TD Ameritrade 2018 Annual Report

10 Certain of our subsidiaries are also registered as investment advisors under the Investment Advisers Act of 1940. We are also subject to regulation in all 50 states, the District of Columbia and Puerto Rico, including registration requirements. TD Ameritrade Trust Company is chartered in the state of Maine as a state-regulated non-depository trust company. In its capacity as a securities clearing firm, TDAC is a member of The Depository Trust & Clearing Corporation ("DTCC") and The Options Clearing Corporation ("OCC"), each of which is registered as a clearing agency with the SEC. As a member of these clearing agencies, TDAC is required to comply with the rules of such clearing agencies, including rules relating to possession or control of client funds and securities, margin lending and execution and settlement of transactions. Margin lending activities are subject to limitations imposed by regulations of the Federal Reserve System and FINRA. In general, these regulations provide that, in the event of a significant decline in the value of securities collateralizing a margin account, we are required to obtain additional collateral from the borrower or liquidate security positions. We are subject to a number of state, federal and foreign laws applicable to companies conducting business on the Internet that address client privacy, system security and safeguarding practices and the use of client information. For additional, important information relating to government regulation, please review the information set forth under the heading "Risk Factors Relating to the Regulatory and Legislative Environment" in Item 1A — Risk Factors. Risk Management Our business activities expose us to various risks. Identifying and measuring our risks is critical to our ability to manage risk within acceptable tolerance levels in order to minimize the effect on our business, results of operations and financial condition. Our management team is responsible for managing risk, and it is overseen by our board of directors, primarily through the board's Risk Committee. We use risk management processes and have policies and procedures for identifying, measuring and managing risks, including establishing threshold levels for our most significant risks. Our risk management, compliance, internal audit, and legal departments assist management in identifying and managing risks. Our management team's Enterprise Risk Committee ("ERC") is responsible for reviewing risk exposures and riskmitigation. Subcommittees of the ERChave been established to assist in identifying andmanaging specific areas of risk. Our business exposes us to the following broad categories of risk: Operational Risk — Operational risk is the risk of loss resulting from inadequate or failed internal processes or controls, human error or misconduct, systems and technology problems or from external events. It also involves compliance with regulatory and legal requirements. Operational risk is the most prevalent form of risk in our risk profile. We manage operational risk by establishing policies and procedures to accomplish timely and efficient processing, obtaining periodic internal control attestations from management and conducting internal audit reviews to evaluate the effectiveness of internal controls. Cyber Security Risk — Cyber security risk is the risk of a malicious technological attack intended to impact the confidentiality, availability, or integrity of our systems and data, including sensitive client data. Our technology and security teams rely on a layered system of preventive and detective technologies, practices, and policies to detect, mitigate, and neutralize cyber security threats. Cyber-attacks can also result in financial and reputational risk. Market Risk — Market risk is the risk of loss resulting from adverse movements in market factors, such as asset prices, foreign exchange rates and interest rates. Our market risk related to asset prices is mitigated by our routing for execution of client trades primarily on an agency, rather than a principal, basis and our maintenance of fixed- income securities to meet client requirements. Interest rate risk is our most prevalent form of market risk. For more information about our interest rate risk and how we manage it, see Item 7A — Quantitative and Qualitative Disclosures About Market Risk.