American Express 2009 Annual Report Download - page 49

Download and view the complete annual report

Please find page 49 of the 2009 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 134

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134

2009 FINANCIAL REVIEW
AMERICAN EXPRESS COMPANY
RISK MANAGEMENT
GOVERNANCE
The Audit and Risk Committee of the Board approves the
Company’s Enterprise-wide Risk Management Policy, which
defines risk management objectives, risk appetite, risk limits
and escalation triggers, and establishes the internal
governance structure for managing risk. The Policy focuses on
the major risks that are relevant to the Company given its
business model – credit risk (institutional and individual),
operational risk, market risk and reputational risk. Internal
management committees, including the Enterprise Risk
Management Committee (ERMC), chaired by the Company’s
Chief Risk Officer, and the Asset-Liability Committee
(ALCO), chaired by the Company’s Chief Financial Officer,
are responsible for implementing the Policy across the
Company.
CREDIT RISK MANAGEMENT PROCESS
Credit risk is defined as the risk of loss due to obligor or
counterparty default. Credit risks in the Company are divided
into two broad categories: individual and institutional. Each
has distinct risk management tools and metrics. Business
units that create individual or institutional credit risk
exposures of significant importance are supported by
dedicated risk management teams, each led by Chief Credit
Officers. To preserve independence, Chief Credit Officers for
all business units have a solid line reporting relationship to
the Company’s Chief Risk Officer.
INDIVIDUAL CREDIT RISK
Individual credit risk arises principally from consumer and
small business charge cards, credit cards, lines of credit, and
loans. These portfolios consist of millions of borrowers across
multiple geographies, occupations, industries and levels of net
worth. The Company benefits from the attractive profile of its
cardmembers, which is driven by brand, underwriting, and
customer management policies, premium customer servicing,
and product reward features. The risk in these portfolios is
correlated with broad economic trends, such as
unemployment rates, GDP growth, and home values, as well
as customer liquidity, which can have a material effect on
credit performance.
General principles and the overall framework for
managing individual credit risk across the Company are
defined in the Individual Credit Risk Policy approved by the
ERMC. The Credit Policy Committee is responsible for
implementation and enforcement of this policy and for
providing guidance to the Underwriting and Credit Strategy
Committees as well as to the Chief Credit Officers of
respective business units. This policy is further supported by
subordinate policies and practices covering all facets of credit
extension, including prospecting, approvals, authorizations,
line management, collections, and fraud prevention. These
policies are designed to assure consistent application of risk
management principles and standardized reporting of asset
quality and loss recognition.
Individual credit risk management is supported by
sophisticated proprietary scoring and decision-making
models that use the most up-to-date proprietary information
on customers, such as spending and payment history, data
feeds from credit bureaus, and mortgage information.
Additional data, such as home value and other new
commercial variables designed to better manage small
business risk, were integrated into the Company’s models in
the early stages of the recent economic downturn to further
mitigate risk. The Company has developed unique decision
logic for each customer interaction, including prospect
targeting, new account approvals, line assignment, balance
transfers, cross selling and overall account management and
collection.
INSTITUTIONAL CREDIT RISK
Institutional credit risk arises principally within the
Company’s Global Corporate Card Services, Merchant
Services and Network Services businesses, and from the
Company’s investment activities. Unlike individual credit
risk, institutional credit risk is characterized by a lower loss
frequency but higher severity. It is affected both by general
economic conditions and by company-specific events. The
absence of large losses in any given year or over several years
is not necessarily representative of the level of risk of
institutional portfolios, given the infrequency of loss events in
such portfolios.
General principles and the overall framework for
managing institutional credit risk across the Company are
defined in the Institutional Credit Risk Policy approved by the
ERMC. The Institutional Risk Management Committee
(IRMC) is responsible for implementation and enforcement
of this policy and for providing guidance to the credit officers
of each business unit with substantial institutional credit risk
exposures, who in turn make investment decisions in core risk
capabilities, ensure proper implementation of the
underwriting standards and contractual rights of risk
mitigation, monitor risk exposures, and determine risk
mitigation actions. The IRMC formally reviews large
institutional exposures to ensure compliance with ERMC
guidelines and procedures and escalates them to the ERMC as
appropriate. At the same time, the IRMC provides guidance
to business unit risk teams to optimize risk-adjusted returns
on capital. A company-wide risk rating utility and a
specialized airline risk group provide risk assessment of
institutional obligors.
MARKET RISK MANAGEMENT PROCESS
Market risk is the risk to earnings or value resulting from
movements in market prices. The Company’s market risk
exposure is primarily generated by:
Interest rate risk in its card, insurance and Travelers
Cheque businesses, as well as its investment portfolios; and
Foreign exchange risk in its international operations.
47