American Express 2008 Annual Report Download - page 48

Download and view the complete annual report

Please find page 48 of the 2008 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 125

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125

2008 financial review
american express company
Liquidity risk is managed both at an aggregate company level
and at the major legal entities in order to ensure that sufficient
funding and liquidity resources are available in the amount and in
the location needed in a stress event. The Funding and Liquidity
Committee manages the forecasts of the Company’s aggregate
and subsidiary cash positions and financing requirements, the
funding plans designed to satisfy those requirements under
normal conditions, establishes guidelines to identify the amount
of liquidity resources required, and monitors positions and
determines any actions to be taken. Liquidity planning also
takes into account operating cash flexibilities.
operational risk management process
Managing operational risk is an important priority for the
Company. The Company defines operational risk as the risk
of not achieving business objectives due to inadequate or failed
processes or information systems, human error or the external
environment (e.g., natural disasters) including losses due
to failures to comply with laws and regulations. Operational
risk is inherent in all business activities and can impact an
organization through direct or indirect financial loss, brand
damage, customer dissatisfaction, or legal or regulatory penalties.
Current areas of significant focus include data protection, anti-
money laundering, vendor risk, impact of reengineering efforts,
financial reporting risk and both internal and external fraud.
The general principles and the overall framework for
managing operational risk across the Company are defined
in the Operational Risk Policy approved by the ERMC. The
Operational Risk Management Committee (ORMC) provides
governance for the operational risk framework including related
policies and is chaired by the Chief Operational Risk Officer
with member representation from business units and support
groups. These groups have the responsibility for implementing
the framework as well as for the day-to-day management of
operational risk.
In order to appropriately measure operational risk, the
Company has developed a comprehensive operational risk
model. This model assesses (i) risk events, i.e. what occurred
or could have occurred; (ii) root causes, i.e. why did it occur
or could have occurred; and (iii) impact, i.e. how was the
Company affected or might have been affected. The impact on
the Company is assessed from a financial, brand, regulatory and
legal perspective. The operational risk model also assesses the
frequency and likelihood that events may occur again so that
the appropriate mitigation steps may be taken.
Additionally, the Company uses an operational risk
framework to identify, measure, monitor, and report inherent
and emerging operational risks. This framework consists of
a) the ORMC oversight, b) an operational risk event capture
process, and c) process and entity-level risk self assessments.
Internal losses and external losses are captured and analyzed
in the operational risk event capture database. Risk managers
responsible for the areas where losses have occurred are required
to create action plans and escalate events based on thresholds
to the ORMC.
The process risk self-assessment methodology is used to
facilitate compliance with Section 404 of the Sarbanes-Oxley Act,
and is also used for non-financial operational risk self assessments.
This methodology involves identifying key processes across
the Company and then determining the inherent operational
risks. Once these risks have been identified, the existing control
environment is defined, key controls are tested and relevant issues
are escalated to the appropriate governing bodies.
The operational risk framework also includes the entity
risk self-assessment. This is a risk workshop where senior
leaders identify the key operational risks that the business
unit or support group faces and determines the Companys
preparedness to respond should these risks occur. Top risks are
tracked to ensure that the appropriate monitoring or mitigation
is in place.
The Company also has a reporting process that provides
business unit leaders with operational risk information on
a quarterly basis to help them assess the overall operational
risks of their business units. These scorecards identify the key
components of the operational risk framework and relevant
operational risk metrics.
These initiatives have resulted in improved operational risk
intelligence and heightened level of preparedness to manage
risk events and conditions that may adversely impact the
Companys operations.
business segment results
The Companys businesses are organized into two customer-
focused groups, the Global Consumer Group and the Global
Business-to-Business Group. U.S. Card Services (USCS) and
International Card Services (ICS) are aligned within the Global
Consumer Group and Global Commercial Services (GCS) and
Global Network & Merchant Services (GNMS) are aligned
within the Global Business-to-Business Group.
The Company considers a combination of factors when
evaluating the composition of its reportable operating segments,
including the results reviewed by the chief operating decision
maker, economic characteristics, products and services offered,
classes of customers, product distribution channels, geographic
considerations (primarily U.S. versus international), and
regulatory environment considerations. Refer to Note 24 to the
Consolidated Financial Statements for additional discussion of
products and services by segment.
46