American Express 2010 Annual Report Download - page 52

Download and view the complete annual report

Please find page 52 of the 2010 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 127

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127

expected future financing obligations and business
requirements, even in the event it is unable to raise new
funds under its regular funding programs. The Company
balances the trade-offs between maintaining too much
liquidity, which can be costly and limit financial flexibility,
and having inadequate liquidity, which may result in financial
distress during a liquidity event.
Liquidity risk is managed both at an aggregate company level
and at the major legal entities in order to ensure that sufficient
funding and liquidity resources are available in the amount and
in the location needed in a stress event. The Funding and
Liquidity Committee reviews the forecasts of the Company’s
aggregate and subsidiary cash positions and financing
requirements, approves the funding plans designed to satisfy
those requirements under normal conditions, establishes
guidelines to identify the amount of liquidity resources
required and monitors positions and determines any actions
to be taken. Liquidity planning also takes into account operating
cash flexibilities.
OPERATIONAL RISK MANAGEMENT PROCESS
The Company defines operational risk as the risk of not
achieving business objectives due to inadequate or failed
processes or information systems, human error or the
external environment (i.e., natural disasters) including losses
due to failures to comply with laws and regulations. Operational
risk is inherent in all business activities and can impact an
organization through direct or indirect financial loss, brand
damage, customer dissatisfaction, or legal and
regulatory penalties.
The operational risk governance and the overall framework
for managing operational risk across the Company are defined in
the Operational Risk Policy approved by the Audit and Risk
Committee of the Board of Directors. The Operational Risk
Management Committee (ORMC) coordinates and oversees
the operational risk mitigation efforts by Lead Operational
Risk Officers in the business units and staff groups supported
by the control groups.
In order to appropriately measure operational risk, the
Company has developed a comprehensive operational risk
framework. This framework assesses (i) risk events; (ii) root
causes; (iii) impact and (iv) accountability. The impact on the
Company is assessed from a financial, brand, regulatory and
legal perspective. The operational risk model also assesses the
frequency and likelihood that events may occur again so that the
appropriate mitigation steps may be taken.
Additionally, the Company uses an operational risk
framework to identify, measure, monitor and report inherent
and emerging operational risks. This framework, supervised by
the ORMC, consists of (a) operational risk event capture,
(b) project office to coordinate control enhancements, (c) key
risk indicators, and (d) process and entity-level risk self-
assessments. The process risk self-assessment methodology is
used to facilitate compliance with Section 404 of the Sarbanes-
Oxley Act, and is also used for non-financial operational risk
self-assessments. During the entity risk self-assessment, senior
leaders identify key operational risks in a business unit or staff
group and determine the Company’s risk mitigation plans.
Managing operational risk is an important priority for the
Company, and projects and investments are underway to
increase operational risk management effectiveness, which
will benefit both shareholders and customers.
REPUTATIONAL RISK MANAGEMENT PROCESS
The Company defines reputational risk as the risk that negative
publicity regarding the Company’s products, services, business
practices, management, clients and partners, whether true or
not, could cause a decline in the customer base, costly litigation,
or revenue reductions.
The Company views protecting its reputation as core to its
vision of becoming the world’s most respected service brand and
fundamental to its long-term success.
General principles and the overall framework for managing
reputational risk across the Company are defined in the
Reputational Risk Management Policy. The Reputational Risk
Management Committee (RRMC) is responsible for
implementation and adherence to this policy, and for
performing periodic assessment of the Company’s reputation
and brand health based on internal and external assessments.
Business leaders across the Company are responsible for
ensuring that reputation risk implications of transactions,
business activities and management practices are
appropriately considered and relevant subject matter experts
are engaged as needed.
50
AMERICAN EXPRESS COMPANY
2010 FINANCIAL REVIEW