American Express 2014 Annual Report Download - page 50

Download and view the complete annual report

Please find page 50 of the 2014 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 130

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130

AMERICAN EXPRESS COMPANY
2014 FINANCIAL REVIEW
RISK MANAGEMENT
GOVERNANCE
We use our comprehensive Enterprise-wide Risk Management (ERM) program to identify, aggregate, monitor, and manage risks. The
program also defines our risk appetite, governance, culture and capabilities. The implementation and execution of the ERM program is
headed by our Chief Risk Officer.
Risk management is overseen by our Board of Directors through three committees: the Risk Committee, the Audit and Compliance
Committee, and the Compensation and Benefits Committee. Each committee consists entirely of independent directors and provides regular
reports to the Board of Directors regarding matters reviewed at the committee level. In addition to the risks under the purview of a particular
committee, the Board of Directors monitors the “tone at the top” and our risk culture, oversees strategic risk, and reviews specific and
aggregate risks we face from time to time. These Board committees meet regularly in private sessions with our Chief Risk Officer, the Chief
Compliance & Ethics Officer, the General Auditor and other senior management with regard to our risk management processes, controls and
capabilities.
The Risk Committee of our Board of Directors provides risk oversight on risk policies and our risk management performance. The Risk
Committee approves key risk management policies and monitors risk culture, talent, capabilities and outcomes. In particular, the Risk
Committee approves our ERM policy along with its sub-policies governing individual credit risk, institutional credit risk, market risk,
liquidity risk, operational risk, reputational risk and asset/liability risk, as well as policies governing the launch of new products and services,
third-party management and resolution planning. The ERM policy defines the risk appetite as well as governance over risk taking and our
risk oversight processes. Risk appetite defines the levels and types of risks we are willing to assume to achieve our business plans while
controlling risk exposures well within our risk capacity. In addition, it establishes principles for risk taking in the aggregate and for each risk
type, and is supported by a comprehensive system of risk limits, escalation triggers and control programs.
The Risk Committee reviews and concurs in the appointment, replacement, performance and compensation of the Company’s Chief Risk
Officer. The Risk Committee receives regular updates from the global risk oversight teams that report to the Chief Risk Officer on key risks,
transactions and exposures.
The Risk Committee reviews our credit risk profile as well as credit risk performance, trends and risk management capabilities.
The Risk Committee also reviews enterprise-wide operational risk trends, events and capabilities, with an emphasis on compliance, fraud,
legal, process or control failures, information security, and privacy, as well as trends in market, funding, liquidity and reputational risks. The
Risk Committee also provides oversight of our compliance with Basel capital and liquidity standards and its Internal Capital Adequacy
Assessment Process, including its CCAR submissions; and resolution planning.
TheAuditandComplianceCommitteeofourBoardofDirectorsapproves our compliance policies and risk tolerance, and reinforces the
importance of our compliance risk management. In addition, the Audit and Compliance Committee reviews the effectiveness of our
Corporate-wide Compliance Risk Management Program. More broadly, this committee is responsible for assisting the Board in its oversight
responsibilities relating to the integrity of our financial statements and financial reporting process; internal and external auditing, including
the qualifications and independence of the independent registered public accounting firm and the performance of our internal audit services
function; and the integrity of our systems of internal accounting and financial controls.
The Audit and Compliance Committee provides oversight of the Company’s Internal Audit Group. The Audit and Compliance
Committee reviews and concurs in the appointment, replacement, performance and compensation of the Company’s General Auditor and
approves Internal Audit’s annual Audit Plan, charter, policies and budget. The Audit and Compliance Committee also receives regular
updatesontheAuditPlansstatusandresultsincludingsignificant reports issued by Internal Audit and the status of management’s
corrective actions.
The Compensation and Benefits Committee of our Board of Directors works with the Chief Risk Officer to ensure the compensation
programs covering the Company overall, our business units and risk-taking employees appropriately balance risk with incentives such that
business performance is achieved without taking imprudent or uneconomic risks. Our Chief Risk Officer is actively involved in setting goals
for the Company and our business units. Our Chief Risk Officer also reviews the current and forward-looking risk profiles of each business
unit, and provides input into performance evaluation. The Chief Risk Officer meets with the Compensation and Benefits Committee and
attests whether performance goals and results have been achieved without taking imprudent risks. The Compensation and Benefits
Committee uses a risk-balanced incentive compensation framework to decide on our bonus pools and the compensation of senior executives.
There are several internal management committees, including the Enterprise-wide Risk Management Committee (ERMC), chaired by our
Chief Risk Officer, which oversee risks. The ERMC is responsible for risk governance and oversight. It maintains the enterprise-wide risk
appetite framework and monitors compliance with limits and escalations defined in it. The ERMC oversees implementation of risk policies
across the Company with approval by the appropriate board committee. The ERMC reviews key risk exposures, trends and concentrations,
significant compliance matters, economic capital and Basel capital trends, and provides guidance on the steps to monitor, control and report
major risks.
50