American Express 2014 Annual Report Download - page 53

Download and view the complete annual report

Please find page 53 of the 2014 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 130

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130

AMERICAN EXPRESS COMPANY
2014 FINANCIAL REVIEW
We assesses our cyber risk across four categories of “threat actors” that we currently believe pose the greatest risk, namely cyber criminals,
nation state sponsored groups, determined insiders and “hacktivists” or social objectors. Our Information Security Framework and
Operating Model uses an approach that looks at different phases of security to prepare, prevent, detect, respond and recover from cyber-
security attacks.
Our Privacy Framework and Operating Model follows a similar structure. It is led by the Chief Privacy Officer and is integrated with the
Chief Information Security Officer and Compliance Risk Management leaders. Our Privacy Risk Management Committee, another sub-
committee of the ORMC, provides oversight and governance over the collection, notice, use, sharing, transfer, confidentiality and retention
of personal data.
Our Enterprise Data Governance Framework and Policy defines governance and data standards for data used in regulatory reporting, risk
management as well as other critical systems including big data capabilities.
COMPLIANCE RISK MANAGEMENT PROCESS
We define compliance risk as the risk of legal or reputational harm, fines, monetary penalties and payment of damages or other forms of
sanction as a result of non-compliance with applicable laws,regulations,rulesorstandardsofconduct.
We view our ability to effectively mitigate compliance risk as an important aspect of our business model. Our Global Compliance and
Ethics organization is responsible for establishing and maintaining our corporate-wide Compliance Risk Management Program. Pursuant to
this program, we seek to manage and mitigate compliance risk by assessing, controlling, monitoring, measuring and reporting the regulatory
risks to which we are exposed.
REPUTATIONAL RISK MANAGEMENT PROCESS
We define reputational risk as the risk that negative publicity regarding our products, services, business practices, management, clients and
partners, whether perceived or real, could cause a decline in the customer base, costly litigation, or revenue reductions.
We view protecting our reputation as core to our vision of becoming the world’s most respected service brand and fundamental to our
long-term success.
Our business leaders are responsible for ensuring that reputational risk implications of transactions, business activities and management
practices are appropriately considered and relevant subject matter experts are engaged as needed. The ERMC and its sub-committees are
responsible for reviewing decisions where reputational risk may exist and ensuring that reputational risk considerations are properly
reflected.
MARKET RISK MANAGEMENT PROCESS
Market risk is the risk to earnings or value resulting from movements in market prices. Our market risk exposure is primarily generated by:
Interest rate risk in our card and insurance businesses, as well as in our investment portfolios; and
Foreign exchange risk in our operations outside the U.S.
Market risk limits and escalation triggers within the Market Risk and Asset Liability Management (ALM) Policies are approved by the
RiskCommitteeoftheBoardofDirectorsandtheERMC.Marketriskiscentrally monitored for compliance with policy and limits by our
Market Risk Committee, which reports into the ALCO and is chaired by the Chief Market Risk Officer. Market risk management is also
guided by policies covering the use of derivative financial instruments, funding and liquidity and investments. The Market Risk Oversight
Officer provides an independent risk assessment and oversight over the policies for market risk, liquidity risk and ALM activities.
Our market exposures are in large part by-products of the delivery of our products and services. Interest rate risk arises through the
funding of Card Member receivables and fixed-rate loans with variable-rate borrowings as well as through the risk to net interest margin
from changes in the relationship between benchmark rates such as Prime and LIBOR.
Interest rate exposure within our charge card and fixed-rate lending products is managed by varying the proportion of total funding
provided by variable-rate debt and deposits compared to fixed-rate debt and deposits. In addition, interest rate swaps are used from time to
time to effectively convert fixed-rate debt to variable-rate or to convert variable-rate debt to fixed-rate. We may change the mix between
variable-rate and fixed-rate funding based on changesinbusinessvolumesandmix,amongotherfactors.
53