American Express 2015 Annual Report Download - page 54

Download and view the complete annual report

Please find page 54 of the 2015 American Express annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 196

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196

We may not be able to effectively manage the operational and compliance risks to which we are exposed.
We consider operational risk to be the risk of not achieving business objectives due to inadequate or failed
processes or information systems, poor data quality, human error or the external environment (i.e., natural disasters).
Operational risk includes, among others, the risk that employee error or intentional misconduct could result in a
material financial misstatement; a failure to monitor a third party’s compliance with a service level agreement or
regulatory or legal requirements; or a failure to adequately monitor and control access to data in our systems we grant
to third-party service providers. As processes are changed, or new products and services are introduced, we may not
fully appreciate or identify new operational risks that may arise from such changes. Compliance risk arises from the
failure to adhere to applicable laws, rules, regulations and internal policies and procedures. Operational and
compliance risks can expose us to reputational risks as well as fines, civil money penalties or payment of damages and
can lead to diminished business opportunities and diminished ability to expand key operations.
If we are not able to protect our intellectual property, our revenue and profitability could be negatively
affected.
We rely on a variety of measures to protect our intellectual property and proprietary information, including
copyrights, trademarks, patents and controls on access and distribution. These measures may not prevent
misappropriation of our proprietary information or infringement of our intellectual property rights and a resulting loss of
competitive advantage. In addition, competitors or other third parties may allege that our systems, processes or
technologies infringe on their intellectual property rights. Given the complex, rapidly changing and competitive
technological and business environment in which we operate, and the potential risks and uncertainties of intellectual
property-related litigation, a future assertion of an infringement claim against us could cause us to lose significant
revenues, incur significant license, royalty or technology development expenses, or pay significant monetary damages.
Tax legislative initiatives or assessments by governmental authorities could adversely affect our results of
operations and financial condition.
We are subject to income and other taxes in the United States and in various foreign jurisdictions. The laws and
regulations related to tax matters are extremely complex and subject to varying interpretations. Although
management believes our positions are reasonable, we are subject to audit by the Internal Revenue Service and by tax
authorities in all the jurisdictions in which we conduct business operations. These tax authorities may challenge our
positions or apply existing laws and regulations more broadly, which may potentially result in a significant increase in
liabilities for taxes and interest in excess of accrued liabilities.
New tax legislative initiatives may be proposed from time to time, such as proposals for comprehensive tax reform
in the United States, which may impact our effective tax rate and could adversely affect our tax positions or tax
liabilities. In addition, unilateral or multi-jurisdictional actions by various tax authorities, including an increase in tax
audit activity, to address “base erosion and profit shifting” by multinational companies could also have an adverse
impact on our tax liabilities.
Credit, Liquidity and Market Risks
Our risk management policies and procedures may not be effective.
Our risk management framework seeks to identify and mitigate risk and appropriately balance risk and return. We
have established policies and procedures intended to identify, monitor and manage the types of risk to which we are
subject, including credit risk, market risk, asset liability risk, liquidity risk, operational risk, compliance risk, model risk
and reputational risk. See “Risk Management” under “MD&A” for a discussion of the policies and procedures we use to
identify, monitor and manage the risks we assume in conducting our businesses. Although we have devoted significant
resources to develop our risk management policies and procedures and expect to continue to do so in the future, these
policies and procedures, as well as our risk management techniques such as our hedging strategies, may not be fully
effective. There may also be risks that exist, or that develop in the future, that we have not appropriately anticipated,
identified or mitigated. As regulations and markets in which we operate continue to evolve, our risk management
framework may not always keep sufficient pace with those changes. If our risk management framework does not
effectively identify or mitigate our risks, we could suffer unexpected losses and could be materially adversely affected.
Management of our risks in some cases depends upon the use of analytical and/or forecasting models. Although we
have a governance framework for model development and independent model validation, the modeling methodology
could be erroneous or the models could be misused. If our decisions are based on incorrect or misused model outputs
and reports, we may face adverse consequences, such as financial loss, poor business and strategic decision-making, or
damage to our reputation. In addition, some decisions our regulators make, including those related to our capital
distribution plans, may be adversely impacted if they perceive the quality of our models to be insufficient.
43