American Express 2008 Annual Report Download - page 45

Download and view the complete annual report

Please find page 45 of the 2008 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 125

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125

2008 financial review
american express company
capabilities, creating measurable limits on risk exposures,
optimizing investment decisions, and identifying unacceptable
risks, risk management contributes to the Company’s efforts to
create shareholder and customer value.
In addition to business risk, the Company recognizes four
fundamental sources of risk:
•฀ Credit risk;
•฀ Market risk;
•฀ Liquidity risk; and
•฀ Operational risk.
These risk types, which are described below, are interrelated and
span the Companys business units and geographic locations.
Depending on their nature and scope, the Company manages
and monitors these risks centrally at the enterprise-wide level
and/or at the business unit level, as appropriate.
principles
The Company’s risk management is based on the following three
principles:
Independent oversight;
Board-approval of risk limits and escalation triggers;
Risk manager and business unit ownership of risk-return
decision-making.
The measurement and reporting of the Companys risks are
performed independently by risk management leaders. The
Companys risk management leaders partner with business unit
managers in making risk-return decisions using standardized
risk metrics. Both risk and business unit managers are jointly
accountable for the outcome of risk-return decisions within the
Enterprise-wide Risk Management Committee (ERMC) and
the Board approved limits and escalation triggers.
governance
The Audit Committee of the Board approves the Companys
Enterprise-wide Risk Management policy, which defines
risk management objectives, risk appetite limits, and the
governance structure. The ERMC supports the Board in its
oversight function and works closely with the Company’s most
senior executives to ensure that risk management policies are
implemented across the Company. The ERMC measures and
monitors enterprise-wide risk with a particular emphasis on
preventing excessive risk taking. It also establishes subordinate
risk policies for each of the four sources of risk noted above and
oversees risk committees across the Company.
Business unit managers and independent risk management
leaders are responsible for optimizing risk-return decisions and
containing risk within established limits.
The large majority of transactions and initiatives can proceed
within the existing business unit risk management processes.
However, risks that are large, new, or with enterprise-wide
implications receive enhanced scrutiny.
roles and responsibilities
The ERMC is chaired by the Company’s Chief Risk
Officer who reports directly to the President of American
Express Company, who also leads the Global Consumer
Group. The Chief Risk Officer is directly responsible for
individual and institutional credit risk and operational
risk, and provides guidance on the risk-related issues
through the ERMC. The Chief Risk Officer is supported
by centralized functions such as global fraud, privacy
and enterprise risk, and the Chief Credit Officer of each
business unit.
In addition, the Chief Risk Officer is responsible for creating
an appropriate company-wide risk culture, monitoring and
reporting on the Companys risk profile, ensuring adherence
to the approved risk tolerance/escalation guidelines, and
implementing best-in-class approaches to risk management
throughout the Company.
In addition to the Chief Risk Officer, the ERMC is
composed of:
•฀ The Chief Market Risk Officer;
•฀ The Chief Operational Risk Officer;
•฀ The Chief Credit Officers of each operating segments of the
Company; and
•฀ The enterprise-wide leaders for compliance, controllership,
global banking, and information security.
In order to enhance its enterprise-wide risk assessment, the
ERMC continues to evolve risk management capabilities
that help the Company make better business and investment
decisions as well as strengthen measuring, managing and
transparent reporting of risk. The ERMC also launches focused
risk management initiatives to assess the sources of significant
exposures.
Under the ERMC leadership, committees governing each
risk type develop policies and procedures for their specific
areas, manage and monitor those risks, and strengthen
risk capabilities.
credit risk management process
Credit risk is defined as the risk of loss from obligor or
counterparty default. Credit risks in the Company are divided
into two broad categories: consumer and institutional. Each has
distinct risk management tools and metrics.
43