cornerstone for the Bank’s approach to managing risk and guides risk-taking activities. The RAS is supported by a comprehensive framework of risk limits, policies, standards, procedures, processes and controls, set out by type of risk, and intended to ensure risks are appropriately identified, measured, monitored and controlled in accordance with the risk appetite. Our RAS is defined by management and is reviewed and approved by the Board of Directors at least annually.

Reputation risk management framework

CIBC’s reputation is of fundamental importance not only to us but also to our clients, shareholders, employees and contingent workers. Every day, our business is faced with situations that could pose undue risk to our reputation.

We have developed an integrated approach to managing our reputation risks through a framework of corporate-wide policies, procedures and processes –including our Code of Conduct, our Supplier Code of Conduct, our Global Reputation and Legal Risks policy and procedures, and policies related to anti-money laundering and anti-terrorist financing, lobbying, employee health and safety, the environment, and our global hiring practices.

Regulatory compliance management framework

It is CIBC policy to have an effective enterprise-wide regulatory compliance management (RCM) framework to manage and mitigate regulatory compliance risk.

The RCM framework is founded upon CIBC’s regulatory compliance philosophy, which is to manage and mitigate regulatory compliance risk through the promotion of a strong compliance culture within the parameters established by CIBC’s RAS. A strong compliance culture includes a commitment to maintaining an open and candid relationship with CIBC’s regulators and other internal and external governance partners (including CIBC’s internal and external auditors). CIBC’s regulatory compliance philosophy requires and supports the early self-identification of issues giving rise to regulatory compliance risk, as well as the prompt implementation of appropriate measures to manage and mitigate that risk.

Business continuity and crisis management

The objective of our business continuity program is to ensure an ongoing capability is in place under conditions of interruption or crisis for the continuation of critical business functions, and for restoration of normal operations in a highly effective and efficient manner.

All functions throughout CIBC are required to regularly assess their exposures to business interruption risk, take appropriate measures to minimize them, and develop, maintain and test business continuity plans. The health and safety of CIBC’s employees and clients is considered paramount in all of our planning.