American Express 2013 Annual Report Download - page 47

Download and view the complete annual report

Please find page 47 of the 2013 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 114

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114

AMERICAN EXPRESS COMPANY
2013 FINANCIAL REVIEW
to comply with laws and regulations. Operational risk is inherent in all
business activities and can impact an organization through direct or
indirect financial loss, brand damage, customer dissatisfaction, or legal
and regulatory penalties.
To appropriately measure and manage operational risk, the
Company has implemented a comprehensive operational risk
framework that is defined in the Operational Risk Management Policy
approved by the Risk Committee. The Operational Risk Management
Committee (ORMC) coordinates with all control groups on effective
risk assessments and controls and oversees the preventive, responsive
and mitigation efforts by Lead Operational Risk Officers in the
business units and staff groups. To preserve independence, the Lead
Operational Risk Officers for all business units report to the Chief
Operational Risk Officer of the Company, who in turn reports directly
to the Company’s Chief Risk Officer.
The Company uses the operational risk framework to identify,
measure, monitor and report inherent and emerging operational risks.
This framework, supervised by the ORMC, consists of (a) operational
risk event capture, (b) a project office to coordinate issue management
and control enhancements, (c) key risk indicators such as customer
complaints or pre-implementation test metrics, and (d) process and
entity-level risk assessments.
The framework requires the assessment of operational risk events
to determine root causes, impact to customers and/or the Company,
and resolution plan accountability to correct any defect, remediate
customers, and enhance controls and testing to mitigate future issues.
The impact on the Company is assessed from an operational, financial,
brand, regulatory compliance and legal perspective.
COMPLIANCE RISK MANAGEMENT PROCESS
The Company defines compliance risk as the risk of legal or
reputational harm, fines, monetary penalties, payment of damages or
other forms of sanction as a result of non-compliance with applicable
laws, regulations, rules or standards of conduct.
The Company views its ability to effectively mitigate compliance
risk as an important aspect of its business model. The Company’s
Global Compliance and Ethics organization is responsible for
establishing and maintaining the Company’s Corporate-wide
Compliance Risk Management Program. Pursuant to this program,
the Company seeks to manage and mitigate compliance risk by
assessing, controlling, monitoring, measuring and reporting the
regulatory risks to which it is exposed.
REPUTATIONAL RISK MANAGEMENT PROCESS
The Company defines reputational risk as the risk that negative public
perceptions regarding the Company’s products, services, business
practices, management, clients and partners, whether true or not,
could cause a decline in the customer base, costly litigation, or
revenue reductions.
The Company views protecting its reputation as core to its vision
of becoming the world’s most respected service brand and
fundamental to its long-term success.
General principles and the overall framework for managing
reputational risk across the Company are defined in the Reputational
Risk Management Policy. The Reputational Risk Management
Committee is responsible for implementation of and adherence to this
policy, and for performing periodic assessments of the Company’s
reputation and brand health based on internal and external
assessments.
Business leaders across the Company are responsible for ensuring
that reputation risk implications of transactions, business activities
and management practices are appropriately considered and relevant
subject matter experts are engaged as needed. In addition, the ERMC
and its sub-committees are responsible for ensuring that reputational
risk considerations are properly reflected in all decisions escalated to
the committees.
MARKET RISK MANAGEMENT PROCESS
Market risk is the risk to earnings or value resulting from movements
in market prices. The Company’s market risk exposure is primarily
generated by:
Interest rate risk in its card, insurance and Travelers Cheque
businesses, as well as in its investment portfolios; and
Foreign exchange risk in its operations outside the U.S.
Market risk limits and escalation triggers within the Market Risk
and Asset Liability Management Policies are approved by the Risk
Committee of the Board of Directors and the ERMC, based on
recommendations by the ALCO. Market risk is centrally monitored
for compliance with policy and limits by the Market Risk Committee,
which reports into the ALCO and is chaired by the Chief Market Risk
Officer. Market risk management is also guided by policies covering
the use of derivative financial instruments, funding and liquidity and
investments.
The Company’s market exposures are in large part by-products of
the delivery of its products and services. Interest rate risk arises
through the funding of Card Member receivables and fixed-rate loans
with variable-rate borrowings as well as through the risk to net
interest margin from changes in the relationship between benchmark
rates such as Prime and LIBOR.
Interest rate exposure within the Company’s charge card and fixed-
rate lending products is managed by varying the proportion of total
funding provided by variable-rate debt and deposits compared to
fixed-rate debt and deposits. In addition, interest rate swaps are used
from time to time to effectively convert fixed-rate debt to variable-rate
or to convert variable-rate debt to fixed-rate. The Company may
change the mix between variable-rate and fixed-rate funding based on
changes in business volumes and mix, among other factors.
The Company does not engage in derivative financial instruments
for trading purposes. Refer to Note 12 to the Consolidated Financial
Statements for further discussion of the Company’s derivative
financial instruments.
45