American Express 2011 Annual Report Download - page 37

Download and view the complete annual report

Please find page 37 of the 2011 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 113

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113

AMERICAN EXPRESS COMPANY
2011 FINANCIAL REVIEW
RISK MANAGEMENT
GOVERNANCE
Risk management and key risks identified by management are
overseen by the Company’s Board of Directors and its Audit and
Risk Committee. The Audit and Risk Committee reports
regularly to the Board on the matters reviewed at the Committee
level. The Board and its Audit and Risk Committee monitor the
Company’s risk culture, oversee risk management capabilities
and risk outcomes in key business units, and review specific
risks, as needed.
The Audit and Risk Committee approves the Company’s
Enterprise-wide Risk Management Policy, which defines risk
management objectives, risk appetite, risk limits, and escalation
triggers, and establishes the internal governance structure for
managing risks. The Policy focuses on the risks that are most
important to the Company given its business model — credit
risk (individual and institutional), operational risk, and
reputational risk. The Audit and Risk Committee also approves
the policies governing the areas of individual credit risk,
institutional credit risk, market risk, liquidity risk, operational
risk, asset/liability management and capital management, as well
as the policy governing the launch of new products and services.
Internal management committees, including the Enterprise-wide
Risk Management Committee (ERMC), chaired by the
Company’s Chief Risk Officer, and the Asset-Liability
Committee (ALCO), chaired by the Company’s Chief Financial
Officer, are responsible for implementing the policies across the
Company. The ERMC approves policies governing reputational
risk management, model governance and validation, and
economic capital.
The Audit and Risk Committee periodically reviews risk
profiles, risk trends and evolution of risk management
capabilities of the Company’s major business units as well as
updates on enterprise-wide operational risk management trends,
events and capabilities (including, but not limited to,
compliance, fraud, legal, information security, and privacy risks),
market risk and funding and liquidity risk. The Audit and Risk
Committee receives regular reports discussing emerging risks
(including their likelihood and potential impact), key risk
escalations, and compliance with the policy-based risk limits.
The Audit and Risk Committee meets regularly in private session
with the Company’s Chief Risk Officer and other senior
management with regard to the Company’s risk management
processes, controls and capabilities.
CREDIT RISK MANAGEMENT PROCESS
Credit risk is defined as loss due to obligor or counterparty
default or changes in the credit quality of a security. Credit risks
in the Company are divided into two broad categories: individual
and institutional. Each has distinct risk management tools and
metrics. Business units that create individual or institutional
credit risk exposures of significant importance are supported by
dedicated risk management teams, each led by a Chief Credit
Officer. To preserve independence, Chief Credit Officers for all
business units have a solid line reporting relationship to the
Company’s Chief Risk Officer.
INDIVIDUAL CREDIT RISK
Individual credit risk arises principally from consumer and small
business charge cards, credit cards, lines of credit, and loans.
These portfolios consist of millions of customers across multiple
geographies, occupations, industries and levels of net worth. The
Company benefits from the high-quality profile of its customers,
which is driven by brand, premium customer servicing, product
features and risk management capabilities, which span
underwriting, customer management and collections. Externally,
the risk in these portfolios is correlated with broad economic
trends, such as unemployment rates, GDP growth, and home
values, which can affect customer liquidity.
The business unit leaders and their embedded Chief Credit
Officers take the lead in managing this process. These Chief
Credit Officers are guided by the Individual Credit Risk
Committee which is responsible for implementation and
enforcement of the Individual Credit Risk Management Policy.
This policy is further supported by subordinate policies and
operating manuals covering decision logic and processes of credit
extension, including prospecting, new account approvals,
authorizations, line management and collections. The
subordinate risk policies and operating manuals are designed to
assure consistent application of risk management principles and
standardized reporting of asset quality and loss recognition.
Individual credit risk management is supported by
sophisticated proprietary scoring and decision-making models
that use the most up-to-date proprietary information on
prospects and customers, such as spending and payment history,
data feeds from credit bureaus and mortgage information.
Additional data, such as new commercial variables, continue to
be integrated into the risk models to further mitigate small
business risk. The Company has developed data-driven economic
decision logic for customer interactions to better serve its
customers.
35