Managing Risk
Overview
Our management governance structure enables
us to manage all major aspects of our business through an integrated planning
and review process that includes strategic, financial, associate and risk
planning. We derive much of our revenue from managing risk from customer
transactions for profit. Through our management governance structure, risk and
return are evaluated with a goal of producing sustainable revenue, reducing
earnings volatility and increasing shareholder value. Our business exposes us
to the following major risks: strategic, liquidity, credit, market and operational.
Strategic risk is the risk that adverse business decisions, ineffective or inappropriate business
plans or failure to respond to changes in the competitive environment, business cycles, customer
preferences, product obsolescence, execution and/or other intrinsic risks of business will impact
our ability to meet our objectives. Liquidity risk is the inability to accommodate
liability maturities and deposit withdrawals, fund asset growth and meet
contractual obligations through unconstrained access to funding at reasonable
market rates. Credit risk is the risk of loss arising from a borrower's or
counterparty’s inability to meet its obligations. Market risk is the risk that values of assets
and liabilities or revenues will be adversely affected by changes in market
conditions, such as interest rate movements. Operational risk is the risk of loss
resulting from inadequate or failed internal processes, people and systems or
external events.
Risk Management Processes and Methods
We have established control processes and use various methods to align risk-taking and
risk management throughout our organization. These control processes and
methods are designed around “three lines of defense”: lines of business;
support units (including Risk Management, Compliance, Finance, Personnel and
Legal); and Corporate Audit.
Management is responsible for identifying, quantifying, mitigating and managing all risks within their lines of business, while certain
enterprise-wide risks are managed centrally. For example, except for
trading-related business activities, interest rate risk associated with our
business activities is managed centrally in the Corporate Treasury function.
Line of business management makes and executes the business plan and is closest
to the changing nature of risks and, therefore, we believe is best able to take
actions to manage and mitigate those risks. Our lines of business prepare
quarterly self-assessment reports to identify the status of risk issues, including
mitigation plans, if appropriate. These reports roll up to executive management
to ensure appropriate risk management and oversight, and to identify
enterprise-wide issues. Our management processes, structures and policies aid
us in complying with laws and regulations and provide clear lines for
decision-making and accountability. Wherever practical, we attempt to house
decision-making authority as close to the customer as possible while retaining
supervisory control functions from both in and outside of the lines of business.
The Risk Management organization translates approved
business plans into approved limits, approves requests for changes to those
limits, approves transactions as appropriate, and works closely with lines of
business to establish and monitor risk parameters. Risk Management has assigned
a Risk Executive to each of the four lines of business who is responsible for
the oversight of all risks associated with that line of business. In addition,
Risk Management has assigned Risk Executives to monitor enterprise-wide credit,
market and operational risks.
Corporate Audit provides an independent assessment
of our management and internal control systems. Corporate Audit activities are
designed to provide reasonable assurance that resources are adequately
protected; significant financial, managerial and operating information is
materially complete, accurate and reliable; and employees’ actions are in
compliance with corporate policies, standards, procedures, and applicable laws
and regulations.
We use various methods to manage risks at the line
of business levels and corporate-wide. Examples of these methods include
planning and forecasting, risk committees and forums, limits, models, and
hedging strategies. Planning and forecasting facilitates analysis of actual
versus planned results and provides an indication of unanticipated risk level.
Generally, risk committees and forums are comprised of line of business, risk
management, compliance, legal and finance personnel, among others, who actively
monitor performance against plan, limits, potential issues, and introduction of
new products. Limits, the amount of exposure that may be taken in a product,
relationship, region or industry, seek to align risk goals with those of each
line of business and are part of our overall risk management process to help
reduce the volatility of market, credit and operational losses. Models are used
to estimate market value and net interest income sensitivity, and to estimate
both expected and unexpected losses for each product and line of business, where appropriate.
Hedging strategies are used to manage the risk of borrower or counterparty concentration risk
and to manage market risk in the portfolio.
The formal processes used to manage risk represent
only one portion of our overall risk management process. Corporate culture and
the actions of our associates are also critical to effective risk management.
Through our Code of Ethics, we set a high standard for our associates. The Code
of Ethics provides a framework for all of our associates to conduct themselves
with the highest integrity in the delivery of our products or services to our
customers. We instill a risk-conscious culture through communications,
training, policies, procedures, and organizational
roles and responsibilities. Additionally,
we continue to strengthen the linkage between the associate performance
management process and individual compensation to encourage associates to work
toward corporate-wide risk goals.
Oversight
The Board evaluates risk through the Chief Executive Officer (CEO) and three committees.
The Finance Committee, a committee appointed by the Board, establishes policies
and strategies for managing the strategic, liquidity, credit, market and operational risks
to corporate earnings and capital. The Asset
Quality Committee, a Board committee, reviews credit and selected market risks;
and the Audit Committee, a Board committee, provides direct oversight of the
corporate audit function and the independent registered public accounting firm.
Additionally, senior management oversight of our risk-taking and risk
management activities is conducted through three senior management committees:
the Risk and Capital Committee (RCC), the Asset and Liability Committee (ALCO)
and the Credit Risk Committee (CRC). The
RCC, a senior management committee, reviews corporate strategies and corporate
objectives, evaluates business performance, and reviews business plans,
including capital allocation, for the Corporation and for major businesses. The
ALCO, a subcommittee of the Finance Committee, approves limits for trading
activities, and was established to manage the risk of loss of value and related
Net Interest Income of our trading positions. ALCO also provides oversight for
Corporate Treasury’s and Corporate Investment’s process of managing interest
rate risk, otherwise known as the ALM process, and reviews hedging techniques.
In addition, ALCO provides oversight guidance over our credit hedging program.
The CRC, a subcommittee of the Finance Committee, establishes corporate credit
practices and limits, including industry and country concentration limits,
approval requirements and exceptions. The CRC also reviews business asset
quality results versus plan, portfolio management, and the adequacy of the
allowance for credit losses. Each committee and subcommittee has the ability to delegate
authority to officers of subcommittees to manage specific risks.
Management is in the process of finalizing its plans to address the Basel Committee on Banking Supervision's new risk-based capital standards (Basel II). The Finance Committee and the Audit Committee provide oversight of management's plans including the Corporation's preparedness and compliance with Basel II. For additional information, see Note 14 of the Consolidated Financial Statements.
In 2005, the
Finance Committee chartered the Compliance and Operational Risk Committee
(CORC) as a subcommittee of the Finance Committee. CORC provides oversight and
consistent communication of operational and compliance issues.
The following sections, Strategic Risk Management,
Liquidity Risk Management, Credit Risk Management,
Market Risk Management and
Operational Risk Management, address in more detail the specific
procedures, measures and analyses of the major categories of risk that we
manage.
|
